Jump to content

Cannot connect to internet...


Mika

Recommended Posts

Hello and thanks in advance for providing this much appreciated service.

My system will not allow me to connect to the internet normally. None of my browsers or windows updates will connect. Norton IS appears to connect and update. This behavior all started relatively suddenly; I had not noticed any unusal behavior until I was unable to use any browser to connect to the internet (Firefox 16, IE, and Chrome).

I attempted to run a scan with Malwarebytes (previously installed - thanks for a great product!) - but it would not connect and update.

I used another computer to search for guidance on how to scan the system and I followed the guide contained at http://www.selectrealsecurity.com/malware-removal-guide - as best I could. Summary: RKill didn't fine anything, RogueKiller detected malicious registry keys and deleted them, [TDSSKiller, FixTDSS, Malwarebyes Anti-Malware, Hitman Pro, ESET on-line scanner - run in this order, all reported no threats found]. I was able to run in Safe Mode with Networking to update the database for Malwarebytes and run ESET on-line scanner. (I have the logs from RKill and RogueKiller, if those would be helpful.) The behavior persists.

Thanks for taking a look.

Here are the requested logs from DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31

Run by Micky at 20:31:28 on 2012-12-25

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8181.6446 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe

C:\Program Files\Alienware\Command Center\AlienFusionService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Program Files (x86)\OSD\OSD_Service.exe

C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe

C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\ccSvcHst.exe

C:\Program Files (x86)\AlienRespawn\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AlienRespawn\Toaster.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\OSD\OSD_Main.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

C:\Windows\explorer.exe

C:\Program Files\Alienware\Command Center\AlienFusionController.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.alienware.com/

uDefault_Page_URL = hxxp://www.alienware.com/

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Norton Family BHO: {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\CoIEPlg.dll

BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll

mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe

mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun: [FAStartup] <no file>

mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Micky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{B0200DF8-F103-4CE0-A759-F06A0F228BBD} : DHCPNameServer = 150.100.11.4

TCP: Interfaces\{EFBD35C6-3D4B-4CF9-BB7B-61C9A516158A} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = scecli FAPassSync

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"

x64-Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Micky\AppData\Roaming\Mozilla\Firefox\Profiles\xkt2dly2.default\

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.28\coFFFw\components\coFFFw.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2012-2-8 57480]

R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2012-2-8 51336]

R0 ioatdma;Intel® QuickData Technology device;C:\Windows\System32\drivers\ioatdma.sys [2010-6-24 46792]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-12 55024]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-11-6 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-11-6 221304]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-21 1384608]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-11-6 593544]

R1 ccSet_NSM;Norton Family Settings Manager;C:\Windows\System32\drivers\NSMx64\0206000.02B\ccSetx64.sys [2012-11-12 168096]

R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2012-2-8 19592]

R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2012-2-8 189576]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121221.001\IDSviA64.sys [2012-12-21 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-11-6 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-11-6 451704]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/08/12 03:24:13];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-15 146928]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2010-6-24 89600]

R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-24 202752]

R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-2-8 61064]

R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]

R2 Guard Agent;Guard Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-2-8 23176]

R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2010-1-4 16384]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-11-6 126400]

R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2011-4-30 130000]

R2 NSM;Norton Family;C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\ccSvcHst.exe [2012-11-12 143928]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-8-12 705856]

R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-6-24 25136]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-12 35104]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-6-24 294064]

R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\OSD\WinRing0x64.sys [2008-7-26 14544]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]

S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2010-6-24 43416]

S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2010-6-24 51096]

S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2010-6-24 40144]

S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2010-6-24 42192]

S3 iSSetup;iSSetup;C:\Windows\System32\drivers\iSSetup.sys [2010-6-24 178400]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-24 6952960]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Family;C:\Windows\System32\drivers\NSMx64\0206000.02B\symrdrs.sys [2012-11-12 243872]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-27 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-17 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2012-12-23 18:04:16 -------- d-----w- C:\Program Files (x86)\ESET

2012-12-23 04:50:48 -------- d-----w- C:\Windows\System32\catroot2

2012-12-23 04:43:55 -------- d-----w- C:\Windows\SysWow64\wbem\Performance

2012-12-23 04:43:19 303616 ----a-w- C:\SetACL.exe

2012-12-23 04:18:55 290304 ----a-w- C:\subinacl.exe

2012-12-23 04:14:43 -------- d-----w- C:\RegBackup

2012-12-23 03:57:11 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-12-23 03:52:33 -------- d-----w- C:\Program Files (x86)\Tweaking.com

2012-12-22 04:15:23 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{512A7649-01EA-4794-BFA0-CF797B9BC8BF}\offreg.dll

2012-12-22 03:32:18 -------- d-----w- C:\ProgramData\HitmanPro

2012-12-22 00:55:49 -------- d-----w- C:\Users\Micky\AppData\Local\ElevatedDiagnostics

2012-11-26 19:49:33 -------- d-----w- C:\Windows\System32\drivers\NSMx64\0206000.033

.

==================== Find3M ====================

.

2012-11-12 12:26:58 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-10-16 01:53:00 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-16 01:53:00 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 20:31:45.71 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 8/31/2010 2:44:01 PM

System Uptime: 12/25/2012 8:27:11 PM (0 hours ago)

.

Motherboard: Alienware | |

Processor: Intel® Core i7 CPU Q 840 @ 1.87GHz | CPU 1 | 1863/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 224 GiB total, 114.979 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: facap, FastAccess Video Capture

Device ID: ROOT\IMAGE\0000

Manufacturer: Sensible Vision

Name: facap, FastAccess Video Capture

PNP Device ID: ROOT\IMAGE\0000

Service: FACAP

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® WiFi Link 5300 AGN

Device ID: PCI\VEN_8086&DEV_4235&SUBSYS_11218086&REV_00\4&1F21EBDD&0&00E3

Manufacturer: Intel Corporation

Name: Intel® WiFi Link 5300 AGN

PNP Device ID: PCI\VEN_8086&DEV_4235&SUBSYS_11218086&REV_00\4&1F21EBDD&0&00E3

Service: NETw5s64

.

==== System Restore Points ===================

.

RP138: 10/5/2012 11:36:27 AM - Windows Update

RP139: 10/9/2012 8:57:31 PM - Windows Update

RP140: 10/10/2012 9:51:50 PM - Windows Update

RP141: 10/16/2012 7:34:06 AM - Windows Update

RP142: 10/21/2012 6:14:32 PM - Windows Update

RP143: 10/26/2012 8:57:10 PM - Windows Update

RP144: 10/31/2012 6:14:22 PM - Windows Update

RP145: 11/7/2012 2:33:57 PM - Windows Update

RP146: 11/14/2012 8:38:01 PM - Scheduled Checkpoint

RP147: 11/22/2012 - Scheduled Checkpoint

RP148: 12/21/2012 6:25:52 PM - Scheduled Checkpoint

RP149: 12/22/2012 11:14:28 PM - Tweaking.com - Windows Repair

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Photoshop Lightroom 4.1 64-bit

Adobe Premiere Elements 8.0

Adobe Reader 9.5.2

Advertising Center

AlienRespawn

AlienRespawn - Support Software

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assassin's Creed

Assassin's Creed II

ATI Catalyst Install Manager

Banctec Service Agreement

Bonjour

BurnAware Free 4.6

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MX700 series

Canon Utilities Solution Menu

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

Cisco Connect

Command Center

CyberLink PowerDVD 8

CyberLink YouCam

EaseUS Todo Backup Free 4.0

ESET Online Scanner v3

FastStone Image Viewer 4.6

FastStone Photo Resizer 3.1

FINAL FANTASY XI

FINAL FANTASY XI: Chains of Promathia

FINAL FANTASY XI: Rise of the Zilart

FINAL FANTASY XI: Treasures of Aht Urhgan

FINAL FANTASY XI: Wings of the Goddess

Google Chrome

Google Earth

Google Update Helper

ImagXpress

Intel® Network Connections 14.8.43.0

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 20 (64-bit)

Java 6 Update 22

Java 6 Update 31

Logitech Gaming Software 5.02

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSRedist

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero Rescue Agent

Nero RescueAgent Help

Nero StartSmart

Nero StartSmart Help

NeroExpress

neroxml

Norton Family

Norton Safe Web Lite

Norton Security Suite

Notepad++

OpenOffice.org 3.3

OSD Setup

PlayOnline Viewer & Tetra Master

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SmartDraw PDF Export (novaPDF 6.4 printer)

SmartSound Quicktracks for Premiere Elements 8.0

Steam

Synaptics Pointing Device Driver

Tweaking.com - Windows Repair (All in One)

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WIDCOMM Bluetooth Software

Windows Automated Installation Kit

.

==== Event Viewer Messages From Past Week ========

.

12/25/2012 8:13:55 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/25/2012 8:12:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/25/2012 8:12:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/25/2012 8:12:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/25/2012 8:12:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/25/2012 8:12:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/25/2012 8:11:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP ccSet_NSM discache eeCtrl EUDSKACS EUFDDISK IDSVia64 spldr SRTSPX SymIRON SYMTDIv Wanarpv6

12/25/2012 8:11:00 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/25/2012 8:11:00 PM, Error: Service Control Manager [7038] - The UI0Detect service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/25/2012 8:11:00 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/25/2012 8:11:00 PM, Error: Service Control Manager [7001] - The Virtual Disk service depends on the Plug and Play service which failed to start because of the following error: The service has not been started.

12/25/2012 8:11:00 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.

12/25/2012 8:11:00 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.

12/25/2012 8:11:00 PM, Error: Service Control Manager [7000] - The Interactive Services Detection service failed to start due to the following error: The service did not start due to a logon failure.

12/25/2012 8:11:00 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.

12/25/2012 8:11:00 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

12/25/2012 8:09:41 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/25/2012 8:09:41 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.

12/23/2012 12:09:54 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

12/23/2012 12:09:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NSM service.

12/22/2012 11:53:26 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/22/2012 11:03:21 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

.

==== End Of File ===========================

Link to post
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Hello Mika and welcome to MalwareBytes forums.

Please -stop- running any more tools on your own. You have already run too many, and on your own without guidance.

Do a system backup to offline media before going further.

Tell me if this is a laptop/notebook or a standard-tower or standard desktop-style system.

Are you using a wireless connection?

or is this system directly connected to your hardware-router ?

We Need to Run a Batch Script

  1. Press the Windows-key on keyboard.
  2. In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset resetlog.log
    shutdown -r -t 1
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  10. Press Yes if prompted by User Account Control.

Link to post
Share on other sites

Hello and thank you for helping me.

As soon as I decided I wasn't making any progress, I stopped running anything except DDS to produce the logs - as directed by the forum. Your direction is well taken.

I ran a system backup and then created the batch file (safe mode w/networking) and executed the batch file (normal mode). It rebooted. There was no discernible change in behavior.

The system is an alienware laptop. I am using the wireless (which is typical), but can connect via hardwire to my router if needed/useful.

Next step?

thanks,

-Mika

Link to post
Share on other sites

DO hardwire-connect with a cable to your router. Logoff and Restart the system fresh.

Do as much as possible of the following.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

Hello,

I followed all of the instructions with the following two exceptions:

1) I was unable to update Malwarebytes (by pressing the "Check for Updates" button) - it never connected.

2) Since the quick scan did not find any malicious objects (log follows), there was no removal process.

The system behavior is unchanged (browsers and legit uses can not access the internet).

Next step?

thanks,

-Mika

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.21.18

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Micky :: RAIDER [administrator]

12/27/2012 7:36:39 PM

mbam-log-2012-12-27 (19-36-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 269824

Time elapsed: 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Please download Windows Repair (all in one) from here.

  • Install the program.
  • Please proceed to run it. On Vista, Windows 7 or 8, Right-click the executable and select Run as Administrator.
  • Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:
    p22001645.gif
  • Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
    p22001646.gif
  • Go to Step 4 and under System Restore click on the Create button:
    p22001644.gif
  • Next, go to the Start Repairs tab and click the Start button.
    p22001166.gif
  • Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
    p22001647.gif
  • Click on the box next to the Restart System when Finished. Then click on Start.

Link to post
Share on other sites

Hello,

I followed the instructions with no problems. The repair did log failures, e.g., access violations during registry and file permissions setting operations. After restarting, the system behavior is unchanged, i.e., cannot access the internet, etc.

I have included below the overall log which shows, among other things, which services could not be restarted. Please let me know if you would like me to post any of the operation logs that show which files/registry entries produced access violations.

Next step?

thanks,

-Mika

(Windows Repair Log)

Starting Repairs...

Start (12/28/2012 9:24:17 PM)

Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (12/28/2012 9:24:17 PM)

Done (12/28/2012 9:24:22 PM)

Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (12/28/2012 9:24:22 PM)

Done (12/28/2012 9:25:31 PM)

Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (12/28/2012 9:25:31 PM)

Done (12/28/2012 9:25:59 PM)

Reset File Permissions 01/12

C:\BOOT & Sub Folders

Start (12/28/2012 9:25:59 PM)

Done (12/28/2012 9:26:01 PM)

Reset File Permissions 02/12

C:\hiberfil.sys & Sub Folders

Start (12/28/2012 9:26:01 PM)

Done (12/28/2012 9:26:04 PM)

Reset File Permissions 03/12

C:\Intel & Sub Folders

Start (12/28/2012 9:26:04 PM)

Done (12/28/2012 9:26:06 PM)

Reset File Permissions 04/12

C:\My Backups & Sub Folders

Start (12/28/2012 9:26:06 PM)

Done (12/28/2012 9:26:09 PM)

Reset File Permissions 05/12

C:\Program Files & Sub Folders

Start (12/28/2012 9:26:09 PM)

Done (12/28/2012 9:27:10 PM)

Reset File Permissions 06/12

C:\Program Files (x86) & Sub Folders

Start (12/28/2012 9:27:10 PM)

Done (12/28/2012 9:35:50 PM)

Reset File Permissions 07/12

C:\ProgramData & Sub Folders

Start (12/28/2012 9:35:50 PM)

Done (12/28/2012 9:36:53 PM)

Reset File Permissions 08/12

C:\RegBackup & Sub Folders

Start (12/28/2012 9:36:53 PM)

Done (12/28/2012 9:36:56 PM)

Reset File Permissions 09/12

C:\System Recovery & Sub Folders

Start (12/28/2012 9:36:56 PM)

Done (12/28/2012 9:36:58 PM)

Reset File Permissions 10/12

C:\Temp & Sub Folders

Start (12/28/2012 9:36:58 PM)

Done (12/28/2012 9:37:01 PM)

Reset File Permissions 11/12

C:\Tweaking.com_Windows_Repair_Logs & Sub Folders

Start (12/28/2012 9:37:01 PM)

Done (12/28/2012 9:37:03 PM)

Reset File Permissions 12/12

C:\Windows & Sub Folders

Start (12/28/2012 9:37:03 PM)

Done (12/28/2012 9:47:18 PM)

Register System Files

Start (12/28/2012 9:47:18 PM)

Done (12/28/2012 9:47:28 PM)

Repair WMI

Start (12/28/2012 9:47:29 PM)

Step 01/03 - Deleting WMI Repository...

Step 02/03 - Rebuilding WMI Repository...

Step 03/03 - Registering WMI...

Invalid Global Switch.

Invalid Global Switch.

Done (12/28/2012 9:48:31 PM)

Repair Windows Firewall

Start (12/28/2012 9:48:31 PM)

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (12/28/2012 9:49:07 PM)

Repair Internet Explorer

Start (12/28/2012 9:49:07 PM)

Done (12/28/2012 9:49:12 PM)

Remove Policies Set By Infections

Start (12/28/2012 9:49:12 PM)

Done (12/28/2012 9:49:16 PM)

Repair Winsock && DNS Cache

Start (12/28/2012 9:49:16 PM)

Done (12/28/2012 9:49:25 PM)

Repair Proxy Settings

Start (12/28/2012 9:49:25 PM)

Done (12/28/2012 9:49:30 PM)

Repair Windows Updates

Start (12/28/2012 9:49:30 PM)

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

'proxycfg.exe' is not recognized as an internal or external command,

operable program or batch file.

Done (12/28/2012 9:49:47 PM)

Set Windows Services To Default Startup

Start (12/28/2012 9:49:47 PM)

Done (12/28/2012 9:49:49 PM)

Repair MSI (Windows Installer)

Start (12/28/2012 9:49:49 PM)

The Windows Installer service is not started.

More help is available by typing NET HELPMSG 3521.

Done (12/28/2012 9:49:53 PM)

Cleaning up empty logs...

All Selected Repairs Done.

Done (12/28/2012 9:49:53 PM)

Total Repair Time: 00:26:24

...YOU MUST RESTART YOUR SYSTEM...

Link to post
Share on other sites

Windows services

This will be a batch-fix .

  • Press the Windows-key on keyboard.
  • In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    sc stop wuauserv
    sc stop bits
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= delayed-auto
    sc config bits start= delayed-auto
    sc config wuauserv start= delayed-auto
    sc config sdrsvc start= manual
    sc config vss start= auto
    sc config eventlog start= auto
    sc config bfe start= auto
    sc config eventsystem start= auto
    sc start sdrsvc
    sc start vss
    sc start rpcss
    sc start eventsystem
    sc start bfe
    sc start bits
    sc start wuauserv
    shutdown -r -t 1
    del %0


  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  • Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows.

Step 2

Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

From Start button, (or Win-key +R) and in the searcht-box type in MSCONFIG and press OK or Enter.

On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

Then using the scroll-bar scroll down the list

Look for Background Intelligent Transfer Service. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Base Filtering Engine. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Cryptographic Services. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

Then report back here with details.

If any of the services are not shown, just let me know which.

Link to post
Share on other sites

Hi!

Step 1 executed without incident.

Step 2 details:

In the General tab: Normal mode was selected.

In the Services tab: the Hide all Microsoft Services box was not checked.

For the services you were interested in, all were listed and checked, although some were running and some not, noted below. In fact, all services in the list were checked, although not all were running.

Background Intelligent Transfer Service: Running

Base Filtering Engine: Running

COM+ Event System: Running

COM+ System Application: Stopped

Cryptographic Services: Running

Ipsec Policy Agent: Running

Remote Procedure Call (RPC) Locator: Stopped

RPC Endpoint Mapper: Running

Windows Firewall: Running

Windows Installer: Stopped

Windows Management Instrumentation: Running

Windows Update: Stopped.

Since I made no changes, the Apply button was not active, so I rebooted the system; after which, there was no apparent change in system behavior.

Please let me know if there is additional information I can provide or the next step.

Thanks and have a safe and happy New Year!

-Mika

Link to post
Share on other sites

Happy New Year to you, Mika.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites

Hi!

Here's the log:

Farbar Service Scanner Version: 23-12-2012

Ran by sumika (administrator) on 31-12-2012 at 20:22:39

Running from "C:\Users\Micky\Documents\fixit"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

The result of FSS run is good. It -does- indicate the system can access the internet.

Please re-advise:

Is your system a laptop/notebook type, or is it a tower/desktop type?

Is your computer connected directly via cable to your hardware-internet-router?

Step 2

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • RIGHT-click on RSITx64.exe & select Run as Administrator to start RSITx64.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[color-blue]Step 3

Temporarily disable your antivirus so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan. :excl:

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy and Paste the MBAM scan log.

Re-enable your antivirus.

And tell me, How is the system now question_zpsdb4b3dd4.gif

Link to post
Share on other sites

Hi!

Step 1: (system config)

-laptop, directly connected to the (hardware) router

Step 2: RSIT

a. Since the browser cannot connect to the internet in normal mode, I downloaded RSIT while in safe mode w/networking

b. Restarted in normal mode and ran as administrator (logs below)

Step 3: Malwarebytes scan

a. Updated malwarebytes while previously in safe mode (step 2)

b. disabled anti-virus

c. checked settings as directed

d. Quick scan found no malicious objects - therefore, there was nothing to remove (log follows RSIT logs)

After checking the RSIT log, I saw that it could not download hijackthis. So I went into safe mode w/networking and downloaded it, restarted in normal mode and ran RSIT as administrator for a second time. RSIT failed to find the local copy of hijackthis and failed to download it again. I took no additional action.

System behavior is unchanged - cannot access the internet in normal mode.

Logfile of random's system information tool 1.09 (written by random/random)

Run by sumika at 2013-01-01 13:42:15

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 119 GB (52%) free of 229 GB

Total RAM: 8181 MB (81% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

winlogon.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

"C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe"

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

atieclxx

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe

"taskhost.exe"

taskeng.exe {0F2846D3-8E8B-4B20-98AF-CDDFDAA685FB}

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Program Files\IDT\WDM\sttray64.exe"

"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"

"C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"

"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui

"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"

"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart

"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"

"C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe"

"C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe"

"C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

"C:\Program Files (x86)\CyberLink\Shared Files\brs.exe"

"c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"

"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

FATrayAlert.exe

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

"c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe"

"C:\Program Files (x86)\OSD\OSD_Service.exe"

"C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1

"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"

"C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll" /prefetch:1

"C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\ccSvcHst.exe" /s "NSM" /m "C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\diMaster.dll" /prefetch:1

"C:\Program Files (x86)\OSD\OSD_Main.exe"

"C:\Program Files (x86)\AlienRespawn\sftservice.EXE"

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\ccSvcHst.exe" /c /a /s UserSession

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540

"C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /c /a /s UserSession

"c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding

"c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"

"C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe" 66256

"C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe" 66256

\??\C:\Windows\system32\conhost.exe "-866004896-60237403517371222281588530427806759569-19466362281395113329-2112198890

\??\C:\Windows\system32\conhost.exe "1638286528-91040146861556987417941310311127560160-1274049511-1705848105-556862430

C:\Windows\System32\vds.exe

"C:\Program Files\iPod\bin\iPodService.exe"

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\ehome\ehmsas.exe -Embedding

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Users\Micky\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-12 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Symantec NCO BHO - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13 419768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL [2009-11-16 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-30 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8E07826-0971-4f16-B133-047B88034E89}]

Norton Family BHO - C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\coIEPlg.dll [2012-10-18 498584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA5BCE70-D057-4D63-943D-5F3927EC59F1}]

SSOIEAddonBHO Class - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll [2010-04-04 539976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-30 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [2011-07-13 419768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-23 1881384]

"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2009-09-15 487424]

"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]

"AlienFX Controller"=C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [2010-05-21 63304]

""= []

"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 120328]

"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 2327952]

"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2009-09-04 767312]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"OSD_LAUNCH"=c:\Program Files (x86)\OSD\Launch.exe [2010-01-04 32768]

"FATrayAlert"=C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [2010-04-04 95560]

"FAStartup"= []

"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-17 98304]

"RemoteControl8"=c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-15 91432]

"PDVD8LanguageShortcut"=c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472]

"BDRegion"=c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2009-04-28 75048]

"UCam_Menu"=c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]

"EaseUs Watch"=C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [2011-12-22 70792]

"EaseUs Tray"=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [2011-12-26 743560]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]

"IJNetworkScanUtility"=C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2007-05-21 124512]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-09-09 421776]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [2011-01-13 165184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

FAPassSync

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2013-01-01 13:15:12 ----D---- C:\rsit

2013-01-01 13:15:12 ----D---- C:\Program Files\trend micro

2013-01-01 13:09:36 ----D---- C:\Users\sumika\AppData\Roaming\Malwarebytes

2012-12-28 22:05:43 ----D---- C:\Users\sumika\AppData\Roaming\Mozilla

2012-12-28 22:05:17 ----D---- C:\Users\sumika\AppData\Roaming\Apple Computer

2012-12-28 22:05:16 ----D---- C:\Users\sumika\AppData\Roaming\ATI

2012-12-28 22:05:03 ----D---- C:\Users\sumika\AppData\Roaming\Identities

2012-12-28 22:04:23 ----SD---- C:\Users\sumika\AppData\Roaming\Microsoft

2012-12-28 22:04:23 ----D---- C:\Users\sumika\AppData\Roaming\Media Center Programs

2012-12-28 21:51:30 ----D---- C:\Windows\system32\catroot2

2012-12-28 21:49:43 ----D---- C:\Windows\SoftwareDistribution

2012-12-28 20:19:04 ----N---- C:\bootsqm.dat

2012-12-23 13:04:16 ----D---- C:\Program Files (x86)\ESET

2012-12-23 12:59:54 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-12-23 12:55:55 ----A---- C:\TDSSKiller.2.8.15.0_23.12.2012_12.55.55_log.txt

2012-12-22 23:43:58 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2012-12-22 23:43:19 ----A---- C:\SetACL.exe

2012-12-22 23:18:55 ----A---- C:\subinacl.exe

2012-12-22 23:15:02 ----A---- C:\Windows\tweaking.com-regbackup-RAIDER-Microsoft-Windows-7-Professional-(64-bit).dat

2012-12-22 23:14:43 ----D---- C:\RegBackup

2012-12-22 22:58:27 ----A---- C:\Windows\PSEXESVC.EXE

2012-12-22 22:57:11 ----D---- C:\Tweaking.com_Windows_Repair_Logs

2012-12-22 22:52:33 ----D---- C:\Program Files (x86)\Tweaking.com

2012-12-21 22:32:18 ----D---- C:\ProgramData\HitmanPro

2012-12-21 21:50:25 ----A---- C:\TDSSKiller.2.8.15.0_21.12.2012_21.50.25_log.txt

2012-12-21 21:47:01 ----A---- C:\Windows\ntbtlog.txt

2012-11-12 07:26:58 ----D---- C:\Program Files\Symantec

2012-11-12 07:26:48 ----D---- C:\Windows\system32\drivers\NSMx64

2012-11-12 07:26:48 ----D---- C:\Program Files (x86)\Norton Family

======List of files/folders modified in the last 2 months======

2013-01-01 13:42:56 ----D---- C:\Windows\Temp

2013-01-01 13:42:11 ----D---- C:\Windows\System32

2013-01-01 13:42:11 ----D---- C:\Windows\inf

2013-01-01 13:42:11 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-01-01 13:40:32 ----D---- C:\Windows\system32\Tasks

2013-01-01 13:34:59 ----SHD---- C:\System Volume Information

2013-01-01 13:34:15 ----D---- C:\Windows\system32\config

2013-01-01 13:27:58 ----D---- C:\Program Files (x86)\AlienRespawn

2013-01-01 13:15:12 ----RD---- C:\Program Files

2013-01-01 13:10:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-01 13:10:24 ----D---- C:\Windows\system32\drivers

2012-12-28 22:10:19 ----D---- C:\Windows\Prefetch

2012-12-28 22:04:59 ----SHD---- C:\$Recycle.Bin

2012-12-28 22:04:22 ----RD---- C:\Users

2012-12-28 22:00:21 ----D---- C:\Windows\system32\NDF

2012-12-28 21:49:43 ----D---- C:\Windows

2012-12-28 21:48:18 ----D---- C:\Windows\SysWOW64

2012-12-26 14:15:47 ----A---- C:\Windows\system32\LogVss.txt

2012-12-26 14:15:47 ----A---- C:\Windows\system32\LogMsg.txt

2012-12-26 12:52:39 ----D---- C:\Windows\Logs

2012-12-25 20:27:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2012-12-25 20:21:11 ----D---- C:\Program Files (x86)

2012-12-23 13:04:17 ----D---- C:\Windows\Downloaded Program Files

2012-12-22 23:43:55 ----D---- C:\Windows\SYSWOW64\wbem

2012-12-21 22:32:18 ----D---- C:\ProgramData

2012-11-12 07:27:15 ----D---- C:\ProgramData\Norton

2012-11-12 07:26:42 ----D---- C:\Program Files (x86)\NortonInstaller

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 EUBAKUP;EUBAKUP; C:\Windows\system32\drivers\eubakup.sys [2011-12-22 57480]

R0 EUBKMON;EUBKMON; C:\Windows\system32\drivers\EUBKMON.sys [2011-12-22 51336]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-13 409624]

R0 ioatdma;Intel® QuickData Technology device; C:\Windows\System32\Drivers\ioatdma.sys [2009-07-13 46792]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-14 433200]

R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-21 221304]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-03 593544]

R1 ccSet_NSM;Norton Family Settings Manager; C:\Windows\system32\drivers\NSMx64\0206000.02B\ccSetx64.sys [2012-08-06 168096]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-08-28 484512]

R1 EUDSKACS;EUDSKACS; \??\C:\Windows\system32\drivers\eudskacs.sys [2011-12-22 19592]

R1 EUFDDISK;EUFDDISK; \??\C:\Windows\system32\drivers\EuFdDisk.sys [2011-12-22 189576]

R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121230.001\IDSvia64.sys [2012-12-20 513184]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [2010-04-21 32304]

R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-21 451704]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2008-10-03 68608]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2008-03-03 55296]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2007-07-27 57856]

R3 Acceler;Accelerometer Service; C:\Windows\system32\DRIVERS\Acceler.sys [2009-12-02 25136]

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-06 123408]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-01-06 6178816]

R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-13 41984]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-27 80384]

R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-06-30 98344]

R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-06-30 132648]

R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-06-30 21160]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2009-12-09 294064]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-21 138912]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]

R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720]

R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]

R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2009-09-15 499712]

R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-11-12 177312]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-10-23 307760]

R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\OSD\WinRing0x64.sys [2008-07-26 14544]

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 22024]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]

S3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

S3 FACAP;facap, FastAccess Video Capture; C:\Windows\system32\DRIVERS\facap.sys [2008-09-24 238848]

S3 IAMTVE;Driver for Intel® Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTVE.sys [2007-04-11 43416]

S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTXPE.sys [2007-04-11 51096]

S3 ioatdma1;ioatdma1; C:\Windows\System32\Drivers\qd162x64.sys [2009-07-13 40144]

S3 ioatdma2;Intel® QuickData Technology device ver.2; C:\Windows\System32\Drivers\qd262x64.sys [2009-07-13 42192]

S3 iSSetup;iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [2009-10-13 178400]

S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121231.032\ENG64.SYS [2012-12-21 126112]

S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121231.032\EX64.SYS [2012-12-21 2084000]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-14 6952960]

S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2010-07-21 23952]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2010-07-21 45456]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [2010-04-21 505392]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Family; C:\Windows\system32\drivers\NSMx64\0206000.02B\SymRdrS.SYS [2012-07-21 243872]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]

S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 32776]

S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-24 15752]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-02 89600]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-01-06 202752]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-08-17 868128]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 EaseUS Agent;EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-12-22 61064]

R2 FAService;FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]

R2 Guard Agent;Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-22 23176]

R2 HappyOSD;HappyOSD; C:\Program Files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]

R2 N360;Norton Security Suite; C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-03 126400]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-10-13 935208]

R2 NSL;Norton Safe Web Lite; C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-23 130000]

R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]

R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe [2009-09-15 240640]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 936848]

S2 AlienFusionService;Alienware Fusion Service; C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]

S2 NSM;Norton Family; C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\ccSvcHst.exe [2012-08-18 143928]

S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-12 867080]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-23 115168]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-03 1255736]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2013-01-01 13:16:43

======Uninstall list======

-->MsiExec.exe /I{71B7840D-BB4D-409C-87A2-9EFD10BC0C3D}

Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -maintain plugin

Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}

Adobe Photoshop Lightroom 4.1 64-bit-->MsiExec.exe /I{F7ADB493-B913-4D61-9A63-DA736C20C3F2}

Adobe Premiere Elements 8.0-->msiexec /I {A0E583D1-23F7-4C35-9620-B169D7715E4B} REMOVEPREFS=1

Adobe Premiere Elements 8.0-->MsiExec.exe /I{A0E583D1-23F7-4C35-9620-B169D7715E4B}

Adobe Reader 9.5.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}

AlienRespawn - Support Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -l0x9 -removeonly /z"dsu"

AlienRespawn-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -l0x9 -removeonly

Apple Application Support-->MsiExec.exe /I{63EC2120-1742-4625-AA47-C6A8AEC9C64C}

Apple Mobile Device Support-->MsiExec.exe /I{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Assassin's Creed II-->"C:\Program Files (x86)\InstallShield Installation Information\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}\setup.exe" -runfromtemp -l0x0009 -removeonly

Assassin's Creed-->C:\Program Files (x86)\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly

Banctec Service Agreement-->MsiExec.exe /I{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

BurnAware Free 4.6-->"C:\Program Files (x86)\BurnAware Free\unins000.exe"

Canon IJ Network Scan Utility-->C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE

Canon IJ Network Tool-->C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe

Canon MX700 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series /L0x0009

Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini uinstrsc.dll

Catalyst Control Center - Branding-->MsiExec.exe /I{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}

Cisco Connect-->"C:\Program Files (x86)\Cisco Systems\Cisco Connect\Cisco Connect.exe" -uninstall

Command Center-->"C:\Program Files (x86)\InstallShield Installation Information\{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}\setup.exe" -runfromtemp -l0x0409 -removeonly

Command Center-->MsiExec.exe /X{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}

CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall

CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

EaseUS Todo Backup Free 4.0-->"C:\Program Files (x86)\EaseUS\Todo Backup\unins000.exe"

ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

FastStone Image Viewer 4.6-->C:\Program Files (x86)\FastStone Image Viewer\uninst.exe

FastStone Photo Resizer 3.1-->C:\Program Files (x86)\FastStone Photo Resizer\uninst.exe

FINAL FANTASY XI: Chains of Promathia-->C:\Program Files (x86)\InstallShield Installation Information\{3C0619B4-4A2C-4244-8077-488E420DF907}\setup.exe -runfromtemp -l0x0409

FINAL FANTASY XI: Rise of the Zilart-->C:\Program Files (x86)\InstallShield Installation Information\{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}\setup.exe -runfromtemp -l0x0409

FINAL FANTASY XI: Treasures of Aht Urhgan-->C:\Program Files (x86)\InstallShield Installation Information\{A606C6FF-12E7-40BE-B777-D8F360FF00CD}\setup.exe -runfromtemp -l0x0409

FINAL FANTASY XI: Wings of the Goddess-->C:\Program Files (x86)\InstallShield Installation Information\{5B037ED7-0755-48D4-9554-808E5AF50F17}\setup.exe -runfromtemp -l0x0409

FINAL FANTASY XI-->C:\Program Files (x86)\InstallShield Installation Information\{678F6475-D227-432A-94FF-806178A34520}\setup.exe -runfromtemp -l0x0409

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Earth-->MsiExec.exe /X{28E82311-8616-11E1-BEB0-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Intel® Network Connections 14.8.43.0-->MsiExec.exe /i{11107A2A-AD44-4BC8-ABB5-E88E63BCA785} ARPREMOVE=1

Intel® Network Connections 14.8.43.0-->MsiExec.exe /i{11107A2A-AD44-4BC8-ABB5-E88E63BCA785} ARPREMOVE=1

Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall

iTunes-->MsiExec.exe /I{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}

Java 6 Update 20 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416020FF}

Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}

Java 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

Logitech Gaming Software 5.02-->MsiExec.exe /X{ECDF0939-A653-44D0-8B8E-597B890F45EC}

Malwarebytes Anti-Malware version 1.70.0.1100-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mozilla Firefox 17.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

MSRedist-->MsiExec.exe /I{328687A2-2504-49FA-AE3E-08B0DEDB51EC}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nero 9 Essentials-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="2M0K-K0CA-XT0U-5C2T-8MK9-P8CA-055E-6W95-MPTC-P24M-KZ01-EETX-022A-2859-M5LE-LW0U-1AL0-C660-3789-8H00"

Nero BurnRights Help-->MsiExec.exe /X{F6BDD7C5-89ED-4569-9318-469AA9732572}

Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}

Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}

Nero ControlCenter-->MsiExec.exe /X{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}

Nero CoverDesigner Help-->MsiExec.exe /X{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}

Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}

Nero Disc Copy Gadget Help-->MsiExec.exe /X{60C731FB-C951-41CE-AD41-8E54C8594609}

Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}

Nero DiscSpeed Help-->MsiExec.exe /X{CC019E3F-59D2-4486-8D4B-878105B62A71}

Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}

Nero DriveSpeed Help-->MsiExec.exe /X{E5C7D048-F9B4-4219-B323-8BDB01A2563D}

Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}

Nero Express Help-->MsiExec.exe /X{83202942-84B3-4C50-8622-B8C0AA2D2885}

Nero InfoTool Help-->MsiExec.exe /X{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}

Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}

Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}

Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}

Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}

Nero RescueAgent Help-->MsiExec.exe /X{5E08ECD1-C98E-4711-BF65-8FD736B3F969}

Nero StartSmart Help-->MsiExec.exe /X{2348B586-C9AE-46CE-936C-A68E9426E214}

Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}

NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Norton Family-->C:\Program Files (x86)\NortonInstaller\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM\LicenseType\2.6.0.43\InstStub.exe /X /ARP

Norton Safe Web Lite-->C:\Program Files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\1.2.0.6\InstStub.exe /X /ARP

Norton Security Suite-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\4.4.0.12\InstStub.exe /X

Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe

OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}

OSD Setup-->MsiExec.exe /I{98E5A0C3-86ED-4429-9386-F0DB49E958EA}

PlayOnline Viewer & Tetra Master-->C:\Program Files (x86)\InstallShield Installation Information\{47004155-7376-403E-89E9-4C9F44AAF0D0}\setup.exe -runfromtemp -l0x0409

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01-->"C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0009 anything -removeonly

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

SmartDraw PDF Export (novaPDF 6.4 printer)-->"C:\Program Files (x86)\SmartDraw PDF Export\PDFFilter\unins000.exe"

SmartSound Quicktracks for Premiere Elements 8.0-->"C:\Program Files (x86)\InstallShield Installation Information\{4685A344-6718-4923-AA9D-158A0A2E1CFB}\setup.exe" -runfromtemp -l0x0409 -removeonly

SmartSound Quicktracks for Premiere Elements 8.0-->MsiExec.exe /I{4685A344-6718-4923-AA9D-158A0A2E1CFB}

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Tweaking.com - Windows Repair (All in One)-->"C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe" "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"

Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

WIDCOMM Bluetooth Software-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}

Windows Automated Installation Kit-->MsiExec.exe /I{31E8F586-4EF7-4500-844D-BA8756474FF1}

======Hosts File======

127.0.0.1 localhost

======System event log======

Computer Name: Raider

Event Code: 27

Message: Intel® 82577LC Gigabit Network Connection

Network link has been disconnected.

Record Number: 1920

Source Name: e1kexpress

Time Written: 20100831211401.994023-000

Event Type: Warning

User:

Computer Name: Raider

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 1901

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20100831211329.923291-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Raider

Event Code: 27

Message: Intel® 82577LC Gigabit Network Connection

Network link has been disconnected.

Record Number: 1823

Source Name: e1kexpress

Time Written: 20100831204901.873078-000

Event Type: Warning

User:

Computer Name: Raider

Event Code: 27

Message: Intel® 82577LC Gigabit Network Connection

Network link has been disconnected.

Record Number: 1214

Source Name: e1kexpress

Time Written: 20100831184911.649224-000

Event Type: Warning

User:

Computer Name: Raider

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 1189

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20100812084239.223565-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Raider

Event Code: 1130

Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: Microsoft.MediaCenter.Playback

Record Number: 1264

Source Name: .NET Runtime Optimization Service

Time Written: 20100918031316.000000-000

Event Type: Warning

User:

Computer Name: Raider

Event Code: 1130

Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: mcepg

Record Number: 1263

Source Name: .NET Runtime Optimization Service

Time Written: 20100918031306.000000-000

Event Type: Warning

User:

Computer Name: Raider

Event Code: 1130

Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: ehRecObj

Record Number: 1262

Source Name: .NET Runtime Optimization Service

Time Written: 20100918031303.000000-000

Event Type: Warning

User:

Computer Name: Raider

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-609782877-1678570109-4088673391-1000:

Process 840 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-609782877-1678570109-4088673391-1000

Record Number: 1021

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20100831211328.722088-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Raider

Event Code: 1008

Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 963

Source Name: Microsoft-Windows-Search

Time Written: 20100831184400.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: DD7WCSM1

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: DD7WCSM1$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x24c

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 207

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100812084237.163562-000

Event Type: Audit Success

User:

Computer Name: DD7WCSM1

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 206

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100812084237.083562-000

Event Type: Audit Success

User:

Computer Name: DD7WCSM1

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: DD7WCSM1$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x24c

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 205

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100812084237.083562-000

Event Type: Audit Success

User:

Computer Name: DD7WCSM1

Event Code: 4738

Message: A user account was changed.

Subject:

Security ID: S-1-5-21-609782877-1678570109-4088673391-500

Account Name: Administrator

Account Domain: DD7WCSM1

Logon ID: 0x5525b

Target Account:

Security ID: S-1-5-21-609782877-1678570109-4088673391-500

Account Name: Administrator

Account Domain: DD7WCSM1

Changed Attributes:

SAM Account Name: -

Display Name: -

User Principal Name: -

Home Directory: -

Home Drive: -

Script Path: -

Profile Path: -

User Workstations: -

Password Last Set: -

Account Expires: -

Primary Group ID: -

AllowedToDelegateTo: -

Old UAC Value: 0x211

New UAC Value: 0x211

User Account Control: -

User Parameters: -

SID History: -

Logon Hours: -

Additional Information:

Privileges: -

Record Number: 204

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100812084234.703558-000

Event Type: Audit Success

User:

Computer Name: DD7WCSM1

Event Code: 1102

Message: The audit log was cleared.

Subject:

Security ID: S-1-5-21-609782877-1678570109-4088673391-500

Account Name: Administrator

Domain Name: DD7WCSM1

Logon ID: 0x5525b

Record Number: 203

Source Name: Microsoft-Windows-Eventlog

Time Written: 20100812084233.029954-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files\Intel\DMIX;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Windows Imaging\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=8

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel

"PROCESSOR_REVISION"=1e05

"asl.log"=Destination=file

-----------------EOF-----------------

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.01.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

sumika :: RAIDER [administrator]

1/1/2013 1:30:14 PM

mbam-log-2013-01-01 (13-30-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 293136

Time elapsed: 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The MBAM quick scan detected nothing. AS to the RSIT reports, I may have you do different report later on.

It is somewhat odd if your browser connects ok in safe mode with networking, but has no internet connection in normal mode.

Please make sure that you run no other tools or fixes on your own. Just only follow my guidance.

In the next procedures, I ask you to delete older {prior} copies of tools and to download new ones, as we do this list.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Right-click on flush.bat & select Run as Administrator to start it.

Your computer will reboot as part of the procedure.

Step 4

Delete any prior copy of adwcleaner.exe {if you had it from before}.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 5

Delete any prior copy of TDSSKILLER.exe {if you had it from before}.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 6

Delete any prior copy of RogueKiller.exe {if you had it from before}.

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 7

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Hi,

Just to be clear, I haven't run any other tool since asking for help in this forum. In fact, the machine is turned off when I am not following the directions you provide.

With all respect, BEFORE I asked for help in this forum, I ran RogueKiller and it did find some problems - I mentioned this in my first post and offered to provide that log - please let me know if you want me to post it.

I had no trouble executing each of the steps. The logs you requested today follow.

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 18:24:37

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : sumika - RAIDER

# Boot Mode : Normal

# Running from : C:\Users\Micky\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKU\S-1-5-21-609782877-1678570109-4088673391-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Micky\AppData\Roaming\Mozilla\Firefox\Profiles\xkt2dly2.default\prefs.js

[OK] File is clean.

File : C:\Users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\kxefltha.default\prefs.js

[OK] File is clean.

File : C:\Users\PF\AppData\Roaming\Mozilla\Firefox\Profiles\jypv6z61.default\prefs.js

[OK] File is clean.

File : C:\Users\Gamerz\AppData\Roaming\Mozilla\Firefox\Profiles\zav1ov9h.default\prefs.js

[OK] File is clean.

File : C:\Users\sumika\AppData\Roaming\Mozilla\Firefox\Profiles\s0hyc9xb.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1280 octets] - [01/01/2013 18:24:37]

########## EOF - \AdwCleaner[R1].txt - [1340 octets] ##########

18:27:33.0036 1932 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

18:27:35.0048 1932 ============================================================

18:27:35.0048 1932 Current date / time: 2013/01/01 18:27:35.0048

18:27:35.0048 1932 SystemInfo:

18:27:35.0048 1932

18:27:35.0048 1932 OS Version: 6.1.7601 ServicePack: 1.0

18:27:35.0048 1932 Product type: Workstation

18:27:35.0048 1932 ComputerName: RAIDER

18:27:35.0048 1932 UserName: sumika

18:27:35.0048 1932 Windows directory: C:\Windows

18:27:35.0048 1932 System windows directory: C:\Windows

18:27:35.0048 1932 Running under WOW64

18:27:35.0048 1932 Processor architecture: Intel x64

18:27:35.0048 1932 Number of processors: 8

18:27:35.0048 1932 Page size: 0x1000

18:27:35.0048 1932 Boot type: Normal boot

18:27:35.0048 1932 ============================================================

18:27:35.0750 1932 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:27:35.0766 1932 ============================================================

18:27:35.0766 1932 \Device\Harddisk0\DR0:

18:27:35.0766 1932 MBR partitions:

18:27:35.0766 1932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000

18:27:35.0766 1932 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1BF930EB

18:27:35.0766 1932 ============================================================

18:27:35.0766 1932 C: <-> \Device\Harddisk0\DR0\Partition2

18:27:35.0766 1932 ============================================================

18:27:35.0766 1932 Initialize success

18:27:35.0766 1932 ============================================================

18:27:59.0368 6824 ============================================================

18:27:59.0368 6824 Scan started

18:27:59.0368 6824 Mode: Manual;

18:27:59.0368 6824 ============================================================

18:27:59.0571 6824 ================ Scan system memory ========================

18:27:59.0571 6824 System memory - ok

18:27:59.0571 6824 ================ Scan services =============================

18:27:59.0618 6824 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

18:27:59.0634 6824 1394ohci - ok

18:27:59.0634 6824 [ E388503069001F0797EC200CE19B265E ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys

18:27:59.0634 6824 Acceler - ok

18:27:59.0634 6824 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

18:27:59.0649 6824 ACPI - ok

18:27:59.0649 6824 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

18:27:59.0649 6824 AcpiPmi - ok

18:27:59.0665 6824 [ 765FE0463E711E5A68AC7B69538ED922 ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

18:27:59.0665 6824 AdobeActiveFileMonitor8.0 - ok

18:27:59.0680 6824 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

18:27:59.0680 6824 adp94xx - ok

18:27:59.0696 6824 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

18:27:59.0696 6824 adpahci - ok

18:27:59.0696 6824 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

18:27:59.0712 6824 adpu320 - ok

18:27:59.0712 6824 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:27:59.0712 6824 AeLookupSvc - ok

18:27:59.0743 6824 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe

18:27:59.0743 6824 AESTFilters - ok

18:27:59.0743 6824 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

18:27:59.0758 6824 AFD - ok

18:27:59.0758 6824 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

18:27:59.0758 6824 agp440 - ok

18:27:59.0758 6824 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

18:27:59.0758 6824 ALG - ok

18:27:59.0774 6824 [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe

18:27:59.0883 6824 AlienFusionService - ok

18:27:59.0883 6824 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

18:27:59.0883 6824 aliide - ok

18:27:59.0899 6824 [ 568C61DBDA2D9F1AFDAC58771E313AFE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

18:27:59.0899 6824 AMD External Events Utility - ok

18:27:59.0899 6824 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

18:27:59.0899 6824 amdide - ok

18:27:59.0914 6824 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

18:27:59.0914 6824 AmdK8 - ok

18:27:59.0914 6824 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

18:27:59.0914 6824 AmdPPM - ok

18:27:59.0930 6824 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

18:27:59.0930 6824 amdsata - ok

18:27:59.0946 6824 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

18:27:59.0946 6824 amdsbs - ok

18:27:59.0946 6824 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

18:27:59.0946 6824 amdxata - ok

18:27:59.0961 6824 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

18:27:59.0961 6824 AppID - ok

18:27:59.0961 6824 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

18:27:59.0961 6824 AppIDSvc - ok

18:27:59.0977 6824 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

18:27:59.0977 6824 Appinfo - ok

18:27:59.0992 6824 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:27:59.0992 6824 Apple Mobile Device - ok

18:28:00.0008 6824 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

18:28:00.0008 6824 AppMgmt - ok

18:28:00.0008 6824 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

18:28:00.0024 6824 arc - ok

18:28:00.0024 6824 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

18:28:00.0024 6824 arcsas - ok

18:28:00.0039 6824 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:28:00.0039 6824 AsyncMac - ok

18:28:00.0039 6824 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

18:28:00.0039 6824 atapi - ok

18:28:00.0055 6824 [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

18:28:00.0055 6824 AtiHdmiService - ok

18:28:00.0133 6824 [ B579364CE413C6B8FCB8A594CC4C48EE ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

18:28:00.0195 6824 atikmdag - ok

18:28:00.0211 6824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:28:00.0211 6824 AudioEndpointBuilder - ok

18:28:00.0211 6824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

18:28:00.0226 6824 AudioSrv - ok

18:28:00.0226 6824 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

18:28:00.0226 6824 AxInstSV - ok

18:28:00.0242 6824 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

18:28:00.0242 6824 b06bdrv - ok

18:28:00.0258 6824 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

18:28:00.0258 6824 b57nd60a - ok

18:28:00.0273 6824 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

18:28:00.0273 6824 BDESVC - ok

18:28:00.0273 6824 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

18:28:00.0273 6824 Beep - ok

18:28:00.0289 6824 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

18:28:00.0289 6824 BFE - ok

18:28:00.0320 6824 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121130.005\BHDrvx64.sys

18:28:00.0320 6824 BHDrvx64 - ok

18:28:00.0336 6824 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

18:28:00.0336 6824 BITS - ok

18:28:00.0351 6824 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

18:28:00.0351 6824 blbdrive - ok

18:28:00.0351 6824 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

18:28:00.0351 6824 Bonjour Service - ok

18:28:00.0367 6824 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:28:00.0367 6824 bowser - ok

18:28:00.0367 6824 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:28:00.0367 6824 BrFiltLo - ok

18:28:00.0367 6824 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:28:00.0382 6824 BrFiltUp - ok

18:28:00.0382 6824 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

18:28:00.0382 6824 Browser - ok

18:28:00.0398 6824 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

18:28:00.0398 6824 Brserid - ok

18:28:00.0398 6824 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

18:28:00.0398 6824 BrSerWdm - ok

18:28:00.0414 6824 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

18:28:00.0414 6824 BrUsbMdm - ok

18:28:00.0429 6824 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

18:28:00.0429 6824 BrUsbSer - ok

18:28:00.0429 6824 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

18:28:00.0429 6824 BthEnum - ok

18:28:00.0445 6824 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

18:28:00.0445 6824 BTHMODEM - ok

18:28:00.0445 6824 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

18:28:00.0445 6824 BthPan - ok

18:28:00.0476 6824 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

18:28:00.0476 6824 BTHPORT - ok

18:28:00.0476 6824 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

18:28:00.0476 6824 bthserv - ok

18:28:00.0492 6824 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

18:28:00.0492 6824 BTHUSB - ok

18:28:00.0492 6824 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

18:28:00.0492 6824 btwaudio - ok

18:28:00.0507 6824 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys

18:28:00.0507 6824 btwavdt - ok

18:28:00.0523 6824 [ 6DDE1E97BE4D50253DFB9090A6A62524 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

18:28:00.0866 6824 btwdins - ok

18:28:00.0866 6824 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

18:28:00.0866 6824 btwl2cap - ok

18:28:00.0866 6824 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

18:28:00.0866 6824 btwrchid - ok

18:28:00.0882 6824 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys

18:28:00.0882 6824 ccHP - ok

18:28:00.0897 6824 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_NSM C:\Windows\system32\drivers\NSMx64\0206000.02B\ccSetx64.sys

18:28:00.0897 6824 ccSet_NSM - ok

18:28:00.0913 6824 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:28:00.0913 6824 cdfs - ok

18:28:00.0913 6824 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

18:28:00.0913 6824 cdrom - ok

18:28:00.0928 6824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

18:28:00.0928 6824 CertPropSvc - ok

18:28:00.0928 6824 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

18:28:00.0928 6824 circlass - ok

18:28:00.0944 6824 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

18:28:00.0944 6824 CLFS - ok

18:28:00.0960 6824 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:28:00.0960 6824 clr_optimization_v2.0.50727_32 - ok

18:28:00.0975 6824 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:28:00.0975 6824 clr_optimization_v2.0.50727_64 - ok

18:28:00.0991 6824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:28:00.0991 6824 clr_optimization_v4.0.30319_32 - ok

18:28:01.0006 6824 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:28:01.0006 6824 clr_optimization_v4.0.30319_64 - ok

18:28:01.0006 6824 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

18:28:01.0006 6824 CmBatt - ok

18:28:01.0006 6824 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:28:01.0006 6824 cmdide - ok

18:28:01.0022 6824 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

18:28:01.0022 6824 CNG - ok

18:28:01.0038 6824 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

18:28:01.0038 6824 Compbatt - ok

18:28:01.0038 6824 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

18:28:01.0038 6824 CompositeBus - ok

18:28:01.0038 6824 COMSysApp - ok

18:28:01.0053 6824 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

18:28:01.0053 6824 crcdisk - ok

18:28:01.0069 6824 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:28:01.0069 6824 CryptSvc - ok

18:28:01.0084 6824 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

18:28:01.0084 6824 CSC - ok

18:28:01.0100 6824 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

18:28:01.0100 6824 CscService - ok

18:28:01.0116 6824 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

18:28:01.0116 6824 dc3d - ok

18:28:01.0116 6824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:28:01.0131 6824 DcomLaunch - ok

18:28:01.0131 6824 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

18:28:01.0131 6824 defragsvc - ok

18:28:01.0147 6824 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:28:01.0147 6824 DfsC - ok

18:28:01.0147 6824 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

18:28:01.0147 6824 Dhcp - ok

18:28:01.0162 6824 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

18:28:01.0162 6824 discache - ok

18:28:01.0162 6824 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

18:28:01.0162 6824 Disk - ok

18:28:01.0178 6824 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:28:01.0178 6824 Dnscache - ok

18:28:01.0194 6824 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

18:28:01.0194 6824 dot3svc - ok

18:28:01.0194 6824 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

18:28:01.0194 6824 DPS - ok

18:28:01.0209 6824 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:28:01.0209 6824 drmkaud - ok

18:28:01.0225 6824 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:28:01.0240 6824 DXGKrnl - ok

18:28:01.0240 6824 [ F369E83F6CDAB987CA2DD764278659A6 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys

18:28:01.0240 6824 e1kexpress - ok

18:28:01.0256 6824 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

18:28:01.0256 6824 EapHost - ok

18:28:01.0272 6824 [ 64585B1D85FF7566B99CED303A02F357 ] EaseUS Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

18:28:01.0381 6824 EaseUS Agent - ok

18:28:01.0412 6824 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

18:28:01.0443 6824 ebdrv - ok

18:28:01.0459 6824 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

18:28:01.0459 6824 eeCtrl - ok

18:28:01.0459 6824 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

18:28:01.0459 6824 EFS - ok

18:28:01.0474 6824 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

18:28:01.0474 6824 ehRecvr - ok

18:28:01.0474 6824 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

18:28:01.0490 6824 ehSched - ok

18:28:01.0490 6824 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

18:28:01.0490 6824 elxstor - ok

18:28:01.0506 6824 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:28:01.0506 6824 EraserUtilRebootDrv - ok

18:28:01.0506 6824 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:28:01.0506 6824 ErrDev - ok

18:28:01.0521 6824 [ BF217BE3DB6907579C13438C6EFE002D ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys

18:28:01.0630 6824 EUBAKUP - ok

18:28:01.0646 6824 [ 92E3BD1F7D6D29A10929C1F9F7660FC3 ] EUBKMON C:\Windows\system32\drivers\EUBKMON.sys

18:28:01.0771 6824 EUBKMON - ok

18:28:01.0771 6824 [ D17446353E4FEE5B7D710610E8B18AC4 ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys

18:28:01.0864 6824 EUDSKACS - ok

18:28:01.0864 6824 [ 8AD925DA2E4BCD1A6E657A7248CCDED2 ] EUFDDISK C:\Windows\system32\drivers\EuFdDisk.sys

18:28:02.0083 6824 EUFDDISK - ok

18:28:02.0083 6824 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

18:28:02.0098 6824 EventSystem - ok

18:28:02.0098 6824 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

18:28:02.0270 6824 exfat - ok

18:28:02.0286 6824 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys

18:28:02.0332 6824 FACAP - ok

18:28:02.0364 6824 [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

18:28:02.0488 6824 FAService - ok

18:28:02.0504 6824 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:28:02.0504 6824 fastfat - ok

18:28:02.0504 6824 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

18:28:02.0520 6824 Fax - ok

18:28:02.0520 6824 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

18:28:02.0520 6824 fdc - ok

18:28:02.0520 6824 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

18:28:02.0535 6824 fdPHost - ok

18:28:02.0535 6824 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

18:28:02.0535 6824 FDResPub - ok

18:28:02.0535 6824 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:28:02.0535 6824 FileInfo - ok

18:28:02.0551 6824 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:28:02.0551 6824 Filetrace - ok

18:28:02.0566 6824 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

18:28:02.0582 6824 FLEXnet Licensing Service - ok

18:28:02.0582 6824 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

18:28:02.0582 6824 flpydisk - ok

18:28:02.0598 6824 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:28:02.0598 6824 FltMgr - ok

18:28:02.0613 6824 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

18:28:02.0629 6824 FontCache - ok

18:28:02.0629 6824 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:28:02.0629 6824 FontCache3.0.0.0 - ok

18:28:02.0629 6824 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

18:28:02.0629 6824 FsDepends - ok

18:28:02.0644 6824 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:28:02.0644 6824 Fs_Rec - ok

18:28:02.0644 6824 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

18:28:02.0644 6824 fvevol - ok

18:28:02.0660 6824 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

18:28:02.0660 6824 gagp30kx - ok

18:28:02.0660 6824 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:28:02.0660 6824 GEARAspiWDM - ok

18:28:02.0676 6824 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

18:28:02.0691 6824 gpsvc - ok

18:28:02.0691 6824 [ A6A4223573CFCF87843CFCB3A9C237C7 ] Guard Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

18:28:02.0863 6824 Guard Agent - ok

18:28:02.0878 6824 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:28:02.0878 6824 gupdate - ok

18:28:02.0878 6824 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:28:02.0878 6824 gupdatem - ok

18:28:02.0878 6824 [ 8CD92502FEC49E837155B9F20E5E2D2C ] HappyOSD C:\Program Files (x86)\OSD\OSD_Service.exe

18:28:03.0019 6824 HappyOSD - ok

18:28:03.0034 6824 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

18:28:03.0034 6824 hcw85cir - ok

18:28:03.0034 6824 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

18:28:03.0034 6824 HdAudAddService - ok

18:28:03.0050 6824 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

18:28:03.0050 6824 HDAudBus - ok

18:28:03.0050 6824 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

18:28:03.0050 6824 HidBatt - ok

18:28:03.0050 6824 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

18:28:03.0066 6824 HidBth - ok

18:28:03.0066 6824 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

18:28:03.0066 6824 HidIr - ok

18:28:03.0066 6824 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

18:28:03.0066 6824 hidserv - ok

18:28:03.0081 6824 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

18:28:03.0081 6824 HidUsb - ok

18:28:03.0081 6824 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:28:03.0097 6824 hkmsvc - ok

18:28:03.0112 6824 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

18:28:03.0112 6824 HomeGroupListener - ok

18:28:03.0112 6824 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

18:28:03.0112 6824 HomeGroupProvider - ok

18:28:03.0128 6824 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

18:28:03.0128 6824 HpSAMD - ok

18:28:03.0144 6824 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:28:03.0144 6824 HTTP - ok

18:28:03.0144 6824 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

18:28:03.0144 6824 hwpolicy - ok

18:28:03.0159 6824 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

18:28:03.0159 6824 i8042prt - ok

18:28:03.0175 6824 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

18:28:03.0175 6824 IAANTMON - ok

18:28:03.0175 6824 [ 87A72502C8AC5E89B5A46FF6E874F5C5 ] IAMTVE C:\Windows\system32\DRIVERS\IAMTVE.sys

18:28:03.0175 6824 IAMTVE - ok

18:28:03.0190 6824 [ 5516F8E518A2F6A8755498F3E73957CF ] IAMTXPE C:\Windows\system32\DRIVERS\IAMTXPE.sys

18:28:03.0190 6824 IAMTXPE - ok

18:28:03.0190 6824 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

18:28:03.0206 6824 iaStor - ok

18:28:03.0206 6824 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

18:28:03.0222 6824 iaStorV - ok

18:28:03.0222 6824 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:28:03.0237 6824 idsvc - ok

18:28:03.0253 6824 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121230.001\IDSvia64.sys

18:28:03.0253 6824 IDSVia64 - ok

18:28:03.0253 6824 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

18:28:03.0268 6824 iirsp - ok

18:28:03.0268 6824 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

18:28:03.0284 6824 IKEEXT - ok

18:28:03.0284 6824 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

18:28:03.0284 6824 intelide - ok

18:28:03.0284 6824 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:28:03.0284 6824 intelppm - ok

18:28:03.0300 6824 [ 4B846898AA05BB1E1E88313C9174A9ED ] ioatdma C:\Windows\system32\Drivers\ioatdma.sys

18:28:03.0300 6824 ioatdma - ok

18:28:03.0300 6824 [ 7F4F67177E9FC600B2AFF6BB21DB6D04 ] ioatdma1 C:\Windows\System32\Drivers\qd162x64.sys

18:28:03.0300 6824 ioatdma1 - ok

18:28:03.0315 6824 [ 565DE53FB5E4CB14314E4F53848A025D ] ioatdma2 C:\Windows\System32\Drivers\qd262x64.sys

18:28:03.0315 6824 ioatdma2 - ok

18:28:03.0315 6824 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:28:03.0331 6824 IPBusEnum - ok

18:28:03.0331 6824 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:28:03.0331 6824 IpFilterDriver - ok

18:28:03.0346 6824 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

18:28:03.0346 6824 iphlpsvc - ok

18:28:03.0362 6824 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

18:28:03.0362 6824 IPMIDRV - ok

18:28:03.0362 6824 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

18:28:03.0362 6824 IPNAT - ok

18:28:03.0378 6824 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

18:28:03.0393 6824 iPod Service - ok

18:28:03.0393 6824 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:28:03.0393 6824 IRENUM - ok

18:28:03.0393 6824 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:28:03.0409 6824 isapnp - ok

18:28:03.0409 6824 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:28:03.0409 6824 iScsiPrt - ok

18:28:03.0424 6824 [ 5122B80266E2DF2188466A93A31EE3B7 ] iSSetup C:\Windows\system32\DRIVERS\iSSetup.sys

18:28:03.0424 6824 iSSetup - ok

18:28:03.0424 6824 [ 9291643B494F87BFDAC95A524F69E737 ] itecir C:\Windows\system32\DRIVERS\itecir.sys

18:28:03.0424 6824 itecir - ok

18:28:03.0440 6824 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

18:28:03.0440 6824 kbdclass - ok

18:28:03.0440 6824 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

18:28:03.0440 6824 kbdhid - ok

18:28:03.0456 6824 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

18:28:03.0456 6824 KeyIso - ok

18:28:03.0456 6824 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:28:03.0456 6824 KSecDD - ok

18:28:03.0487 6824 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

18:28:03.0487 6824 KSecPkg - ok

18:28:03.0487 6824 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

18:28:03.0487 6824 ksthunk - ok

18:28:03.0502 6824 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

18:28:03.0549 6824 KtmRm - ok

18:28:03.0565 6824 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

18:28:03.0565 6824 LanmanServer - ok

18:28:03.0565 6824 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:28:03.0580 6824 LanmanWorkstation - ok

18:28:03.0580 6824 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:28:03.0580 6824 lltdio - ok

18:28:03.0596 6824 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:28:03.0643 6824 lltdsvc - ok

18:28:03.0643 6824 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:28:03.0643 6824 lmhosts - ok

18:28:03.0658 6824 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

18:28:03.0658 6824 LSI_FC - ok

18:28:03.0658 6824 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

18:28:03.0658 6824 LSI_SAS - ok

18:28:03.0658 6824 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:28:03.0674 6824 LSI_SAS2 - ok

18:28:03.0674 6824 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:28:03.0674 6824 LSI_SCSI - ok

18:28:03.0674 6824 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

18:28:03.0674 6824 luafv - ok

18:28:03.0690 6824 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

18:28:03.0768 6824 Mcx2Svc - ok

18:28:03.0768 6824 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

18:28:03.0783 6824 megasas - ok

18:28:03.0783 6824 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

18:28:03.0783 6824 MegaSR - ok

18:28:03.0799 6824 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

18:28:03.0799 6824 MMCSS - ok

18:28:03.0799 6824 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

18:28:03.0799 6824 Modem - ok

18:28:03.0799 6824 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:28:03.0799 6824 monitor - ok

18:28:03.0799 6824 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

18:28:03.0799 6824 mouclass - ok

18:28:03.0814 6824 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:28:03.0814 6824 mouhid - ok

18:28:03.0830 6824 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

18:28:03.0830 6824 mountmgr - ok

18:28:03.0830 6824 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

18:28:03.0846 6824 MozillaMaintenance - ok

18:28:03.0846 6824 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

18:28:03.0846 6824 mpio - ok

18:28:03.0846 6824 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:28:03.0861 6824 mpsdrv - ok

18:28:03.0877 6824 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

18:28:03.0877 6824 MpsSvc - ok

18:28:03.0892 6824 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:28:03.0892 6824 MRxDAV - ok

18:28:03.0892 6824 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:28:03.0892 6824 mrxsmb - ok

18:28:03.0908 6824 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:28:03.0908 6824 mrxsmb10 - ok

18:28:03.0908 6824 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:28:03.0924 6824 mrxsmb20 - ok

18:28:03.0924 6824 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

18:28:03.0924 6824 msahci - ok

18:28:03.0924 6824 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:28:03.0939 6824 msdsm - ok

18:28:03.0955 6824 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

18:28:03.0955 6824 MSDTC - ok

18:28:03.0970 6824 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:28:03.0970 6824 Msfs - ok

18:28:03.0970 6824 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

18:28:03.0970 6824 mshidkmdf - ok

18:28:03.0986 6824 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:28:03.0986 6824 msisadrv - ok

18:28:03.0986 6824 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:28:04.0080 6824 MSiSCSI - ok

18:28:04.0080 6824 msiserver - ok

18:28:04.0080 6824 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:28:04.0095 6824 MSKSSRV - ok

18:28:04.0095 6824 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:28:04.0095 6824 MSPCLOCK - ok

18:28:04.0095 6824 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:28:04.0095 6824 MSPQM - ok

18:28:04.0111 6824 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:28:04.0126 6824 MsRPC - ok

18:28:04.0126 6824 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

18:28:04.0126 6824 mssmbios - ok

18:28:04.0126 6824 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:28:04.0142 6824 MSTEE - ok

18:28:04.0142 6824 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

18:28:04.0142 6824 MTConfig - ok

18:28:04.0158 6824 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

18:28:04.0158 6824 Mup - ok

18:28:04.0173 6824 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

18:28:04.0173 6824 N360 - ok

18:28:04.0173 6824 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

18:28:04.0189 6824 napagent - ok

18:28:04.0189 6824 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:28:04.0189 6824 NativeWifiP - ok

18:28:04.0204 6824 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130101.016\ENG64.SYS

18:28:04.0204 6824 NAVENG - ok

18:28:04.0236 6824 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130101.016\EX64.SYS

18:28:04.0236 6824 NAVEX15 - ok

18:28:04.0251 6824 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

18:28:04.0267 6824 NDIS - ok

18:28:04.0267 6824 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

18:28:04.0267 6824 NdisCap - ok

18:28:04.0267 6824 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:28:04.0267 6824 NdisTapi - ok

18:28:04.0267 6824 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:28:04.0282 6824 Ndisuio - ok

18:28:04.0282 6824 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:28:04.0282 6824 NdisWan - ok

18:28:04.0282 6824 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:28:04.0298 6824 NDProxy - ok

18:28:04.0314 6824 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

18:28:04.0314 6824 Nero BackItUp Scheduler 4.0 - ok

18:28:04.0314 6824 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:28:04.0329 6824 NetBIOS - ok

18:28:04.0329 6824 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

18:28:04.0329 6824 NetBT - ok

18:28:04.0329 6824 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

18:28:04.0329 6824 Netlogon - ok

18:28:04.0345 6824 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

18:28:04.0345 6824 Netman - ok

18:28:04.0360 6824 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

18:28:04.0360 6824 netprofm - ok

18:28:04.0360 6824 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:28:04.0360 6824 NetTcpPortSharing - ok

18:28:04.0438 6824 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys

18:28:04.0485 6824 NETw5s64 - ok

18:28:04.0501 6824 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

18:28:04.0501 6824 nfrd960 - ok

18:28:04.0501 6824 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:28:04.0516 6824 NlaSvc - ok

18:28:04.0516 6824 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:28:04.0516 6824 Npfs - ok

18:28:04.0516 6824 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

18:28:04.0516 6824 nsi - ok

18:28:04.0516 6824 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:28:04.0516 6824 nsiproxy - ok

18:28:04.0548 6824 [ 18654D5E0DC33B7F0F895264A5DE80DA ] NSL C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe

18:28:04.0548 6824 NSL - ok

18:28:04.0548 6824 [ 8D11DA92F83D8C8281689739BEF05FD5 ] NSM C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\ccSvcHst.exe

18:28:04.0548 6824 NSM - ok

18:28:04.0579 6824 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:28:04.0594 6824 Ntfs - ok

18:28:04.0594 6824 [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

18:28:04.0594 6824 NuidFltr - ok

18:28:04.0594 6824 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

18:28:04.0594 6824 Null - ok

18:28:04.0610 6824 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:28:04.0610 6824 nvraid - ok

18:28:04.0610 6824 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:28:04.0610 6824 nvstor - ok

18:28:04.0626 6824 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:28:04.0626 6824 nv_agp - ok

18:28:04.0626 6824 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:28:04.0626 6824 ohci1394 - ok

18:28:04.0641 6824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

18:28:04.0641 6824 p2pimsvc - ok

18:28:04.0641 6824 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

18:28:04.0657 6824 p2psvc - ok

18:28:04.0657 6824 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

18:28:04.0657 6824 Parport - ok

18:28:04.0657 6824 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:28:04.0672 6824 partmgr - ok

18:28:04.0688 6824 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

18:28:04.0688 6824 PcaSvc - ok

18:28:04.0688 6824 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

18:28:04.0688 6824 pci - ok

18:28:04.0704 6824 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

18:28:04.0704 6824 pciide - ok

18:28:04.0704 6824 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

18:28:04.0719 6824 pcmcia - ok

18:28:04.0719 6824 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

18:28:04.0719 6824 pcw - ok

18:28:04.0735 6824 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:28:04.0735 6824 PEAUTH - ok

18:28:04.0750 6824 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

18:28:04.0766 6824 PeerDistSvc - ok

18:28:04.0813 6824 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

18:28:04.0813 6824 PerfHost - ok

18:28:04.0828 6824 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

18:28:04.0844 6824 pla - ok

18:28:04.0860 6824 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:28:04.0860 6824 PlugPlay - ok

18:28:04.0860 6824 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

18:28:04.0860 6824 PNRPAutoReg - ok

18:28:04.0875 6824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

18:28:04.0875 6824 PNRPsvc - ok

18:28:04.0875 6824 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

18:28:04.0875 6824 Point64 - ok

18:28:04.0891 6824 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:28:04.0891 6824 PolicyAgent - ok

18:28:04.0906 6824 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

18:28:04.0906 6824 Power - ok

18:28:04.0906 6824 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:28:04.0906 6824 PptpMiniport - ok

18:28:04.0922 6824 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

18:28:04.0922 6824 Processor - ok

18:28:04.0922 6824 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

18:28:04.0922 6824 ProfSvc - ok

18:28:04.0938 6824 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

18:28:04.0938 6824 ProtectedStorage - ok

18:28:04.0938 6824 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

18:28:04.0953 6824 Psched - ok

18:28:04.0953 6824 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

18:28:04.0953 6824 PxHlpa64 - ok

18:28:04.0969 6824 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

18:28:04.0984 6824 ql2300 - ok

18:28:05.0000 6824 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

18:28:05.0000 6824 ql40xx - ok

18:28:05.0000 6824 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

18:28:05.0000 6824 QWAVE - ok

18:28:05.0016 6824 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:28:05.0016 6824 QWAVEdrv - ok

18:28:05.0016 6824 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:28:05.0016 6824 RasAcd - ok

18:28:05.0016 6824 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

18:28:05.0031 6824 RasAgileVpn - ok

18:28:05.0031 6824 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

18:28:05.0031 6824 RasAuto - ok

18:28:05.0047 6824 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:28:05.0047 6824 Rasl2tp - ok

18:28:05.0047 6824 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

18:28:05.0047 6824 RasMan - ok

18:28:05.0062 6824 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:28:05.0062 6824 RasPppoe - ok

18:28:05.0062 6824 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:28:05.0062 6824 RasSstp - ok

18:28:05.0078 6824 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:28:05.0094 6824 rdbss - ok

18:28:05.0094 6824 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

18:28:05.0094 6824 rdpbus - ok

18:28:05.0094 6824 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:28:05.0094 6824 RDPCDD - ok

18:28:05.0125 6824 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

18:28:05.0125 6824 RDPDR - ok

18:28:05.0125 6824 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:28:05.0125 6824 RDPENCDD - ok

18:28:05.0140 6824 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

18:28:05.0140 6824 RDPREFMP - ok

18:28:05.0140 6824 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:28:05.0156 6824 RDPWD - ok

18:28:05.0156 6824 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

18:28:05.0172 6824 rdyboost - ok

18:28:05.0172 6824 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:28:05.0172 6824 RemoteAccess - ok

18:28:05.0187 6824 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:28:05.0187 6824 RemoteRegistry - ok

18:28:05.0187 6824 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

18:28:05.0187 6824 RFCOMM - ok

18:28:05.0203 6824 [ CB7C996F3878E936BFDD9CDFE6A3A987 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys

18:28:05.0203 6824 rimmptsk - ok

18:28:05.0203 6824 [ 2C543F0E04B5F6FD5C17509D0ECE6D1D ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys

18:28:05.0203 6824 rimsptsk - ok

18:28:05.0218 6824 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys

18:28:05.0218 6824 rismxdp - ok

18:28:05.0234 6824 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

18:28:05.0234 6824 RpcEptMapper - ok

18:28:05.0234 6824 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

18:28:05.0250 6824 RpcLocator - ok

18:28:05.0250 6824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

18:28:05.0250 6824 RpcSs - ok

18:28:05.0265 6824 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:28:05.0265 6824 rspndr - ok

18:28:05.0265 6824 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

18:28:05.0265 6824 s3cap - ok

18:28:05.0281 6824 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

18:28:05.0281 6824 SamSs - ok

18:28:05.0281 6824 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:28:05.0281 6824 sbp2port - ok

18:28:05.0296 6824 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:28:05.0312 6824 SCardSvr - ok

18:28:05.0312 6824 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

18:28:05.0312 6824 scfilter - ok

18:28:05.0328 6824 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

18:28:05.0343 6824 Schedule - ok

18:28:05.0343 6824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

18:28:05.0343 6824 SCPolicySvc - ok

18:28:05.0359 6824 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

18:28:05.0359 6824 sdbus - ok

18:28:05.0359 6824 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:28:05.0359 6824 SDRSVC - ok

18:28:05.0359 6824 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:28:05.0374 6824 secdrv - ok

18:28:05.0374 6824 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

18:28:05.0374 6824 seclogon - ok

18:28:05.0390 6824 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

18:28:05.0390 6824 SENS - ok

18:28:05.0390 6824 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

18:28:05.0390 6824 SensrSvc - ok

18:28:05.0406 6824 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

18:28:05.0406 6824 Serenum - ok

18:28:05.0406 6824 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

18:28:05.0406 6824 Serial - ok

18:28:05.0421 6824 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

18:28:05.0421 6824 sermouse - ok

18:28:05.0452 6824 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

18:28:05.0452 6824 SessionEnv - ok

18:28:05.0468 6824 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

18:28:05.0468 6824 sffdisk - ok

18:28:05.0468 6824 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:28:05.0468 6824 sffp_mmc - ok

18:28:05.0484 6824 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

18:28:05.0484 6824 sffp_sd - ok

18:28:05.0484 6824 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

18:28:05.0484 6824 sfloppy - ok

18:28:05.0515 6824 [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService C:\Program Files (x86)\AlienRespawn\sftservice.EXE

18:28:05.0515 6824 SftService - ok

18:28:05.0530 6824 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

18:28:05.0530 6824 SharedAccess - ok

18:28:05.0530 6824 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:28:05.0546 6824 ShellHWDetection - ok

18:28:05.0546 6824 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:28:05.0546 6824 SiSRaid2 - ok

18:28:05.0546 6824 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

18:28:05.0546 6824 SiSRaid4 - ok

18:28:05.0562 6824 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:28:05.0562 6824 Smb - ok

18:28:05.0562 6824 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:28:05.0577 6824 SNMPTRAP - ok

18:28:05.0593 6824 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

18:28:05.0593 6824 spldr - ok

18:28:05.0593 6824 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

18:28:05.0593 6824 Spooler - ok

18:28:05.0640 6824 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

18:28:05.0655 6824 sppsvc - ok

18:28:05.0655 6824 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

18:28:05.0671 6824 sppuinotify - ok

18:28:05.0671 6824 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS

18:28:05.0671 6824 SRTSP - ok

18:28:05.0686 6824 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS

18:28:05.0686 6824 SRTSPX - ok

18:28:05.0686 6824 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

18:28:05.0702 6824 srv - ok

18:28:05.0702 6824 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:28:05.0702 6824 srv2 - ok

18:28:05.0718 6824 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:28:05.0718 6824 srvnet - ok

18:28:05.0718 6824 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:28:05.0718 6824 SSDPSRV - ok

18:28:05.0733 6824 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:28:05.0733 6824 SstpSvc - ok

18:28:05.0749 6824 [ 1FCAF9C8A17985A28507338F36200320 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe

18:28:05.0764 6824 STacSV - ok

18:28:05.0764 6824 Steam Client Service - ok

18:28:05.0764 6824 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

18:28:05.0764 6824 stexstor - ok

18:28:05.0780 6824 [ 3C400155894B9CAF176EB4F64737050B ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

18:28:05.0780 6824 STHDA - ok

18:28:05.0780 6824 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

18:28:05.0796 6824 StillCam - ok

18:28:05.0796 6824 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

18:28:05.0811 6824 stisvc - ok

18:28:05.0811 6824 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

18:28:05.0811 6824 storflt - ok

18:28:05.0811 6824 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

18:28:05.0811 6824 StorSvc - ok

18:28:05.0827 6824 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

18:28:05.0827 6824 storvsc - ok

18:28:05.0827 6824 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

18:28:05.0827 6824 swenum - ok

18:28:05.0842 6824 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

18:28:05.0842 6824 swprv - ok

18:28:05.0858 6824 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS

18:28:05.0858 6824 SymDS - ok

18:28:05.0874 6824 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS

18:28:05.0874 6824 SymEFA - ok

18:28:05.0874 6824 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

18:28:05.0889 6824 SymEvent - ok

18:28:05.0889 6824 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS

18:28:05.0889 6824 SymIRON - ok

18:28:05.0905 6824 [ 9BDA9077DDA1E4366283B0E0AB8C7F5E ] SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} C:\Windows\system32\drivers\NSMx64\0206000.02B\SymRdrS.SYS

18:28:05.0905 6824 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok

18:28:05.0920 6824 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS

18:28:05.0920 6824 SYMTDIv - ok

18:28:05.0920 6824 [ ECB9097C86DB32BF3940590E0E1792C3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

18:28:05.0920 6824 SynTP - ok

18:28:05.0952 6824 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

18:28:05.0967 6824 SysMain - ok

18:28:05.0967 6824 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:28:05.0967 6824 TabletInputService - ok

18:28:05.0983 6824 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

18:28:05.0983 6824 TapiSrv - ok

18:28:05.0983 6824 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

18:28:05.0983 6824 TBS - ok

18:28:06.0014 6824 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:28:06.0030 6824 Tcpip - ok

18:28:06.0045 6824 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

18:28:06.0061 6824 TCPIP6 - ok

18:28:06.0061 6824 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:28:06.0061 6824 tcpipreg - ok

18:28:06.0061 6824 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:28:06.0061 6824 TDPIPE - ok

18:28:06.0076 6824 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:28:06.0076 6824 TDTCP - ok

18:28:06.0092 6824 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:28:06.0092 6824 tdx - ok

18:28:06.0092 6824 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

18:28:06.0092 6824 TermDD - ok

18:28:06.0108 6824 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

18:28:06.0123 6824 TermService - ok

18:28:06.0123 6824 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

18:28:06.0123 6824 Themes - ok

18:28:06.0123 6824 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

18:28:06.0123 6824 THREADORDER - ok

18:28:06.0139 6824 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

18:28:06.0139 6824 TrkWks - ok

18:28:06.0154 6824 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:28:06.0154 6824 TrustedInstaller - ok

18:28:06.0154 6824 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:28:06.0154 6824 tssecsrv - ok

18:28:06.0170 6824 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

18:28:06.0170 6824 TsUsbFlt - ok

18:28:06.0170 6824 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:28:06.0170 6824 tunnel - ok

18:28:06.0186 6824 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

18:28:06.0186 6824 uagp35 - ok

18:28:06.0201 6824 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:28:06.0201 6824 udfs - ok

18:28:06.0217 6824 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:28:06.0217 6824 UI0Detect - ok

18:28:06.0232 6824 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:28:06.0232 6824 uliagpkx - ok

18:28:06.0232 6824 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

18:28:06.0232 6824 umbus - ok

18:28:06.0248 6824 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

18:28:06.0248 6824 UmPass - ok

18:28:06.0248 6824 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

18:28:06.0264 6824 UmRdpService - ok

18:28:06.0279 6824 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

18:28:06.0279 6824 upnphost - ok

18:28:06.0279 6824 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

18:28:06.0279 6824 usbccgp - ok

18:28:06.0295 6824 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:28:06.0295 6824 usbcir - ok

18:28:06.0295 6824 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

18:28:06.0295 6824 usbehci - ok

18:28:06.0310 6824 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:28:06.0310 6824 usbhub - ok

18:28:06.0326 6824 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

18:28:06.0326 6824 usbohci - ok

18:28:06.0326 6824 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:28:06.0326 6824 usbprint - ok

18:28:06.0342 6824 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:28:06.0342 6824 USBSTOR - ok

18:28:06.0342 6824 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

18:28:06.0357 6824 usbuhci - ok

18:28:06.0357 6824 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

18:28:06.0357 6824 usbvideo - ok

18:28:06.0373 6824 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

18:28:06.0373 6824 UxSms - ok

18:28:06.0373 6824 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

18:28:06.0373 6824 VaultSvc - ok

18:28:06.0388 6824 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

18:28:06.0388 6824 vdrvroot - ok

18:28:06.0404 6824 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

18:28:06.0404 6824 vds - ok

18:28:06.0404 6824 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:28:06.0420 6824 vga - ok

18:28:06.0420 6824 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

18:28:06.0420 6824 VgaSave - ok

18:28:06.0435 6824 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

18:28:06.0435 6824 vhdmp - ok

18:28:06.0435 6824 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

18:28:06.0435 6824 viaide - ok

18:28:06.0451 6824 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

18:28:06.0451 6824 vmbus - ok

18:28:06.0466 6824 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

18:28:06.0466 6824 VMBusHID - ok

18:28:06.0466 6824 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:28:06.0466 6824 volmgr - ok

18:28:06.0482 6824 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:28:06.0482 6824 volmgrx - ok

18:28:06.0498 6824 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:28:06.0498 6824 volsnap - ok

18:28:06.0498 6824 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

18:28:06.0513 6824 vsmraid - ok

18:28:06.0529 6824 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

18:28:06.0544 6824 VSS - ok

18:28:06.0544 6824 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

18:28:06.0544 6824 vwifibus - ok

18:28:06.0544 6824 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

18:28:06.0560 6824 vwififlt - ok

18:28:06.0560 6824 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

18:28:06.0560 6824 W32Time - ok

18:28:06.0576 6824 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

18:28:06.0576 6824 WacomPen - ok

18:28:06.0576 6824 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

18:28:06.0576 6824 WANARP - ok

18:28:06.0591 6824 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:28:06.0591 6824 Wanarpv6 - ok

18:28:06.0607 6824 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

18:28:06.0622 6824 WatAdminSvc - ok

18:28:06.0638 6824 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

18:28:06.0654 6824 wbengine - ok

18:28:06.0654 6824 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

18:28:06.0669 6824 WbioSrvc - ok

18:28:06.0669 6824 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:28:06.0685 6824 wcncsvc - ok

18:28:06.0685 6824 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:28:06.0685 6824 WcsPlugInService - ok

18:28:06.0685 6824 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

18:28:06.0685 6824 Wd - ok

18:28:06.0700 6824 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

18:28:06.0700 6824 WDC_SAM - ok

18:28:06.0700 6824 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:28:06.0716 6824 Wdf01000 - ok

18:28:06.0716 6824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:28:06.0716 6824 WdiServiceHost - ok

18:28:06.0716 6824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:28:06.0716 6824 WdiSystemHost - ok

18:28:06.0732 6824 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

18:28:06.0732 6824 WebClient - ok

18:28:06.0747 6824 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:28:06.0747 6824 Wecsvc - ok

18:28:06.0747 6824 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:28:06.0747 6824 wercplsupport - ok

18:28:06.0747 6824 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

18:28:06.0763 6824 WerSvc - ok

18:28:06.0763 6824 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

18:28:06.0778 6824 WfpLwf - ok

18:28:06.0778 6824 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

18:28:06.0778 6824 WimFltr - ok

18:28:06.0794 6824 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

18:28:06.0794 6824 WIMMount - ok

18:28:06.0794 6824 WinDefend - ok

18:28:06.0810 6824 WinHttpAutoProxySvc - ok

18:28:06.0841 6824 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:28:06.0841 6824 Winmgmt - ok

18:28:06.0841 6824 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\OSD\WinRing0x64.sys

18:28:06.0919 6824 WinRing0_1_2_0 - ok

18:28:06.0934 6824 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

18:28:06.0966 6824 WinRM - ok

18:28:06.0981 6824 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

18:28:06.0981 6824 Wlansvc - ok

18:28:06.0981 6824 [ 7A58BA979F7ACB3FC5310C771A1CF155 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys

18:28:06.0997 6824 WmBEnum - ok

18:28:06.0997 6824 [ 8693A75C3FFD4A0C9E32BE621FDA71FB ] WmFilter C:\Windows\system32\drivers\WmFilter.sys

18:28:06.0997 6824 WmFilter - ok

18:28:06.0997 6824 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

18:28:06.0997 6824 WmiAcpi - ok

18:28:07.0012 6824 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:28:07.0012 6824 wmiApSrv - ok

18:28:07.0012 6824 WMPNetworkSvc - ok

18:28:07.0028 6824 [ 3D9266CCD0F1EDB020C7AA24D527942B ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys

18:28:07.0028 6824 WmVirHid - ok

18:28:07.0028 6824 [ 3CFFDF56A00408913B1E51C67F999E2E ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys

18:28:07.0028 6824 WmXlCore - ok

18:28:07.0044 6824 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:28:07.0044 6824 WPCSvc - ok

18:28:07.0044 6824 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:28:07.0059 6824 WPDBusEnum - ok

18:28:07.0059 6824 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:28:07.0059 6824 ws2ifsl - ok

18:28:07.0075 6824 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

18:28:07.0075 6824 wscsvc - ok

18:28:07.0090 6824 WSearch - ok

18:28:07.0122 6824 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

18:28:07.0153 6824 wuauserv - ok

18:28:07.0153 6824 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:28:07.0153 6824 WudfPf - ok

18:28:07.0168 6824 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:28:07.0168 6824 WUDFRd - ok

18:28:07.0168 6824 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:28:07.0168 6824 wudfsvc - ok

18:28:07.0184 6824 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

18:28:07.0184 6824 WwanSvc - ok

18:28:07.0200 6824 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl

18:28:07.0200 6824 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok

18:28:07.0200 6824 ================ Scan global ===============================

18:28:07.0215 6824 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

18:28:07.0215 6824 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

18:28:07.0231 6824 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

18:28:07.0231 6824 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

18:28:07.0231 6824 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

18:28:07.0231 6824 [Global] - ok

18:28:07.0231 6824 ================ Scan MBR ==================================

18:28:07.0246 6824 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

18:28:07.0418 6824 \Device\Harddisk0\DR0 - ok

18:28:07.0418 6824 ================ Scan VBR ==================================

18:28:07.0418 6824 [ 8873D937132EF52C48F4057D203CC80F ] \Device\Harddisk0\DR0\Partition1

18:28:07.0418 6824 \Device\Harddisk0\DR0\Partition1 - ok

18:28:07.0418 6824 [ 091DECCB3FE26ACEC1A0AF13B56BD5DF ] \Device\Harddisk0\DR0\Partition2

18:28:07.0434 6824 \Device\Harddisk0\DR0\Partition2 - ok

18:28:07.0434 6824 ============================================================

18:28:07.0434 6824 Scan finished

18:28:07.0434 6824 ============================================================

18:28:07.0434 6680 Detected object count: 0

18:28:07.0434 6680 Actual detected object count: 0

18:30:43.0942 1372 Deinitialize success

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : sumika [Admin rights]

Mode : Scan -- Date : 01/01/2013 19:13:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD PM800 Series +++++

--- User ---

[MBR] fe3804a6d646ee6b6552e158a11f3667

[bSP] a41f3aecf9a5c198dcb95c2236654008 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 229158 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_S_01012013_02d1913.txt >>

RKreport[1]_S_01012013_02d1834.txt ; RKreport[2]_S_01012013_02d1835.txt ; RKreport[3]_S_01012013_02d1913.txt

Link to post
Share on other sites

Let's have you do the following:

1

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

2

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.
    ( jre-7u10-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Link to post
Share on other sites

Hi, here are the results:

Step 1: Adobe reader uninstalled, but re-install failed to execute in normal mode because the metafile download failed. No problem, I can install it at a later time.

Stept 2: Java versions removed and off-line version installed successfully. Only one minor difference from the instructions was that Java Quick Starter was grayed out and not an option that could be selected.

Step 3: No threats found, see log below - actually, the log contains two runs, the first run from before this forum thread was started and then the appended run from today. The scanner updated its files before running today. Note, I could only run this tool in safe mode.

System behavior is unchanged.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=01b0e59233df1d4497a404bb8f23fed4

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-23 07:08:58

# local_time=2012-12-23 02:08:58 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3589 16777214 80 82 34311869 119568033 0 0

# compatibility_mode=5893 16776573 100 94 0 107833188 0 0

# scanned=235357

# found=0

# cleaned=0

# scan_time=3625

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=01b0e59233df1d4497a404bb8f23fed4

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-02 11:35:46

# local_time=2013-01-02 06:35:46 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3589 16777214 80 82 36030677 120448041 0 0

# compatibility_mode=5893 16776573 100 94 0 108713196 0 0

# scanned=238608

# found=0

# cleaned=0

# scan_time=3652

Link to post
Share on other sites

Very good result from ESET scan.

Remember, as much as possible, I need for your Windows to be running in normal mode.

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar.
    Right click the otlDesktopIcon.png icon icon and select Run as Administrator to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 - 5 minutes.
    Do have infinite patience in case it runs a few minutes more.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add-reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Hi, the 1st log is below, the others will follow in the next post. Thanks so much for continuing to help me! Yes, I am running in normal mode when ever possible; safe mode only when I need to access the internet.

OTL logfile created on: 1/4/2013 6:04:14 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Micky\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 78.89% Memory free

15.98 Gb Paging File | 14.16 Gb Available in Paging File | 88.64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 223.79 Gb Total Space | 112.18 Gb Free Space | 50.13% Space Free | Partition Type: NTFS

Computer Name: RAIDER | User Name: sumika | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/04 17:57:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micky\Desktop\OTL.exe

PRC - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\ccSvcHst.exe

PRC - [2011/12/26 13:06:50 | 000,743,560 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe

PRC - [2011/12/22 23:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

PRC - [2011/12/22 23:09:46 | 000,070,792 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe

PRC - [2011/12/22 23:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

PRC - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe

PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe

PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe

PRC - [2010/05/21 14:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

PRC - [2010/05/21 14:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

PRC - [2010/04/04 13:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

PRC - [2010/04/04 13:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

PRC - [2010/04/04 13:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

PRC - [2010/01/04 14:10:00 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\OSD\OSD_Service.exe

PRC - [2010/01/04 11:15:10 | 000,086,016 | ---- | M] (Microsoft) -- C:\Program Files (x86)\OSD\OSD_Main.exe

PRC - [2009/10/13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/10/13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2009/08/17 21:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2009/04/28 10:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

PRC - [2007/05/21 08:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

========== Modules (No Company Name) ==========

MOD - [2012/06/14 02:40:41 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll

MOD - [2012/06/14 02:40:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/14 02:39:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/06/14 02:39:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll

MOD - [2012/05/18 18:25:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll

MOD - [2012/05/18 18:24:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012/05/18 18:20:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll

MOD - [2012/05/18 18:19:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/18 18:18:54 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/18 18:18:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/18 18:18:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/18 18:18:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/02/26 08:40:06 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/12/22 23:08:28 | 000,051,848 | ---- | M] () -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll

MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/08/12 03:13:25 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll

MOD - [2010/08/12 03:13:25 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll

MOD - [2010/08/12 03:13:25 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll

MOD - [2010/08/12 03:13:25 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll

MOD - [2010/08/12 03:13:25 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll

MOD - [2010/08/12 03:13:25 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll

MOD - [2010/08/12 03:13:25 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll

MOD - [2010/08/12 03:13:25 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll

MOD - [2010/08/12 03:13:25 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll

MOD - [2010/08/12 03:13:25 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll

MOD - [2010/08/12 03:13:25 | 000,025,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll

MOD - [2010/08/12 03:13:25 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll

MOD - [2010/08/12 03:13:25 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll

MOD - [2010/08/12 03:13:25 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll

MOD - [2010/08/12 03:13:25 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll

MOD - [2010/08/12 03:13:25 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll

MOD - [2010/08/12 03:13:25 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll

MOD - [2010/04/04 13:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll

MOD - [2010/04/04 13:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll

MOD - [2010/04/04 13:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/05/21 10:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)

SRV:64bit: - [2010/04/04 13:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)

SRV:64bit: - [2010/01/06 09:17:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/09/15 14:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe -- (AESTFilters)

SRV - [2012/12/23 12:59:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/08/18 21:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\ccSvcHst.exe -- (NSM)

SRV - [2011/12/22 23:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)

SRV - [2011/12/22 23:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)

SRV - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)

SRV - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)

SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)

SRV - [2010/08/12 03:34:47 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/04 14:10:00 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OSD\OSD_Service.exe -- (HappyOSD)

SRV - [2009/10/13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)

SRV - [2009/09/15 14:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe -- (STacSV)

SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/12 07:26:58 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSMx64\0206000.02B\ccSetx64.sys -- (ccSet_NSM)

DRV:64bit: - [2012/07/21 01:53:40 | 000,243,872 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NSMx64\0206000.02B\symrdrs.sys -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/22 23:09:40 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)

DRV:64bit: - [2011/12/22 23:09:38 | 000,051,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)

DRV:64bit: - [2011/12/22 23:09:34 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)

DRV:64bit: - [2011/12/22 23:09:30 | 000,057,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)

DRV:64bit: - [2011/08/21 21:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symtdiv.sys -- (SYMTDIv)

DRV:64bit: - [2011/08/21 21:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/08/03 23:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\cchpx64.sys -- (ccHP)

DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2010/07/21 15:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2010/01/06 09:17:52 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/01/06 09:17:46 | 006,178,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/12/09 20:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)

DRV:64bit: - [2009/12/02 02:45:32 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)

DRV:64bit: - [2009/10/23 00:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/10/14 22:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symds64.sys -- (SymDS)

DRV:64bit: - [2009/10/13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/10/13 00:22:02 | 000,178,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)

DRV:64bit: - [2009/09/15 14:49:02 | 000,499,712 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/09/14 23:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 14:53:46 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)

DRV:64bit: - [2009/07/13 14:53:42 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)

DRV:64bit: - [2009/07/13 14:42:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma)

DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/03/09 03:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)

DRV:64bit: - [2008/10/03 15:39:00 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2008/09/24 21:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)

DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2008/03/03 18:19:04 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2008/01/24 17:08:34 | 000,057,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2008/01/24 17:08:24 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2008/01/24 17:08:04 | 000,032,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2008/01/24 17:07:54 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2007/04/11 09:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)

DRV:64bit: - [2007/04/11 09:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)

DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2012/12/21 17:37:54 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130104.002\ex64.sys -- (NAVEX15)

DRV - [2012/12/21 17:37:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/12/21 17:37:54 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130104.002\eng64.sys -- (NAVENG)

DRV - [2012/12/20 16:39:54 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130103.002\IDSviA64.sys -- (IDSVia64)

DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/08/28 16:54:22 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/04/15 23:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/08/12 03:24:13] [Kernel | Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})

DRV - [2008/07/26 04:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\OSD\WinRing0x64.sys -- (WinRing0_1_2_0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw\ [2013/01/04 18:00:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/08/27 09:18:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2013/01/04 18:00:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/23 12:59:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/02 13:48:58 | 000,000,000 | ---D | M]

[2013/01/01 13:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sumika\AppData\Roaming\Mozilla\Extensions

[2012/12/23 12:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/12/23 12:59:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/03/30 15:15:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/10/15 19:24:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/15 19:25:09 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/01/01 18:21:57 | 000,000,021 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Norton Family BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.6.0.43\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bDRegion] c:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [FAStartup] File not found

O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)

O4 - HKLM..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe (HH)

O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe (Softthinks)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0200DF8-F103-4CE0-A759-F06A0F228BBD}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFBD35C6-3D4B-4CF9-BB7B-61C9A516158A}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/04 17:50:34 | 000,000,000 | R--D | C] -- C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8

[2013/01/02 17:28:02 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Roaming\Adobe

[2013/01/02 13:56:39 | 001,081,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/01/02 13:56:39 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/01/02 13:56:29 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/01/02 13:56:29 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/01/02 13:56:29 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/01/02 13:49:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2013/01/02 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Local\Adobe

[2013/01/01 18:32:06 | 000,000,000 | ---D | C] -- C:\Users\sumika\Desktop\RK_Quarantine

[2013/01/01 17:52:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2013/01/01 17:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2013/01/01 17:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2013/01/01 13:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2013/01/01 13:15:12 | 000,000,000 | ---D | C] -- C:\rsit

[2013/01/01 13:09:46 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Local\Programs

[2013/01/01 13:09:36 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Roaming\Malwarebytes

[2012/12/28 22:05:43 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Roaming\Mozilla

[2012/12/28 22:05:43 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Local\Mozilla

[2012/12/28 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\sumika\Documents\AlienFX

[2012/12/28 22:05:17 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Roaming\Apple Computer

[2012/12/28 22:05:16 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Local\Broadcom

[2012/12/28 22:05:16 | 000,000,000 | ---D | C] -- C:\Users\sumika\Documents\Bluetooth Exchange Folder

[2012/12/28 22:05:16 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Roaming\ATI

[2012/12/28 22:05:16 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Local\ATI

[2012/12/28 22:05:09 | 000,000,000 | R--D | C] -- C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/12/28 22:05:09 | 000,000,000 | R--D | C] -- C:\Users\sumika\Searches

[2012/12/28 22:05:09 | 000,000,000 | R--D | C] -- C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/12/28 22:05:09 | 000,000,000 | -H-D | C] -- C:\Users\sumika\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2012/12/28 22:05:03 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Roaming\Identities

[2012/12/28 22:05:00 | 000,000,000 | R--D | C] -- C:\Users\sumika\Contacts

[2012/12/28 22:04:59 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Local\VirtualStore

[2012/12/28 22:04:23 | 000,000,000 | --SD | C] -- C:\Users\sumika\AppData\Roaming\Microsoft

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\Videos

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\Saved Games

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\Pictures

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\Music

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\Links

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\Favorites

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\Downloads

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\Documents

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\Desktop

[2012/12/28 22:04:23 | 000,000,000 | R--D | C] -- C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\AppData\Local\Temporary Internet Files

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\Templates

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\Start Menu

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\SendTo

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\Recent

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\PrintHood

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\NetHood

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\Documents\My Videos

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\Documents\My Pictures

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\Documents\My Music

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\My Documents

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\Local Settings

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\AppData\Local\History

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\Cookies

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\Application Data

[2012/12/28 22:04:23 | 000,000,000 | -HSD | C] -- C:\Users\sumika\AppData\Local\Application Data

[2012/12/28 22:04:23 | 000,000,000 | -H-D | C] -- C:\Users\sumika\AppData

[2012/12/28 22:04:23 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Local\Temp

[2012/12/28 22:04:23 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Local\SoftThinks

[2012/12/28 22:04:23 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Local\Microsoft

[2012/12/28 22:04:23 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Roaming\Media Center Programs

[2012/12/28 22:04:23 | 000,000,000 | ---D | C] -- C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam

[2012/12/28 21:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2

[2012/12/28 21:49:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2012/12/23 13:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/12/23 12:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/12/22 23:18:55 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe

[2012/12/22 23:14:43 | 000,000,000 | ---D | C] -- C:\RegBackup

[2012/12/22 22:58:27 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2012/12/22 22:57:11 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs

[2012/12/22 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

[2012/12/22 22:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com

[2012/12/21 22:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

========== Files - Modified Within 30 Days ==========

[2013/01/04 18:05:09 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/04 18:05:09 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/04 18:04:12 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/01/04 18:04:12 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/01/04 18:04:12 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/01/04 18:00:47 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/04 17:59:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/04 17:59:24 | 2138,439,679 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/04 17:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/02 13:56:22 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/01/02 13:56:22 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013/01/02 13:56:22 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/01/02 13:56:22 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/01/02 13:56:22 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/01/02 13:56:22 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/01/01 17:50:46 | 000,000,886 | ---- | M] () -- C:\Users\sumika\Desktop\NTREGOPT.lnk

[2013/01/01 17:50:46 | 000,000,867 | ---- | M] () -- C:\Users\sumika\Desktop\ERUNT.lnk

[2013/01/01 13:10:25 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/28 22:06:08 | 000,001,399 | ---- | M] () -- C:\Users\sumika\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/12/28 22:05:17 | 000,001,079 | ---- | M] () -- C:\Users\sumika\Desktop\CyberLink YouCam.lnk

[2012/12/28 22:04:32 | 000,000,632 | RHS- | M] () -- C:\Users\sumika\ntuser.pol

[2012/12/28 21:51:27 | 000,302,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/28 21:49:54 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2012/12/28 21:48:18 | 000,726,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/12/26 14:15:49 | 000,459,264 | -HS- | M] () -- C:\EUMONBMP.SYS

[2012/12/22 23:15:02 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-RAIDER-Microsoft-Windows-7-Professional-(64-bit).dat

[2012/12/22 22:52:35 | 000,002,249 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk

[2012/12/21 17:40:42 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/12/21 17:40:42 | 000,002,235 | ---- | M] () -- C:\Users\sumika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/01/01 17:50:46 | 000,000,886 | ---- | C] () -- C:\Users\sumika\Desktop\NTREGOPT.lnk

[2013/01/01 17:50:46 | 000,000,867 | ---- | C] () -- C:\Users\sumika\Desktop\ERUNT.lnk

[2012/12/28 22:06:08 | 000,001,399 | ---- | C] () -- C:\Users\sumika\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/12/28 22:05:14 | 000,001,411 | ---- | C] () -- C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012/12/28 22:05:09 | 000,001,405 | ---- | C] () -- C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/12/28 22:04:32 | 000,000,632 | RHS- | C] () -- C:\Users\sumika\ntuser.pol

[2012/12/28 22:04:23 | 000,002,235 | ---- | C] () -- C:\Users\sumika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/12/28 22:04:23 | 000,001,079 | ---- | C] () -- C:\Users\sumika\Desktop\CyberLink YouCam.lnk

[2012/12/28 22:04:23 | 000,000,290 | ---- | C] () -- C:\Users\sumika\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/12/28 22:04:23 | 000,000,272 | ---- | C] () -- C:\Users\sumika\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/12/22 23:43:58 | 000,726,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/12/22 23:43:19 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe

[2012/12/22 23:15:02 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-RAIDER-Microsoft-Windows-7-Professional-(64-bit).dat

[2012/12/22 22:52:35 | 000,002,249 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

The second two logs, as requested..

OTL Extras logfile created on: 1/4/2013 6:04:14 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Micky\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 78.89% Memory free

15.98 Gb Paging File | 14.16 Gb Available in Paging File | 88.64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 223.79 Gb Total Space | 112.18 Gb Free Space | 50.13% Space Free | Partition Type: NTFS

Computer Name: RAIDER | User Name: sumika | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2083120F-E485-47B3-8DF5-8C0CE576191A}" = lport=138 | protocol=17 | dir=in | app=system |

"{4FE0DE94-D798-42BD-A912-DFE18430F54C}" = rport=138 | protocol=17 | dir=out | app=system |

"{576F0E11-111F-4D56-8B09-857E2362CD8F}" = lport=137 | protocol=17 | dir=in | app=system |

"{623D3C22-8476-4AF5-977E-9DD15133C544}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6B912568-719E-44FD-B51D-56F20523BEBC}" = lport=139 | protocol=6 | dir=in | app=system |

"{8AEB55B8-05CA-48E8-8FC5-6112BEBA1090}" = rport=445 | protocol=6 | dir=out | app=system |

"{8ED6E43D-1414-4F1A-A230-7FCDC532CDDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{948A6F69-723A-41E7-94F4-A82852B8EA99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{99C584BC-FE21-49D2-B21C-A9ED87110FA5}" = rport=137 | protocol=17 | dir=out | app=system |

"{A228A915-D83B-4A3D-9C32-F9172F0DDA5C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B866BB50-03F7-494E-AD2F-DE24DE8CCF9E}" = lport=445 | protocol=6 | dir=in | app=system |

"{FA908D00-E2DC-41C9-B3C2-732640FA4CD7}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B2C8302-DC2E-4479-991D-8C77480EB1F9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |

"{1193E4D2-7D32-4C1C-83E7-9E4050E2FD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{16C7F777-7364-4E69-BC66-CD6A2519E109}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{1AA8EA5F-D142-4089-9D20-847591FEA239}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |

"{2EE583D2-C1E4-463F-B727-3CE468971651}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{316E2B7B-EE31-4BC1-9CFA-522199263625}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3A827224-1EB4-4EF0-B294-925919CA8416}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |

"{5619CE1D-E32C-49D5-9E03-F3F6F04EF24F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |

"{567F5D0C-E77A-41C9-AE3E-10D1D99ACB67}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |

"{58EE0B7D-BB72-403C-8CE1-2BAB38E2721A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{744B80EF-2284-4974-91E7-5E666BBC183E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{7F3AAE5F-CBE3-4D7E-9DF5-E637308A4EBE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |

"{81B3CE29-CCF3-4C4F-A94A-FE120EC42938}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |

"{83AEB6AA-BEA7-42FD-9BDD-955895B37B1A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{85CD39B9-7B7B-421F-AA87-E5E38C7E883F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{932F3916-C397-4221-93D6-532CD6A003EF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |

"{9E708BB7-4D79-4C4B-8A98-0B2EC9491307}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{9E7B2839-43E6-4BC2-86C5-2DDE7772BA2A}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |

"{A299AB45-480E-4D80-A5C4-24629BDEBC5B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |

"{AB603A5E-7878-406A-BE4C-C59C417538CD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |

"{AEB4F819-B9AF-499D-A099-27AFC5F2F1B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{C10E90CF-60BD-48D3-86AD-5CC094801387}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |

"{C66D181E-DA45-46FE-B8BE-8DD8445C527E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |

"{CA27C77A-603A-4593-951A-6DF9B5A6D79A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{CE28C983-9A78-4FC6-ADC6-2FFD207075A9}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |

"{D2074901-9CD2-453A-82ED-12B228E2A5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{D68777A3-5BEC-4F13-A99F-C3C7591ABC9F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |

"{DE81C4A5-C67F-4E3A-8DAA-321A4203A043}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{E5F6A2BA-787C-46BE-8EDA-1C115B002708}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |

"{E78209A8-E3E6-43C7-BE57-BDB5A8DE66B7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |

"{EB8E8618-CD3F-4B29-94FD-46CC45056DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel® Network Connections 14.8.43.0

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)

"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center

"{AF1591C8-243B-F1C2-3DDC-263FA2AFF515}" = ATI Catalyst Install Manager

"{C71B0510-7B2D-DF25-EBA5-A23FB4BEFC4C}" = ccc-utility64

"{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"PROSetDX" = Intel® Network Connections 14.8.43.0

"SmartDraw PDF Export_is1" = SmartDraw PDF Export (novaPDF 6.4 printer)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07F17BAB-139E-0EFD-3AB9-21C692CDD781}" = CCC Help Chinese Standard

"{0D96480E-3D18-3037-231A-A5D14643C81F}" = CCC Help Danish

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn

"{12D4D8DB-12A2-4FFD-D632-0C6347D1FBB4}" = CCC Help English

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{1A445093-4770-5CA3-545C-73CC5A6C7B1B}" = Catalyst Control Center Localization All

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{26623B7F-7C19-29B2-0E84-FF8DEFCE2190}" = CCC Help Spanish

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{30424208-3166-32A5-8559-298FA91C5CC9}" = CCC Help Chinese Traditional

"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{356E24CA-6A1B-94E8-FE45-D44C65D8A362}" = CCC Help Dutch

"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent

"{3b6371dd-9f71-40bd-bcfb-7096af55a197}" = Nero 9 Essentials

"{3BADBD33-49C5-0772-AD6B-83708BEA622B}" = CCC Help Swedish

"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia

"{3D8D8CE7-9B8A-9961-A888-ECCDE8355655}" = CCC Help Japanese

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{44F6E545-05FB-275A-D8F9-DD2602B3E447}" = CCC Help French

"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0

"{46DB3FFA-6294-2878-6804-BE64AB15432F}" = Catalyst Control Center InstallProxy

"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master

"{477E4BE3-AF53-907E-8E84-3AF031E03561}" = Catalyst Control Center Graphics Full New

"{511C82D7-CAE1-C447-E499-3B081ED6D27E}" = CCC Help Korean

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01

"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess

"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help

"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI

"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding

"{6A140EB1-41D1-0021-B202-C8C738BB1F57}" = Catalyst Control Center Graphics Light

"{6E4D97B5-667D-DA0F-3AC9-A1684CF62851}" = CCC Help Norwegian

"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{82309194-8062-4B3E-F984-55CFCECC5257}" = Catalyst Control Center Graphics Previews Common

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed

"{98E5A0C3-86ED-4429-9386-F0DB49E958EA}" = OSD Setup

"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0

"{A2210D69-B731-88D7-0CF2-A823B7867FF9}" = CCC Help Finnish

"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B8CE4C47-A399-0984-83BC-D66C38D72C6F}" = Catalyst Control Center Graphics Previews Vista

"{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}" = Banctec Service Agreement

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help

"{D047BF21-138F-AB28-B9C2-1CCCEDE95F0D}" = ccc-core-static

"{D75A7CF2-A55F-71BE-94E0-D24EE40D86D0}" = CCC Help Russian

"{D781F061-E028-BCAF-BE77-F9E743BE37C3}" = CCC Help Italian

"{E2C85DDE-AEF5-BCF8-7230-60BC0A57167C}" = CCC Help German

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{E9AC1A4E-C919-E86E-BFDB-669374A22F9F}" = Catalyst Control Center Core Implementation

"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help

"{F7554007-AFAF-48E1-6547-2A207B450CB9}" = CCC Help Portuguese

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FD708B8B-F9BF-3F99-928C-659D4C429F39}" = Catalyst Control Center Graphics Full Existing

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0

"BurnAware Free_is1" = BurnAware Free 4.6

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Cisco Connect" = Cisco Connect

"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"FastStone Image Viewer" = FastStone Image Viewer 4.6

"FastStone Photo Resizer" = FastStone Photo Resizer 3.1

"Google Chrome" = Google Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia

"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0

"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master

"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess

"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI

"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart

"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan

"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"N360" = Norton Security Suite

"Notepad++" = Notepad++

"NSM" = Norton Family

"NST" = Norton Safe Web Lite

"PremElem80" = Adobe Premiere Elements 8.0

"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/26/2012 11:46:58 AM | Computer Name = Raider | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 16.0.2.4680 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1e68 Start

Time: 01cdcbed27f19027 Termination Time: 4 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: 7ed241cb-37e0-11e2-8d9c-70f1a1b7dd80

Error - 11/26/2012 11:48:01 AM | Computer Name = Raider | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 16.0.2.4680 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 2534 Start

Time: 01cdcbed53c365f9 Termination Time: 6 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: a497157e-37e0-11e2-8d9c-70f1a1b7dd80

Error - 11/26/2012 5:51:00 PM | Computer Name = Raider | Source = Software Protection Platform Service | ID = 8200

Description = License acquisition failure details. hr=0x80072EFD

Error - 11/26/2012 5:51:00 PM | Computer Name = Raider | Source = Software Protection Platform Service | ID = 8208

Description = Acquisition of genuine ticket failed (hr=0x80072EFD) for template

Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error - 12/21/2012 8:47:47 PM | Computer Name = Raider | Source = Application Error | ID = 1000

Description = Faulting application name: SetMUILanguage.exe, version: 1.0.83.18,

time stamp: 0x4c21bb04 Faulting module name: STString.dll, version: 1.1.0.5, time

stamp: 0x47e11d41 Exception code: 0xc0000005 Fault offset: 0x0000abcc Faulting process

id: 0x1b68 Faulting application start time: 0x01cddfddf5492ff5 Faulting application

path: C:\Program Files (x86)\AlienRespawn\SetMUILanguage.exe Faulting module path:

C:\Program Files (x86)\AlienRespawn\STString.dll Report Id: 33f20cb2-4bd1-11e2-8950-70f1a1b7dd80

Error - 12/21/2012 10:58:13 PM | Computer Name = Raider | Source = Application Hang | ID = 1002

Description = The program mbam.exe version 1.60.0.61 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 18d0 Start Time:

01cddfefc4f35dca Termination Time: 0 Application Path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbam.exe Report Id: 66a0d84f-4be3-11e2-9157-0026b9ff2681

Error - 12/26/2012 3:10:34 PM | Computer Name = Raider | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 12/27/2012 8:33:19 PM | Computer Name = Raider | Source = Application Hang | ID = 1002

Description = The program mbam.exe version 1.62.0.140 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 1bc4 Start Time:

01cde492bd6b7326 Termination Time: 16 Application Path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbam.exe Report Id: 28badfc8-5086-11e2-892b-0026b9ff2681

Error - 12/27/2012 8:38:17 PM | Computer Name = Raider | Source = Application Hang | ID = 1002

Description = The program mbam.exe version 1.62.0.140 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 1304 Start Time:

01cde493588d249b Termination Time: 0 Application Path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbam.exe Report Id: daeb1acc-5086-11e2-892b-0026b9ff2681

Error - 12/28/2012 11:10:36 PM | Computer Name = Raider | Source = ATIeRecord | ID = 16386

Description = ATI EEU Client has failed to start

[ Dell Events ]

Error - 2/14/2012 1:35:58 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 4/7/2012 10:01:47 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 4/7/2012 10:01:47 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 6/20/2012 10:05:09 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 6/20/2012 10:05:09 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/31/2012 7:42:46 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/31/2012 7:42:46 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/31/2012 7:45:27 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/31/2012 7:45:27 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 12/21/2012 8:49:07 PM | Computer Name = Raider | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

[ System Events ]

Error - 12/31/2012 9:25:52 PM | Computer Name = Raider | Source = DCOM | ID = 10005

Description =

Error - 12/31/2012 9:25:53 PM | Computer Name = Raider | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/31/2012 9:25:53 PM | Computer Name = Raider | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/31/2012 9:25:53 PM | Computer Name = Raider | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/31/2012 9:25:55 PM | Computer Name = Raider | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/31/2012 9:25:55 PM | Computer Name = Raider | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/31/2012 9:25:55 PM | Computer Name = Raider | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/31/2012 9:25:55 PM | Computer Name = Raider | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/31/2012 9:25:55 PM | Computer Name = Raider | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/31/2012 9:25:55 PM | Computer Name = Raider | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

< End of report >

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Security Suite

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.4.402.287 Flash Player out of Date!

Mozilla Firefox (17.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 8%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Mika only. If you are a casual viewer, do NOT try this on your system!

If you are not Mika and have a similar problem, do NOT post here; start your own topic

According to the last logs, the Windows' browser service had issues. What follows is a procedure to correct that + also a couple of windows 7 associations. Please follow this with due patience and care.

  • Temporarily disable your antivirus program and close any programs that you started.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Download the attached file OTLFIX.txt and SAVE to your DESKTOP
  • Start NOTEPAD
  • Open the OTLFIX.txt that you saved
  • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  • Please right-click on OTL.exe otlDesktopIcon.png and choose Run As Administratorto run it.
  • Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.

  • Close any browser(s) windows that may be open.

  • Using your mouse, click on the red-lettered button runFixbutton.png.

  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here into a new post.

Step 2

Do not do any websurfing. Just only go to this forum and the sites that I may guide you to.

The system should have been restarted from the previous procedure, and should be running in normal mode Windows 7.

While in Windows normal mode, one at a time, and keeping details so you can report:

Can you use Internet Explorer and reach this forum ?

Can you do the same in Firefox ?

Can you do the same in Google Chrome (if you have it) ?

There will be more to follow; we are not done yet.

Edited by Maurice Naggar
Link to post
Share on other sites

Hello,

The custom fix failed to complete..

The status bar was at: 'Processing Registry data "Edit Flags" = dword:000100000...'

The pop-up notification indicated there was an invalid value for txt documents. The only option given was "OK" on the pop-up, which I finally accepted.

After that, the program seemed hung (there was no further activity for 5+ minutes), but it did exit when I used the "X" for the window. No log file came up. I shut down the system to await further instruction.

-Mika

-Mika

Link to post
Share on other sites

Let's have you do this:

Delete the prior copy of OTLFIX.txt from before.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Mika only. If you are a casual viewer, do NOT try this on your system!

If you are not Mika and have a similar problem, do NOT post here; start your own topic

According to the last logs, the Windows' browser service had issues. What follows is a procedure to correct that + also a couple of windows 7 associations. Please follow this with due patience and care.

  • Temporarily disable your antivirus program and close any programs that you started.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Download the attached file OTLFIX.txt and SAVE to your DESKTOP
  • Start NOTEPAD
  • Open the OTLFIX.txt that you saved
  • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  • Please right-click on OTL.exe otlDesktopIcon.png and choose Run As Administratorto run it.
  • Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.

  • Close any browser(s) windows that may be open.

  • Using your mouse, click on the red-lettered button runFixbutton.png.

  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here into a new post.

Step 2

Do not do any websurfing. Just only go to this forum and the sites that I may guide you to.

The system should have been restarted from the previous procedure, and should be running in normal mode Windows 7.

While in Windows normal mode, one at a time, and keeping details so you can report:

Can you use Internet Explorer and reach this forum ?

Can you do the same in Firefox ?

Can you do the same in Google Chrome (if you have it) ?

There will be more to follow; we are not done yet.

Link to post
Share on other sites

Hi,

Same problem, except this time I captured the exact message from the pop-up box:

'00100000@="Registration Entries"' is not a valid integer value.

OTL status line = 'Processing Registry data "EditFlags"=dword: 00100000...'

-Mika

Link to post
Share on other sites

Let's do it a different way, using a different file and a windows tool.

Download the below-attach file Mikfix.txt

Save it to your DESKTOP.

Press Windows-key+R key to get RUN option, type in

REGEDIT.exe and press Enter-key

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in

Mikfix.txt

in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done. Close/Exit REGEDIT

When all done, Logoff and Restart the system fresh.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.