Results 1 to 10 of 10
  1. #1
    Member
    Join Date
    Jun 2013
    Posts
    6
    Points
    0

    Default Unknown file in Winsock LSP (Hijackthis log)

    I was playing a game then all of a sudden it crashed and it wouldn't load properly. Now my internet is intermitently slow, and some games are not loading all the way. Also I notice some websites are not loading quickly or at all.
    Specs: win7 64-bit, comodo firewall
    scans: i scanned with hijackthis, here's the log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:13:10 PM, on 6/3/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16483)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Winstep\Nexus.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Users\Johann\Documents\HijackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Johann\Downloads\OTS.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{20A97276-700E-4CB5-9F53-FC03180D1256}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9AB7C896-2747-437C-B61D-256CD0FB8C8C}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CS1\Services\Tcpip\..\{20A97276-700E-4CB5-9F53-FC03180D1256}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CS2\Services\Tcpip\..\{20A97276-700E-4CB5-9F53-FC03180D1256}: NameServer = 8.26.56.26,156.154.70.22
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GeekBuddyRSP Service (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

    --
    End of file - 11912 bytes



    I also scanned with OTS, and it found a MBR virus! I have the MBR.dat file if that helps..
    Code:
    OTS logfile created on: 6/3/2013 8:59:10 PM - Run 1
    OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\Johann\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    16.00 Gb Total Physical Memory | 13.00 Gb Available Physical Memory | 85.00% Memory free
    32.00 Gb Paging File | 29.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.47 Gb Total Space | 38.70 Gb Free Space | 34.72% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 673.32 Gb Total Space | 563.42 Gb Free Space | 83.68% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: ASUS-ROG
    Current User Name: Johann
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    hijackthis.exe -> C:\Users\Johann\My Documents\HijackThis.exe -> File not found
    ots.exe -> C:\Users\Johann\Downloads\OTS.exe -> [2013/06/03 20:48:24 | 000,646,656 | ---- | M] (OldTimer Tools)
    dragon_updater.exe -> C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -> [2013/05/29 05:19:04 | 002,094,216 | ---- | M] ()
    firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2013/05/28 12:13:18 | 000,920,472 | ---- | M] (Mozilla Corporation)
    armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated)
    avastui.exe -> C:\Program Files\AVAST Software\Avast\AvastUI.exe -> [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software)
    avastsvc.exe -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software)
    geekbuddyrsp.exe -> C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -> [2013/04/17 13:27:24 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.)
    launcher_service.exe -> C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -> [2013/04/17 11:57:08 | 000,070,344 | ---- | M] (Comodo Security Solutions Inc.)
    nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation)
    nexus.exe -> C:\Program Files (x86)\Winstep\Nexus.exe -> [2012/03/28 16:03:16 | 016,957,056 | ---- | M] (Winstep Software Technologies)
    uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/02/28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation)
    lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/02/28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation)
    jhi_service.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/02/21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation)
    intelmefwservice.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/02/21 12:29:28 | 000,128,280 | ---- | M] ()
    iusb3mon.exe -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe -> [2012/02/06 21:12:52 | 000,291,608 | ---- | M] (Intel Corporation)
    ath_coexagent.exe -> C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -> [2011/12/29 15:27:48 | 000,158,880 | ---- | M] (Atheros)
    wsxservice.exe -> C:\Program Files (x86)\Winstep\WsxService.exe -> [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies)
     
    [Modules - No Company Name]
    mozjs.dll -> C:\Program Files (x86)\Mozilla Firefox\mozjs.dll -> [2013/05/28 12:13:18 | 003,128,728 | ---- | M] ()
    wodtelnetdlx.dll -> C:\Program Files (x86)\Winstep\wodTelnetDLX.dll -> [2012/02/22 09:41:36 | 001,085,376 | ---- | M] ()
     
    [Win32 Services - Safe List]
    64bit-(avast! Antivirus)  [Auto | Running] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software)
    64bit-(cmdAgent)  [Auto | Running] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2013/04/24 17:30:16 | 005,784,472 | ---- | M] (COMODO)
    64bit-(cmdvirth)  [On_Demand | Stopped] -> C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -> [2013/04/15 18:38:22 | 000,158,928 | ---- | M] (COMODO)
    64bit-(!SASCORE)  [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2012/07/11 11:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com)
    64bit-(VIAKaraokeService)  [Auto | Running] -> C:\Windows\SysNative\ViakaraokeSrv.exe -> [2012/03/23 00:07:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.)
    64bit-(Intel(R) Capability Licensing Service Interface)  [Auto | Running] -> C:\Program Files\Intel\iCLS Client\HeciServer.exe -> [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation)
    64bit-(wlcrasvc)  [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation)
    64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
    (DragonUpdater) COMODO Dragon Update Service [Auto | Running] -> C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -> [2013/05/29 05:19:04 | 002,094,216 | ---- | M] ()
    (MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -> [2013/05/28 12:13:18 | 000,117,144 | ---- | M] (Mozilla Foundation)
    (AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/05/15 01:16:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated)
    (AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated)
    (GeekBuddyRSP) GeekBuddyRSP Service [Auto | Running] -> C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -> [2013/04/17 13:27:24 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.)
    (CLPSLauncher) COMODO LPS Launcher [Auto | Running] -> C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -> [2013/04/17 11:57:08 | 000,070,344 | ---- | M] (Comodo Security Solutions Inc.)
    (Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2013/03/25 22:54:28 | 000,543,656 | ---- | M] (Valve Corporation)
    (SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files (x86)\Skype\Updater\Updater.exe -> [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies)
    (nvUpdatusService) NVIDIA Update Service Daemon [Auto | Stopped] -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -> [2013/02/09 20:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation)
    (Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation)
    (npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2012/10/24 01:16:51 | 004,702,568 | ---- | M] (INCA Internet Co., Ltd.)
    (UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/02/28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation)
    (LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/02/28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation)
    (jhi_service) Intel(R) Dynamic Application Loader Host Interface Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/02/21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation)
    (Intel(R) ME Service) Intel(R) ME Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/02/21 12:29:28 | 000,128,280 | ---- | M] ()
    (ZAtheros Bt&Wlan Coex Agent) ZAtheros Bt&Wlan Coex Agent [Auto | Running] -> C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -> [2011/12/29 15:27:48 | 000,158,880 | ---- | M] (Atheros)
    (AtherosSvc) AtherosSvc [Auto | Running] -> C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -> [2011/12/29 15:09:24 | 000,106,144 | ---- | M] (Atheros Commnucations)
    (Winstep Xtreme Service) Winstep Xtreme Service [Auto | Running] -> C:\Program Files (x86)\Winstep\WsxService.exe -> [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies)
    (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
    (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
     
    [Driver Services - Safe List]
    64bit-(aswSnx) aswSnx [File_System | System | Running] -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software)
    64bit-(aswSP) aswSP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswSP.sys -> [2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software)
    64bit-(aswVmm) aswVmm [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\aswVmm.sys -> [2013/05/09 01:59:07 | 000,189,936 | ---- | M] ()
    64bit-(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswRdr2.sys -> [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software)
    64bit-(aswRvrt) aswRvrt [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\aswRvrt.sys -> [2013/05/09 01:59:07 | 000,065,336 | ---- | M] ()
    64bit-(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software)
    64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software)
    64bit-(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software)
    64bit-(cmderd) COMODO Internet Security Eradication Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\cmderd.sys -> [2013/04/15 18:38:52 | 000,023,168 | ---- | M] (COMODO)
    64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2012/12/18 22:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation)
    64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation)
    64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation)
    64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation)
    64bit-(MEIx64) Intel(R) Management Engine Interface  [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation)
    64bit-(VIAHdAudAddService) VIA High Definition Audio Driver Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\viahduaa.sys -> [2012/03/23 00:07:42 | 002,193,008 | ---- | M] (VIA Technologies, Inc.)
    64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2012/02/17 23:50:33 | 000,107,904 | ---- | M] (Advanced Micro Devices)
    64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2012/02/17 23:50:33 | 000,027,008 | ---- | M] (Advanced Micro Devices)
    64bit-(iusb3xhc) Intel(R) USB 3.0 eXtensible Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\iusb3xhc.sys -> [2012/02/06 21:12:56 | 000,787,736 | ---- | M] (Intel Corporation)
    64bit-(iusb3hub) Intel(R) USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\iusb3hub.sys -> [2012/02/06 21:12:54 | 000,356,120 | ---- | M] (Intel Corporation)
    64bit-(iusb3hcs) Intel(R) USB 3.0 Host Controller Switch Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iusb3hcs.sys -> [2012/02/06 21:12:54 | 000,016,152 | ---- | M] (Intel Corporation)
    64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2012/01/26 01:27:36 | 000,413,456 | ---- | M] (Synaptics Incorporated)
    64bit-(SmbDrv) SmbDrv [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Smb_driver.sys -> [2012/01/26 01:27:30 | 000,022,800 | ---- | M] (Synaptics Incorporated)
    64bit-(AmUStor) AM USB Stroage Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\AmUStor.sys -> [2012/01/04 03:54:54 | 000,094,808 | ---- | M] (Alcor Micro, Corp.)
    64bit-(BtFilter) BtFilter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btfilter.sys -> [2011/12/29 15:18:54 | 000,548,000 | ---- | M] (Atheros)
    64bit-(BTATH_RCP) Bluetooth AVRCP Device [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btath_rcp.sys -> [2011/12/29 15:18:06 | 000,280,992 | ---- | M] (Atheros)
    64bit-(BTATH_LWFLT) Bluetooth LWFLT Device [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btath_lwflt.sys -> [2011/12/29 15:17:54 | 000,068,256 | ---- | M] (Atheros)
    64bit-(BTATH_HCRP) Bluetooth HCRP Server driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btath_hcrp.sys -> [2011/12/29 15:17:24 | 000,167,584 | ---- | M] (Atheros)
    64bit-(AthBTPort) Atheros Virtual Bluetooth Class [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btath_flt.sys -> [2011/12/29 15:17:06 | 000,036,000 | ---- | M] (Atheros)
    64bit-(BTATH_BUS) Atheros Bluetooth Bus [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btath_bus.sys -> [2011/12/29 15:16:54 | 000,030,368 | ---- | M] (Atheros)
    64bit-(btath_avdt) Atheros Bluetooth AVDT Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btath_avdt.sys -> [2011/12/29 15:16:36 | 000,110,752 | ---- | M] (Atheros)
    64bit-(BTATH_A2DP) Bluetooth A2DP Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btath_a2dp.sys -> [2011/12/29 15:16:18 | 000,338,592 | ---- | M] (Atheros)
    64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2011/12/22 20:09:00 | 000,568,600 | ---- | M] (Intel Corporation)
    64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2011/11/22 23:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.)
    64bit-(L1C) NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\L1C62x64.sys -> [2011/09/19 00:54:46 | 000,108,656 | ---- | M] (Atheros Communications, Inc.)
    64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation)
    64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
    64bit-(kbfiltr) Keyboard Filter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\kbfiltr.sys -> [2009/07/20 02:29:40 | 000,015,416 | ---- | M] ( )
    64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
    64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
    64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology)
    64bit-(TPM) TPM [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tpm.sys -> [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation)
    64bit-(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\agrsm64.sys -> [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp)
    64bit-(SiSGbeLH) SiS191/SiS190 Ethernet Device NDIS 6.0 Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SiSG664.sys -> [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.)
    64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
    64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
    64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
    64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
    (CFRMD) CFRMD [File_System | System | Stopped] -> C:\Windows\SysWOW64\drivers\CFRMD.sys -> [2012/09/03 00:20:00 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider)
    (WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
     
    [Registry - All]
    < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
    HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://asus.msn.com -> 
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
    HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://asus.msn.com -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    64bit-HKEY_USERS\S-1-5-19\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2013/04/04 18:19:09 | 010,926,080 | ---- | M] (Microsoft Corporation)
    HKEY_USERS\S-1-5-19\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2013/04/04 15:09:30 | 009,738,752 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    64bit-HKEY_USERS\S-1-5-20\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2013/04/04 18:19:09 | 010,926,080 | ---- | M] (Microsoft Corporation)
    HKEY_USERS\S-1-5-20\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2013/04/04 15:09:30 | 009,738,752 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\] > -> -> 
    HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\: Main\\"Default_Page_URL" -> http://asus.msn.com -> 
    HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
    HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\: Main\\"Start Page" -> http://www.bing.com/ -> 
    64bit-HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2013/04/04 18:19:09 | 010,926,080 | ---- | M] (Microsoft Corporation)
    HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2013/04/04 15:09:30 | 009,738,752 | ---- | M] (Microsoft Corporation)
    HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\: "ProxyEnable" -> 0 -> 
    < FireFox Settings [Prefs.js] > -> C:\Users\Johann\AppData\Roaming\Mozilla\FireFox\Profiles\t7cv33e3.default\prefs.js -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2013/05/14 12:55:48 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 21.0\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 21.0\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS -> 
    HKLM\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> 
    < FireFox Extensions [User Folders] > -> 
      -> C:\Users\Johann\AppData\Roaming\Mozilla\Extensions -> [2013/03/23 18:45:56 | 000,000,000 | ---D | M]
      -> C:\Users\Johann\AppData\Roaming\Mozilla\Firefox\Profiles\t7cv33e3.default\extensions -> [2013/05/29 11:46:00 | 000,000,000 | ---D | M]
    DownloadHelper   -> C:\Users\Johann\AppData\Roaming\Mozilla\Firefox\Profiles\t7cv33e3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2013/05/29 11:46:00 | 000,000,000 | ---D | M]
      -> C:\Users\Johann\AppData\Roaming\Mozilla\Firefox\Profiles\t7cv33e3.default\extensions\foxyproxy-basic@eric.h.jung -> [2013/05/13 15:37:25 | 000,000,000 | ---D | M]
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files (x86)\Mozilla Firefox\browser\extensions -> [2013/05/28 12:13:18 | 000,000,000 | ---D | M]
    Default   -> C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2013/05/28 12:13:18 | 000,000,000 | ---D | M]
    No name found -> C:\USERS\JOHANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T7CV33E3.DEFAULT\EXTENSIONS\{45D8FF86-D909-11DB-9705-005056C00008}.XPI -> ()
    No name found -> C:\USERS\JOHANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T7CV33E3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI -> ()
    FoxyProxy Standard -> C:\USERS\JOHANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T7CV33E3.DEFAULT\EXTENSIONS\FOXYPROXY-BASIC@ERIC.H.JUNG -> [2013/05/13 15:37:25 | 000,000,000 | ---D | M]
    < FireFox Components [Program Folders] > -> 
    < HOSTS File > ([2009/06/10 14:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
    Reset Hosts
    < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2013/05/09 08:29:22 | 000,242,496 | ---- | M] (AVAST Software)
    {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2011/03/28 22:14:36 | 000,529,280 | ---- | M] (Microsoft Corp.)
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} [HKLM] -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [CIESpeechBHO Class] -> [2011/12/29 15:21:42 | 000,051,872 | ---- | M] (Atheros Commnucations)
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2013/05/09 08:29:17 | 000,198,688 | ---- | M] (AVAST Software)
    {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2011/03/28 21:35:06 | 000,441,216 | ---- | M] (Microsoft Corp.)
    < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2013/05/09 08:29:22 | 000,242,496 | ---- | M] (AVAST Software)
    "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2013/05/09 08:29:17 | 000,198,688 | ---- | M] (AVAST Software)
    "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "AmIcoSinglun64" -> C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe] -> [2012/03/28 01:45:46 | 000,373,248 | ---- | M] (Alcor Micro Corp.)
    "AthBtTray" -> C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe ["C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"] -> [2011/12/29 15:10:00 | 000,800,416 | ---- | M] (Atheros Commnucations)
    "AtherosBtStack" -> C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe ["C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"] -> [2011/12/29 15:13:30 | 001,014,432 | ---- | M] (Atheros Commnucations)
    "COMODO Internet Security" -> C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe [C:\Program Files\COMODO\COMODO Internet Security\cistray.exe] -> [2013/04/15 18:38:20 | 003,603,152 | ---- | M] (COMODO)
    "SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe] -> [2012/01/26 01:26:54 | 002,869,008 | ---- | M] (Synaptics Incorporated)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Adobe ARM" -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2013/05/11 03:37:26 | 000,958,576 | ---- | M] (Adobe Systems Incorporated)
    "Adobe Reader Speed Launcher" ->  ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> File not found
    "avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software)
    "gbrspcontrol" -> C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe ["C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave] -> [2013/04/17 13:27:24 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.)
    "HDAudDeck" -> C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r] -> [2012/03/30 05:01:16 | 005,138,032 | ---- | M] (VIA)
    "USB3MON" -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe ["C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"] -> [2012/02/06 21:12:52 | 000,291,608 | ---- | M] (Intel Corporation)
    < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 05:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation)
    < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
    "mctadmin" ->  [C:\Windows\System32\mctadmin.exe] -> File not found
    < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 05:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation)
    < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
    "mctadmin" ->  [C:\Windows\System32\mctadmin.exe] -> File not found
    < Run [HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\] > -> HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Nexus" -> C:\Program Files (x86)\Winstep\Nexus.exe [C:\Program Files (x86)\Winstep\Nexus.exe autostart] -> [2012/03/28 16:03:16 | 016,957,056 | ---- | M] (Winstep Software Technologies)
    "Pando Media Booster" -> C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe] -> [2013/03/23 20:48:07 | 004,270,640 | ---- | M] ()
    "PlayNC Launcher" ->  [] -> File not found
    "Rainlendar2" -> C:\Program Files\Rainlendar2\Rainlendar2.exe [C:\Program Files\Rainlendar2\Rainlendar2.exe] -> [2013/03/11 14:10:12 | 004,373,600 | ---- | M] ()
    "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2013/05/15 17:37:43 | 005,622,512 | ---- | M] (SUPERAntiSpyware.com)
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoActiveDesktop" ->  [1] -> File not found
    \\"NoActiveDesktopChanges" ->  [1] -> File not found
    \\"ForceActiveDesktopOn" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
    \\"ConsentPromptBehaviorUser" ->  [3] -> File not found
    \\"EnableInstallerDetection" ->  [1] -> File not found
    \\"EnableLUA" ->  [1] -> File not found
    \\"EnableSecureUIAPaths" ->  [1] -> File not found
    \\"EnableUIADesktopToggle" ->  [0] -> File not found
    \\"EnableVirtualization" ->  [1] -> File not found
    \\"PromptOnSecureDesktop" ->  [1] -> File not found
    \\"ValidateAdminCodeSignatures" ->  [0] -> File not found
    \\"dontdisplaylastusername" ->  [0] -> File not found
    \\"legalnoticecaption" ->  [] -> File not found
    \\"legalnoticetext" ->  [] -> File not found
    \\"scforceoption" ->  [0] -> File not found
    \\"shutdownwithoutlogon" ->  [1] -> File not found
    \\"undockwithoutlogon" ->  [1] -> File not found
    \\"FilterAdministratorToken" ->  [0] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    \UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004] -> [2011/05/13 16:37:08 | 000,188,256 | ---- | M] (Microsoft Corporation)
    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003] -> [2011/05/13 16:37:08 | 000,188,256 | ---- | M] (Microsoft Corporation)
    {7815BE26-237D-41A8-A98F-F7BD75F71086}:{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} [HKLM] -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Menu: Send by Bluetooth to] -> [2011/12/29 15:21:42 | 000,051,872 | ---- | M] (Atheros Commnucations)
    < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
    < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\] > -> HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\] > -> HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.1.254 192.168.2.1 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {20A97276-700E-4CB5-9F53-FC03180D1256}\\DhcpNameServer -> 192.168.1.254 192.168.2.1   (Atheros AR9485WB-EG Wireless Network Adapter) -> 
    {20A97276-700E-4CB5-9F53-FC03180D1256}\\NameServer -> 8.26.56.26,156.154.70.22   (Atheros AR9485WB-EG Wireless Network Adapter) -> 
    {9AB7C896-2747-437C-B61D-256CD0FB8C8C}\\DhcpNameServer -> 192.168.1.254 192.168.2.1   (Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)) -> 
    {9AB7C896-2747-437C-B61D-256CD0FB8C8C}\\NameServer -> 8.26.56.26,156.154.70.22   (Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)) -> 
    < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    explorer.exe -> C:\Windows\explorer.exe -> [2012/02/17 23:49:52 | 002,871,808 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 18:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
    /pagefile ->  -> File not found
    *MultiFile Done* -> -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2012/02/17 23:49:52 | 002,616,320 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2010/11/20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 18:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
    /pagefile ->  -> File not found
    *MultiFile Done* -> -> 
    < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    credssp.dll -> C:\Windows\SysNative\credssp.dll -> [2010/11/20 06:26:00 | 000,022,016 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    credssp.dll -> C:\Windows\SysWow64\credssp.dll -> [2010/11/20 05:18:26 | 000,017,408 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    64bit-*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    msv1_0 -> C:\Windows\SysNative\msv1_0.dll -> [2010/11/20 06:27:10 | 000,312,320 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    msv1_0 -> C:\Windows\SysWow64\msv1_0.dll -> [2010/11/20 05:19:56 | 000,257,024 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    kerberos -> C:\Windows\SysNative\kerberos.dll -> [2012/08/10 17:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation)
    msv1_0 -> C:\Windows\SysNative\msv1_0.dll -> [2010/11/20 06:27:10 | 000,312,320 | ---- | M] (Microsoft Corporation)
    schannel -> C:\Windows\SysNative\schannel.dll -> [2012/08/24 11:05:03 | 000,340,992 | ---- | M] (Microsoft Corporation)
    wdigest -> C:\Windows\SysNative\wdigest.dll -> [2009/07/13 18:41:56 | 000,210,432 | ---- | M] (Microsoft Corporation)
    tspkg -> C:\Windows\SysNative\tspkg.dll -> [2010/11/20 06:27:28 | 000,086,016 | ---- | M] (Microsoft Corporation)
    pku2u -> C:\Windows\SysNative\pku2u.dll -> [2009/07/13 18:41:53 | 000,240,640 | ---- | M] (Microsoft Corporation)
    livessp -> C:\Windows\SysNative\livessp.dll -> [2011/03/28 22:11:06 | 000,252,800 | ---- | M] (Microsoft Corp.)
    *MultiFile Done* -> -> 
    *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    kerberos -> C:\Windows\SysWow64\kerberos.dll -> [2012/08/10 16:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation)
    msv1_0 -> C:\Windows\SysWow64\msv1_0.dll -> [2010/11/20 05:19:56 | 000,257,024 | ---- | M] (Microsoft Corporation)
    schannel -> C:\Windows\SysWow64\schannel.dll -> [2012/08/24 09:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation)
    wdigest -> C:\Windows\SysWow64\wdigest.dll -> [2009/07/13 18:16:18 | 000,171,520 | ---- | M] (Microsoft Corporation)
    tspkg -> C:\Windows\SysWow64\tspkg.dll -> [2010/11/20 05:21:32 | 000,065,024 | ---- | M] (Microsoft Corporation)
    pku2u -> C:\Windows\SysWow64\pku2u.dll -> [2009/07/13 18:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
    livessp -> C:\Windows\SysWow64\livessp.dll -> [2011/03/28 21:31:14 | 000,209,280 | ---- | M] (Microsoft Corp.)
    *MultiFile Done* -> -> 
    < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
    {00FCACDB-F27E-4CFE-BBE5-9796498DD0CB} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
    {190F7C1A-2BCD-4FAE-B4B5-D2F2742631A4} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
    {1DCF7CB6-0EBA-4049-82A1-DBAC59FCE868} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
    {1E03CB03-9618-4FE0-A155-0559A6154934} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
    {22CFC58A-8AB5-44FD-88BB-86DF547A05B8} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
    {2BA77F7B-BF1D-4E5C-BB3F-5BE23FB55591} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
    {2F65C7D5-C059-4D1D-BEBE-6878F69BF327} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
    {3702CCD1-6B24-47C3-B746-E9B7B12D39F8} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
    {3D945341-61CF-4279-B89E-929D509E88A6} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {48CA2002-4BE8-4AE4-AD85-35581640011F} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
    {5A91AC63-3975-4121-8662-306E9525B30E} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
    {600962BA-2231-4D6F-9328-778BB78C1176} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
    {6B2F0F1A-A162-45C7-83A2-5C87EB23FEF1} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
    {7E5BDC21-DD7B-46B1-8C5B-DAA4B4C4D21A} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
    {871B17EC-2897-4D6B-ACD1-388DC2D21686} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
    {A2CB277D-93C9-4C80-BDBB-F23E892B215F} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
    {AA0768CF-2657-4087-B2D8-CF5B4274D9E1} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
    {B65E2E31-D73C-4C76-A97E-231072E5FCCD} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
    {BD42FC39-880D-43DC-80A5-D7A918F54F0B} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
    {D28FC3C7-10D1-4056-B27C-782E9C5FFDDC} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
    {E87C36BC-5DE4-4827-8DB8-F705CB817A74} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
    {F23B24FD-5294-4560-B0A7-0E6C4C4A78CB} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
    {F29F8C98-100E-4695-9ABA-1B319F2ABE3B} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
    {09F852F9-B933-47FD-A28A-629DE7C05CC0} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
    {0CA26B57-6073-48F2-BE76-0322BD43D5AD} -> profile=private | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {0D230A40-1507-4FF2-BAD4-39AC0F3FE0FA} -> profile=private | protocol=17 | dir=in | action=allow | name=tera | app=e:\happycloud\cache\tera\client\binaries\tera.exe | 
    {11A7B490-E1B2-437C-94F2-809C83FB3591} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
    {12B16596-73B6-4E60-B731-1DD065A9719C} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | 
    {167447D4-74D0-4BB4-BA4D-3FA6D531913E} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
    {18F4B601-E44D-4EB4-85F1-E699AA4745B3} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    {3280A4B2-0E17-401B-BE52-B3DE6A790B07} -> profile=private | protocol=17 | dir=in | action=allow | name=geekbuddy rsp | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe | 
    {361D7E2D-BE8C-4E76-93DE-44DBC8AE93DC} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    {3E74FF1C-9BE0-405F-8042-CA87AE40DB62} -> profile=domain | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {4286B1DD-65DE-404B-99C6-E8D4897D8B83} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
    {43D16F7D-4D83-480F-841C-C5E7D77EDC4F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
    {4D96F7E5-D737-41E7-8E01-C8A3850A680C} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
    {526964DE-7ECD-455F-8766-A2D53F9705D7} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
    {5FAB1AF6-ABE6-400C-B017-870C907CA276} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
    {5FAEA3D0-04C4-48D8-B56A-804C62FC48FA} -> profile=public | protocol=17 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
    {6FCE47F0-FB11-4EC2-993C-95AC4A1C5F19} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
    {739D8E39-AC66-4445-A1F3-2F2365EF372A} -> profile=public | protocol=6 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
    {75E83416-CE39-4939-BA97-5AD457A37960} -> profile=private | protocol=17 | dir=in | action=allow | name=tera | app=e:\happycloud\cache\tera\tera-launcher.exe | 
    {80A16E20-9C94-4CD0-9F65-044D272F4D85} -> profile=private | protocol=6 | dir=in | action=allow | name=tera | app=e:\happycloud\cache\tera\client\tl.exe | 
    {81C5F9F3-8849-49A6-A06C-9E339F9DF476} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    {82087970-B68B-4817-90CE-66C8E45A5F07} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
    {88AD1F10-AE5B-475B-88CC-D84B6F356B79} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
    {8C05FB6F-2747-4118-AFC1-732F315792F8} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
    {968E3533-7A04-4AFD-8AA8-784B808753E1} -> profile=private | protocol=17 | dir=in | action=allow | name=tera | app=e:\happycloud\cache\tera\client\tl.exe | 
    {97E876FE-8C78-4657-ADF1-439DBA0AEC68} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
    {A044209C-3240-4E04-A512-E9CFCFB64947} -> profile=private | protocol=6 | dir=in | action=allow | name=geekbuddy rsp | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe | 
    {AEDBC34C-EBC6-4E55-B6E4-0BFD7697038C} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
    {B4509E31-6819-47FC-B3F6-D222A3E3B9E4} -> profile=domain | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {C0590ADF-92EC-43D3-9E17-09DBE85F6C57} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    {C331B921-D9BA-4F2F-ABA5-B6F8FA174EAB} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
    {C6FA2257-3705-404E-84D6-F12D8FB71496} -> profile=private | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {C9D33B16-FD19-431A-B37D-89CA9224840E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
    {D52F57B9-BA49-467D-AFB1-7CC71CE02345} -> profile=private | protocol=6 | dir=in | action=allow | name=tera | app=e:\happycloud\cache\tera\client\binaries\tera.exe | 
    {D6FE0EBA-88A3-4C70-9983-045FA617FF33} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
    {DB196E8F-C3FA-40C9-A74F-194B0BA99715} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {E2AE9C61-A14F-4DF5-8A1A-E4823409D99E} -> profile=private | protocol=6 | dir=in | action=allow | name=tera | app=e:\happycloud\cache\tera\tera-launcher.exe | 
    {E511EC5E-A727-48C3-AD96-EDB0F5F18D6B} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
    {E9CB8FE0-FC95-4C0D-BD57-EB54ED5D2108} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
    {FB1B9B57-5FF6-4808-8DB4-EA20230E4970} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    "AlternateShell" -> cmd.exe -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 02:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation)
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    64bit-comfile [open] -> "%1" %*
    64bit-exefile [open] -> "%1" %*
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
     
    [Registry - Additional Scans - Safe List]
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    64bit-batfile [open] -> "%1" %*
    64bit-cmdfile [open] -> "%1" %*
    64bit-comfile [open] -> "%1" %*
    64bit-exefile [open] -> "%1" %*
    64bit-htmlfile [print] -> rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 18:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation)
    64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2009/07/13 18:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation)
    64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2009/07/13 18:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation)
    64bit-piffile [open] -> "%1" %*
    64bit-scrfile [config] -> "%1"
    64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l
    64bit-scrfile [open] -> "%1" /S
    64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2013/04/14 09:58:32 | 000,124,416 | ---- | M] (VideoLAN)
    64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010/11/20 06:24:34 | 000,345,088 | ---- | M] (Microsoft Corporation)
    64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2012/02/17 23:49:52 | 002,871,808 | ---- | M] (Microsoft Corporation)
    64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2013/04/14 09:58:32 | 000,124,416 | ---- | M] (VideoLAN)
    64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2012/02/17 23:49:52 | 002,871,808 | ---- | M] (Microsoft Corporation)
    64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2012/02/17 23:49:52 | 002,871,808 | ---- | M] (Microsoft Corporation)
    batfile [open] -> "%1" %* -> 
    cmdfile [open] -> "%1" %* -> 
    comfile [open] -> "%1" %* -> 
    cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 18:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
    exefile [open] -> "%1" %* -> 
    htmlfile [print] -> rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" -> 
    inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 18:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation)
    piffile [open] -> "%1" %* -> 
    scrfile [config] -> "%1" -> 
    scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> 
    scrfile [open] -> "%1" /S -> 
    Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
    Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2013/04/14 09:58:32 | 000,124,416 | ---- | M] (VideoLAN)
    Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010/11/20 05:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation)
    Directory [find] -> %SystemRoot%\Explorer.exe -> [2012/02/17 23:49:52 | 002,871,808 | ---- | M] (Microsoft Corporation)
    Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2013/04/14 09:58:32 | 000,124,416 | ---- | M] (VideoLAN)
    Folder [open] -> %SystemRoot%\Explorer.exe -> [2012/02/17 23:49:52 | 002,871,808 | ---- | M] (Microsoft Corporation)
    Drive [find] -> %SystemRoot%\Explorer.exe -> [2012/02/17 23:49:52 | 002,871,808 | ---- | M] (Microsoft Corporation)
    < 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    {0826F9E4-787E-481D-83E0-BC6A57B056D5} -> Microsoft SQL Server VSS Writer
    {09536BA1-E498-4CC3-B834-D884A67D7E34} -> Intel® Trusted Connect Service Client
    {180C8888-50F1-426B-A9DC-AB83A1989C65} -> Windows Live Language Selector
    {1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} -> Windows Live ID Sign-in Assistant
    {1D8E6291-B0D5-35EC-8441-6616F567A0F7} -> Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    {1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67} -> Windows Live Remote Service Resources
    {1FB31F44-D4D0-4D76-944A-A1A5D79FD321} -> Windows Live Family Safety
    {206BD2C5-DE08-4577-A0D7-D441A79D5A3A} -> Windows Live Remote Client Resources
    {230D1595-57DA-4933-8C4E-375797EBB7E1} -> Atheros Bluetooth Suite (64)
    {23170F69-40C1-2702-0920-000001000000} -> 7-Zip 9.20 (x64 edition)
    {2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF} -> Sql Server Customer Experience Improvement Program
    {3CE222BA-66A6-4D18-BEE9-5D21C5798C3E} -> Windows Live Family Safety
    {3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A} -> Windows Live Family Safety
    {5340A3B5-3853-4745-BED2-DD9FF5371331} -> Microsoft SQL Server 2008 Common Files
    {5E2CD4FB-4538-4831-8176-05D653C3E6D4} -> Windows Live Remote Service Resources
    {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    {656DEEDE-F6AC-47CA-A568-A1B4E34B5760} -> Windows Live Remote Service Resources
    {692CCE55-9EAE-4F57-A834-092882E7FE0B} -> Windows Live Remote Client Resources
    {6DDCFF78-6F91-438C-9567-C5CAA9D7F56C} -> Windows Live Family Safety
    {749BE6FF-815E-4F36-901B-7AC301B50330} -> Windows Live Family Safety
    {7ACE202B-1B01-4B43-B6AE-03D66D621CDE} -> Microsoft SQL Server 2008 RsFx Driver
    {8220EEFE-38CD-377E-8595-13398D740ACE} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    {825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99} -> Windows Live Remote Client Resources
    {847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5} -> Windows Live Remote Client Resources
    {893F27E6-D6BE-4B9F-80E6-0ADA694A31A8} -> Microsoft SQL Server 2008 Common Files
    {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
    {8E34682C-8118-31F1-BC4C-98CD9675E1C2} -> Microsoft .NET Framework 4 Extended
    {8EB588BD-D398-40D0-ADF7-BE1CEEF7C116} -> Windows Live Remote Client Resources
    {94D70749-4281-39AC-AD90-B56A0E0A402E} -> Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
    {95120000-00B9-0409-1000-0000000FF1CE} -> Microsoft Application Error Reporting
    {A679FBE4-BA2D-4514-8834-030982C8B31A} -> Windows Live Remote Service Resources
    {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} -> Microsoft Visual C++ 2005 Redistributable (x64)
    {AE91E0F3-C49A-4EF4-8B98-A07BD409EB90} -> Windows Live Remote Service Resources
    {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision -> NVIDIA 3D Vision Driver 314.07
    {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel -> NVIDIA Control Panel 314.07
    {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver -> NVIDIA Graphics Driver 314.07
    {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX -> NVIDIA PhysX System Software 9.12.1031
    {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update -> NVIDIA Update 1.12.12
    {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver -> NVIDIA HD Audio Driver 1.3.23.1
    {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer -> NVIDIA Install Application
    {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update -> NVIDIA Update Components
    {B40EE88B-400A-4266-A17B-E3DE64E94431} -> Microsoft SQL Server 2008 Setup Support Files 
    {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F} -> Windows Live Remote Client Resources
    {BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1} -> Microsoft SQL Server 2008 Native Client
    {BCA26999-EC22-3007-BB79-638913079C9A} -> Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    {C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61} -> Raw Therapee V4.0.11.1 x64
    {CC8BA866-16A7-4667-BA0C-C494A1E7B2BF} -> Microsoft SQL Server 2008 Database Engine Shared
    {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware
    {CEA21F20-DBF4-464C-8B81-28B8508AFDDD} -> Windows Live Family Safety
    {D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3} -> Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    {DA54F80E-261C-41A2-A855-549A144F2F59} -> Windows Live MIME IFilter
    {DF167CE3-60E7-44EA-99EC-2507C51F37AE} -> Microsoft SQL Server 2008 Database Engine Shared
    {DF6D988A-EEA0-4277-AAB8-158E086E439B} -> Windows Live Remote Client
    {E01819BD-709F-43A1-9600-6F5E4C584C37} -> Windows Live Family Safety
    {E02A6548-6FDE-40E2-8ED9-119D7D7E641F} -> Windows Live Remote Service
    {F1EC4151-805B-4097-B9BB-7D71A417AAF1} -> COMODO Firewall
    {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} -> Microsoft .NET Framework 4 Client Profile
    {FA7394B8-CE65-4F9E-AC99-F372AD365424} -> Microsoft SQL Server 2008 Database Engine Services
    {FAA3933C-6F0D-4350-B66B-9D7F7031343E} -> Windows Live Remote Service Resources
    {FBD367D1-642F-47CF-B79B-9BE48FB34007} -> Microsoft SQL Server 2008 Database Engine Services
    {FCADA26A-5672-31DD-BF0E-BA76ECF9B02D} -> Microsoft Help Viewer 1.0
    GIMP Extensions -> GIMP Extensions 2.8.20130215
    GIMP-2_is1 -> GIMP 2.8.4
    Microsoft .NET Framework 4 Client Profile -> Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended -> Microsoft .NET Framework 4 Extended
    Microsoft Help Viewer 1.0 -> Microsoft Help Viewer 1.0
    Microsoft SQL Server 10 -> Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 10 Release -> Microsoft SQL Server 2008 (64-bit)
    SynTPDeinstKey -> Synaptics Pointing Device Driver
    TeamSpeak 3 Client -> TeamSpeak 3 Client
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    {000F2A10-9CDF-47BF-9CF2-9AC87567B433} -> Windows Live Photo Common
    {03241D8D-2217-42F7-9FCB-6A68D141C14D} -> Windows Live 软件包
    {04668DF2-D32F-4555-9C7E-35523DCD6544} -> Control ActiveX de Windows Live Mesh para conexiones remotas
    {048298C9-A4D3-490B-9FF9-AB023A9238F3} -> Steam
    {05E379CC-F626-4E7D-8354-463865B303BF} -> Windows Live UX Platform Language Pack
    {062E4D94-8306-46D5-81B6-45E6AD09C799} -> Windows Live Messenger
    {0B0F231F-CE6A-483D-AA23-77B364F75917} -> Windows Live Installer
    {0D261C88-454B-46FE-B43B-640E621BDA11} -> Windows Live Mail
    {0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4} -> Galeria de Fotografias do Windows Live
    {112C23F2-C036-4D40-BED4-0CB47BF5555C} -> Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    {14DD7530-CCD2-3798-B37D-3839ED6A441C} -> Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    {198EA334-8A3F-4CB2-9D61-6C10B8168A6F} -> Windows Live Writer
    {19BA08F7-C728-469C-8A35-BFBD3633BE08} -> Windows Live Movie Maker
    {1DBD1F12-ED93-49C0-A7CC-56CBDE488158} -> ASUS LifeFrame3
    {1F1CC8E4-A226-4EB6-BDCD-9C9EBF977B41} -> Scarab Darkroom
    {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} -> Junk Mail filter update
    {200FEC62-3C34-4D60-9CE8-EC372E01C08F} -> Windows Live SOXE Definitions
    {20D4A895-748C-4D88-871C-FDB1695B0169} -> Platform
    {240C3DDD-C5E9-4029-9DF7-95650D040CF2} -> Intel(R) USB 3.0 eXtensible Host Controller Driver
    {25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E} -> Windows Live Mail
    {2902F983-B4C1-44BA-B85D-5C6D52E2C441} -> Windows Live Mesh ActiveX Control for Remote Connections
    {29373E24-AC72-424E-8F2A-FB0F9436F21F} -> Windows Live Photo Common
    {29499A4D-0742-4B73-B982-5049775F1F66} -> Alcor Micro USB Card Reader
    {2A2F3AE8-246A-4252-BB26-1BEB45627074} -> Microsoft SQL Server System CLR Types
    {2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} -> Windows Live Messenger
    {2C865FB0-051E-4D22-AC62-428E035AEAF0} -> Windows Live Mesh
    {2D49C296-BCCA-4800-BAF6-A0269EBDCF74} -> Windows Live Messenger
    {3108C217-BE83-42E4-AE9E-A56A2A92E549} -> Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    {317D56AC-0DB3-48F5-929A-42032DAC9AD7} -> Windows Live Writer
    {3336F667-9049-4D46-98B6-4C743EEBC5B1} -> Windows Live Photo Gallery
    {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} -> Windows Live
    {34F4D9A4-42C2-4348-BEF4-E553C84549E7} -> Windows Live Photo Gallery
    {368BEC2C-B7A2-4762-9213-2D8465D533CA} -> Windows Live UX Platform Language Pack
    {370F888E-42A7-4911-9E34-7D74632E17EB} -> Windows Live Photo Common
    {3A9FC03D-C685-4831-94CF-4EDFD3749497} -> Microsoft SQL Server Compact 3.5 SP2 ENU
    {3B9A92DA-6374-4872-B646-253F18624D5F} -> Windows Live Writer
    {488F0347-C4A7-4374-91A7-30818BEDA710} -> Galerie de photos Windows Live
    {48C0DC5E-820A-44F2-890E-29B68EDD3C78} -> Windows Live Writer
    {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} -> Skype™ 6.3
    {4E968D9C-21A7-4915-B698-F7AEB913541D} -> Microsoft SQL Server 2008 R2 Management Objects
    {506FC723-8E6C-4417-9CFF-351F99130425} -> Windows Live UX Platform Language Pack
    {55D003F4-9599-44BF-BA9E-95D060730DD3} -> Contrôle ActiveX Windows Live Mesh pour connexions à distance
    {579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} -> Windows Live UX Platform Language Pack
    {588CE0C0-860B-49A8-AFCF-3C69465B345F} -> Windows Live Mesh
    {59F24743-2EA1-3A45-B8C2-6E0E1E078FA8} -> Microsoft Visual C# 2010 Express - ENU
    {5D273F60-0525-48BA-A5FB-D0CAA4A952AE} -> Windows Live Movie Maker
    {5F8E2CBB-949D-4175-AC98-5ADE7F6C9697} -> NCsoft Launcher
    {622DE1BE-9EDE-49D3-B349-29D64760342A} -> 適用遠端連線的 Windows Live Mesh ActiveX 控制項
    {62687B11-58B5-4A18-9BC3-9DF4CE03F194} -> Windows Live Writer Resources
    {65153EA5-8B6E-43B6-857B-C6E4FC25798A} -> Intel(R) Management Engine Components
    {6807427D-8D68-4D30-AF5B-0B38F8F948C8} -> Windows Live Writer Resources
    {682B3E4F-696A-42DE-A41C-4C07EA1678B4} -> Windows Live SOXE
    {6CB36609-E3A6-446C-A3C1-C71E311D2B9C} -> Windows Live Movie Maker
    {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3} -> Windows Live Movie Maker
    {7115EEBC-DA7B-434C-B81C-EA5B26EA9A94} -> Windows Live Writer Resources
    {753F0A72-59C3-41CE-A36A-F2DF2079275C} -> Windows Live Mail
    {77477AEA-5757-47D8-8B33-939F43D82218} -> Windows Live UX Platform Language Pack
    {78DAE910-CA72-450E-AD22-772CB1A00678} -> Windows Live Mesh
    {7B982EBD-D017-4527-BF1A-FC489EC6B100} -> Windows Live 照片库
    {7D1C7B9F-2744-4388-B128-5C75B8BCCC84} -> Windows Live Essentials
    {83C292B7-38A5-440B-A731-07070E81A64F} -> Windows Live PIMT Platform
    {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5} -> Windows Live Mesh
    {8B922CF8-8A6C-41CE-A858-F1755D7F5D29} -> NVIDIA PhysX
    {8C6D6116-B724-4810-8F2D-D047E6B7D68E} -> Mesh Runtime
    {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} -> MSVCRT
    {8FF3891F-01B5-4A71-BFCD-20761890471C} -> Windows Live Messenger
    {903EDF14-4E28-4463-AA5E-4AEE71C0263B} -> Windows Live Movie Maker
    {92606477-9366-4D3B-8AE3-6BE4B29727AB} -> League of Legends
    {92EA4134-10D1-418A-91E1-5A0453131A38} -> Windows Live Movie Maker
    {95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
    {95140000-0070-0000-0000-0000000FF1CE} -> Microsoft Office 2010
    {980A182F-E0A2-4A40-94C1-AE0C1235902E} -> Pando Media Booster
    {9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    {9BE518E6-ECC6-35A9-88E4-87755C07200F} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    {9D56775A-93F3-44A3-8092-840E3826DE30} -> Windows Live Mail
    {9FAE6E8D-E686-49F5-A574-0A58DFD9580C} -> Windows Live Mail
    {A0B91308-6666-4249-8FF6-1E11AFD75FE1} -> Windows Live Mail
    {A0C91188-C88F-4E86-93E6-CD7C9A266649} -> Windows Live Mesh
    {A41A708E-3BE6-4561-855D-44027C1CF0F8} -> Windows Live Photo Common
    {A47642B2-4CB5-4325-8093-C88D4747953F} -> GeekBuddy
    {A6C48A9F-694A-4234-B3AA-62590B668927} -> Intel(R) Manageability Engine Firmware Recovery Agent
    {A726AE06-AAA3-43D1-87E3-70F510314F04} -> Windows Live Writer
    {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
    {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} -> Windows Live Photo Common
    {AAAFC670-569B-4A2F-82B4-42945E0DE3EF} -> Windows Live Writer
    {AAF454FC-82CA-4F29-AB31-6A109485E76E} -> Windows Live Writer
    {AB61A2E9-37D3-485D-9085-19FBDF8CEF4A} -> Windows Live Messenger
    {AC76BA86-7AD7-1033-7B44-AB0000000001} -> Adobe Reader XI (11.0.03)
    {B618C3BF-5142-4630-81DD-F96864F97C7E} -> Windows Live Essentials
    {BAEE89D5-6E87-4F89-9603-A1C100479181} -> Windows Live Messenger
    {C3A32068-8AB1-4327-BB16-BED9C6219DC7} -> Atheros Driver Installation Program
    {C66824E4-CBB3-4851-BB3F-E8CFD6350923} -> Windows Live Mail
    {C688457E-03FD-4941-923B-A27F4D42A7DD} -> Microsoft SQL Server 2008 Browser
    {C893D8C0-1BA0-4517-B11C-E89B65E72F70} -> Windows Live Photo Common
    {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} -> Windows Live UX Platform
    {CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE} -> Microsoft .NET Framework 4 Multi-Targeting Pack
    {D0B44725-3666-492D-BEF6-587A14BD9BD9} -> MSVCRT_amd64
    {D299197D-CDEA-41A6-A363-F532DE4114FD} -> Windows Live UX Platform Language Pack
    {D436F577-1695-4D2F-8B44-AC76C99E0002} -> Windows Live Photo Common
    {D45240D3-B6B3-4FF9-B243-54ECE3E10066} -> Windows Live Communications Platform
    {DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071} -> Windows Live Movie Maker
    {DDC8BDEE-DCAC-404D-8257-3E8D4B782467} -> Windows Live Writer Resources
    {DE8F99FD-2FC7-4C98-AA67-2729FDE1F040} -> Windows Live Writer Resources
    {DECDCB7C-58CC-4865-91AF-627F9798FE48} -> Windows Live Mesh
    {E09C4DB7-630C-4F06-A631-8EA7239923AF} -> D3DX10
    {E54EEB5D-41ED-40FE-B4A8-8565DB81469B} -> Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    {E5B21F11-6933-4E0B-A25C-7963E3C07D11} -> Windows Live Messenger
    {E62E0550-C098-43A2-B54B-03FB1E634483} -> Windows Live Writer
    {E727A662-AF9F-4DEE-81C5-F4A1686F3DFC} -> Windows Live Writer Resources
    {E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66} -> Galería fotográfica de Windows Live
    {EEF99142-3357-402C-B298-DEC303E12D92} -> Windows Live 影像中心
    {EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB} -> Windows Live 程式集
    {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]
    {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} -> Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    {F992409C-9D10-4AE2-BAEB-B5409AD3785E} -> 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
    {FCDE76CB-989D-4E32-9739-6A272D2B0ED7} -> Windows Live Mesh
    {FE044230-9CA5-43F7-9B58-5AC5A28A1F33} -> Windows Live Essentials
    7-Zip -> 7-Zip 9.22beta
    Adobe Flash Player ActiveX -> Adobe Flash Player 11 ActiveX
    Adobe Flash Player Plugin -> Adobe Flash Player 11 Plugin
    AmUStor -> Alcor Micro USB Card Reader
    Asus Vibe2.0 -> AsusVibe2.0
    avast -> avast! Free Antivirus
    Cisco Connect -> Cisco Connect
    Comodo Dragon -> Comodo Dragon
    Diablo III -> Diablo III
    Google Chrome -> Google Chrome
    Guild Wars 2 -> Guild Wars 2
    InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} -> VIA Platform Device Manager
    Microsoft Visual C# 2010 Express - ENU -> Microsoft Visual C# 2010 Express - ENU
    Mozilla Firefox 21.0 (x86 en-US) -> Mozilla Firefox 21.0 (x86 en-US)
    MozillaMaintenanceService -> Mozilla Maintenance Service
    NVIDIAStereo -> NVIDIA Stereoscopic 3D Driver
    Pidgin -> Pidgin
    RaidCall -> RaidCall
    Rainlendar2 -> Rainlendar2 (remove only)
    VLC media player -> VLC media player 2.0.6
    WinLiveSuite -> Windows Live Essentials
    Winstep Xtreme_is1 -> Nexus 12.2
    < Uninstall List [HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\] > -> HKEY_USERS\S-1-5-21-648671964-1769031948-1812062652-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    Bitcoin -> Bitcoin
    HappyCloud -> Happy Cloud Client
    teraenmasse -> TERA
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Application [ Error ] 4/29/2013 5:20:07 PM Computer Name = Asus-ROG | Source = Application Hang | ID = 1002 -> Description = The program NCLauncher.exe version 1.0.1.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 1d24    Start Time: 01ce451f45889d69    Termination Time: 3    Application Path: E:\Programs\NCSoft\Launcher\NCLauncher.exe    Report Id:   
    Application [ Error ] 4/29/2013 5:53:13 PM Computer Name = Asus-ROG | Source = Application Hang | ID = 1002 -> Description = The program NCLauncher.exe version 1.0.1.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 9ec    Start Time: 01ce4523cea11d2e    Termination Time: 2    Application Path: C:\program files (x86)\ncsoft\launcher\NCLauncher.exe    Report Id:   
    Application [ Error ] 4/29/2013 6:04:11 PM Computer Name = Asus-ROG | Source = Application Hang | ID = 1002 -> Description = The program NCLauncher.exe version 1.0.1.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 630    Start Time: 01ce45240be6853a    Termination Time: 2    Application Path: C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe    Report Id:   
    Application [ Error ] 4/29/2013 6:06:53 PM Computer Name = Asus-ROG | Source = Application Hang | ID = 1002 -> Description = The program NCLauncher.exe version 1.0.1.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 370    Start Time: 01ce4525c51b071f    Termination Time: 3    Application Path: C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe    Report Id:   
    Application [ Error ] 4/29/2013 10:07:50 PM Computer Name = Asus-ROG | Source = Application Error | ID = 1000 -> Description = Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac  Faulting module name: msxml3.dll, version: 8.110.7601.17988, time stamp: 0x5091ff27  Exception code: 0xc0000005  Fault offset: 0x0002e64f  Faulting process id: 0x1df0  Faulting application start time: 0x01ce45477d2ce059  Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\System32\msxml3.dll  Report Id: c22ee04f-b13a-11e2-9f24-0008cafae02e
    Application [ Error ] 4/29/2013 10:34:34 PM Computer Name = Asus-ROG | Source = Application Error | ID = 1000 -> Description = Faulting application name: l2.bin, version: 0.0.0.0, time stamp: 0x51620c31  Faulting module name: NWindow.DLL, version: 0.0.0.0, time stamp: 0x51620c93  Exception code: 0xc0000005  Fault offset: 0x001bedd2  Faulting process id: 0x1874  Faulting application start time: 0x01ce453d775d9d4d  Faulting application path: E:\Programs\NCSoft\Lineage II\system\l2.bin  Faulting module path: E:\Programs\NCSoft\Lineage II\system\NWindow.DLL  Report Id: 7e3d8229-b13e-11e2-9f24-0008cafae02e
    Application [ Error ] 5/5/2013 7:13:40 PM Computer Name = Asus-ROG | Source = Application Error | ID = 1000 -> Description = Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac  Faulting module name: msxml3.dll, version: 8.110.7601.17988, time stamp: 0x5091ff27  Exception code: 0xc0000005  Fault offset: 0x0002e64f  Faulting process id: 0x1c6c  Faulting application start time: 0x01ce49e5cd5a4304  Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\System32\msxml3.dll  Report Id: 6be2e680-b5d9-11e2-b5aa-0008cafae02e
    Application [ Error ] 5/8/2013 1:17:42 PM Computer Name = Asus-ROG | Source = Application Hang | ID = 1002 -> Description = The program NCLauncher.exe version 1.0.1.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 614    Start Time: 01ce4c0fc913c13f    Termination Time: 3    Application Path: E:\Programs\NCSoft\Launcher\NCLauncher.exe    Report Id:   
    Application [ Error ] 5/14/2013 8:44:57 PM Computer Name = Asus-ROG | Source = Application Hang | ID = 1002 -> Description = The program firefox.exe version 20.0.1.4847 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 19fc    Start Time: 01ce50df4abc7c91    Termination Time: 31    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe    Report Id: a5cbc3a1-bcf8-11e2-b944-0008cafae02e  
    Application [ Error ] 5/15/2013 1:07:25 PM Computer Name = Asus-ROG | Source = BugSplat | ID = 1 -> Description = 
    System [ Error ] 5/19/2013 5:06:14 AM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7000 -> Description = The NVIDIA Update Service Daemon service failed to start due to the following error:   %%1069
    System [ Error ] 5/20/2013 5:52:21 PM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   CFRMD
    System [ Error ] 5/20/2013 5:54:22 PM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7038 -> Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:   %%1330    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    System [ Error ] 5/20/2013 5:54:22 PM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7000 -> Description = The NVIDIA Update Service Daemon service failed to start due to the following error:   %%1069
    System [ Error ] 5/20/2013 8:50:10 PM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   CFRMD
    System [ Error ] 5/20/2013 8:52:11 PM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7038 -> Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:   %%1330    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    System [ Error ] 5/20/2013 8:52:11 PM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7000 -> Description = The NVIDIA Update Service Daemon service failed to start due to the following error:   %%1069
    System [ Error ] 5/21/2013 6:40:34 PM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   CFRMD
    System [ Error ] 5/21/2013 6:42:36 PM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7038 -> Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:   %%1330    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    System [ Error ] 5/21/2013 6:42:36 PM Computer Name = Asus-ROG | Source = Service Control Manager | ID = 7000 -> Description = The NVIDIA Update Service Daemon service failed to start due to the following error:   %%1069
     
    [Files/Folders - Created Within 30 Days]
     TERA -> C:\Users\Johann\AppData\Local\TERA -> [2013/06/03 20:23:07 | 000,000,000 | ---D | C]
     BT Devices -> C:\Users\Johann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices -> [2013/06/03 20:18:11 | 000,000,000 | R--D | C]
     Tutorials -> C:\Users\Johann\Documents\Tutorials -> [2013/06/03 12:54:26 | 000,000,000 | ---D | C]
     Adobe -> C:\Program Files (x86)\Common Files\Adobe -> [2013/06/03 09:55:35 | 000,000,000 | ---D | C]
     Adobe -> C:\Program Files (x86)\Adobe -> [2013/06/03 09:55:35 | 000,000,000 | ---D | C]
     RawTherapee4.0 -> C:\Users\Johann\AppData\Local\RawTherapee4.0 -> [2013/06/02 09:51:28 | 000,000,000 | ---D | C]
     Raw Therapee -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raw Therapee -> [2013/06/02 09:47:50 | 000,000,000 | ---D | C]
     RawTherapeeV40 -> C:\Program Files\RawTherapeeV40 -> [2013/06/02 09:47:48 | 000,000,000 | ---D | C]
     Adobe -> C:\Program Files\Common Files\Adobe -> [2013/06/02 09:31:54 | 000,000,000 | ---D | C]
     GIMP Extensions -> C:\Program Files\GIMP Extensions -> [2013/06/02 09:31:31 | 000,000,000 | ---D | C]
     .thumbnails -> C:\Users\Johann\.thumbnails -> [2013/06/02 09:29:06 | 000,000,000 | ---D | C]
     gegl-0.2 -> C:\Users\Johann\AppData\Local\gegl-0.2 -> [2013/06/02 09:27:15 | 000,000,000 | ---D | C]
     fontconfig -> C:\Users\Johann\AppData\Local\fontconfig -> [2013/06/02 09:27:15 | 000,000,000 | ---D | C]
     .gimp-2.8 -> C:\Users\Johann\.gimp-2.8 -> [2013/06/02 09:27:15 | 000,000,000 | ---D | C]
     GIMP 2 -> C:\Program Files\GIMP 2 -> [2013/06/02 09:19:21 | 000,000,000 | ---D | C]
     Programs -> C:\Users\Johann\AppData\Local\Programs -> [2013/06/02 09:19:20 | 000,000,000 | ---D | C]
     Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2013/05/28 12:13:15 | 000,000,000 | ---D | C]
     .purple -> C:\Users\Johann\AppData\Roaming\.purple -> [2013/05/17 13:32:00 | 000,000,000 | ---D | C]
     Pidgin -> C:\Program Files (x86)\Pidgin -> [2013/05/17 13:31:15 | 000,000,000 | ---D | C]
     mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2013/05/15 03:00:29 | 000,096,768 | ---- | C] (Microsoft Corporation)
     mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2013/05/15 03:00:29 | 000,073,216 | ---- | C] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2013/05/15 03:00:28 | 000,248,320 | ---- | C] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2013/05/15 03:00:28 | 000,176,640 | ---- | C] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2013/05/15 03:00:28 | 000,173,056 | ---- | C] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2013/05/15 03:00:28 | 000,142,848 | ---- | C] (Microsoft Corporation)
     jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2013/05/15 03:00:27 | 002,312,704 | ---- | C] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2013/05/15 03:00:27 | 001,494,528 | ---- | C] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2013/05/15 03:00:27 | 001,427,968 | ---- | C] (Microsoft Corporation)
     url.dll -> C:\Windows\SysNative\url.dll -> [2013/05/15 03:00:27 | 000,237,056 | ---- | C] (Microsoft Corporation)
     url.dll -> C:\Windows\SysWow64\url.dll -> [2013/05/15 03:00:27 | 000,231,936 | ---- | C] (Microsoft Corporation)
     msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2013/05/15 03:00:26 | 000,729,088 | ---- | C] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2013/05/15 03:00:26 | 000,717,824 | ---- | C] (Microsoft Corporation)
     vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2013/05/15 03:00:26 | 000,599,040 | ---- | C] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2013/05/15 03:00:25 | 000,816,640 | ---- | C] (Microsoft Corporation)
     dxgmms1.sys -> C:\Windows\SysNative\drivers\dxgmms1.sys -> [2013/05/14 21:48:08 | 000,265,064 | ---- | C] (Microsoft Corporation)
     cdd.dll -> C:\Windows\SysNative\cdd.dll -> [2013/05/14 21:48:08 | 000,144,384 | ---- | C] (Microsoft Corporation)
     authui.dll -> C:\Windows\SysNative\authui.dll -> [2013/05/14 21:48:03 | 001,930,752 | ---- | C] (Microsoft Corporation)
     shdocvw.dll -> C:\Windows\SysNative\shdocvw.dll -> [2013/05/14 21:48:03 | 000,197,120 | ---- | C] (Microsoft Corporation)
     consent.exe -> C:\Windows\SysNative\consent.exe -> [2013/05/14 21:48:03 | 000,111,448 | ---- | C] (Microsoft Corporation)
     authui.dll -> C:\Windows\SysWow64\authui.dll -> [2013/05/14 21:48:02 | 001,796,096 | ---- | C] (Microsoft Corporation)
     wwanprotdim.dll -> C:\Windows\SysNative\wwanprotdim.dll -> [2013/05/14 21:47:58 | 000,048,640 | ---- | C] (Microsoft Corporation)
     Scarab Labs -> C:\Program Files (x86)\Scarab Labs -> [2013/05/09 02:08:36 | 000,000,000 | ---D | C]
     Winamp -> C:\Program Files (x86)\Winamp -> [2013/05/08 16:11:15 | 000,000,000 | ---D | C]
     
    [Files/Folders - Modified Within 30 Days]
     .recently-used.xbel -> C:\Users\Johann\.recently-used.xbel -> [2013/06/03 20:37:30 | 000,000,218 | ---- | M] ()
     GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/06/03 20:33:00 | 000,000,912 | ---- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/06/03 20:25:06 | 000,009,920 | -H-- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/06/03 20:25:06 | 000,009,920 | -H-- | M] ()
     PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2013/06/03 20:23:04 | 000,872,406 | ---- | M] ()
     perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2013/06/03 20:23:04 | 000,726,490 | ---- | M] ()
     perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2013/06/03 20:23:04 | 000,146,476 | ---- | M] ()
     GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/06/03 20:18:08 | 000,000,908 | ---- | M] ()
     ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job -> C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job -> [2013/06/03 20:18:04 | 000,000,828 | ---- | M] ()
     bootstat.dat -> C:\Windows\bootstat.dat -> [2013/06/03 20:17:53 | 000,067,584 | --S- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2013/06/03 20:17:51 | 4263,444,478 | -HS- | M] ()
     Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/06/03 19:16:00 | 000,000,830 | ---- | M] ()
     ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job -> C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job -> [2013/06/03 13:53:00 | 000,000,830 | ---- | M] ()
     VLC media player.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk -> [2013/06/03 09:34:11 | 000,001,086 | ---- | M] ()
     Microsoft Visual C# 2010 Express.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Visual C# 2010 Express.lnk -> [2013/06/03 09:21:24 | 000,000,758 | ---- | M] ()
     Scarab Darkroom.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\Scarab Darkroom.lnk -> [2013/06/03 09:20:55 | 000,002,629 | ---- | M] ()
     COMODO Firewall.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO Firewall.lnk -> [2013/06/03 09:20:37 | 000,001,862 | ---- | M] ()
     Raw Therapee V4.0 64Bit.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\Raw Therapee V4.0 64Bit.lnk -> [2013/06/03 09:20:05 | 000,002,579 | ---- | M] ()
     recently-used.xbel -> C:\Users\Johann\AppData\Local\recently-used.xbel -> [2013/06/02 09:30:40 | 000,001,500 | ---- | M] ()
     certsentry.dll -> C:\Windows\SysNative\certsentry.dll -> [2013/05/29 15:38:36 | 000,056,072 | ---- | M] (COMODO CA Limited)
     certsentry.dll -> C:\Windows\SysWow64\certsentry.dll -> [2013/05/29 15:38:36 | 000,047,368 | ---- | M] (COMODO CA Limited)
     FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2013/05/15 03:25:21 | 000,273,872 | ---- | M] ()
     FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/05/15 01:16:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated)
     FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/05/15 01:16:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated)
     config.nt -> C:\Windows\SysWow64\config.nt -> [2013/05/14 12:55:49 | 000,000,000 | ---- | M] ()
     aswSnx.sys -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software)
     aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software)
     aswVmm.sys -> C:\Windows\SysNative\drivers\aswVmm.sys -> [2013/05/09 01:59:07 | 000,189,936 | ---- | M] ()
     aswRdr2.sys -> C:\Windows\SysNative\drivers\aswRdr2.sys -> [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software)
     aswRvrt.sys -> C:\Windows\SysNative\drivers\aswRvrt.sys -> [2013/05/09 01:59:07 | 000,065,336 | ---- | M] ()
     aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software)
     aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software)
     aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software)
     avastSS.scr -> C:\Windows\avastSS.scr -> [2013/05/09 01:58:37 | 000,041,664 | ---- | M] (AVAST Software)
     aswBoot.exe -> C:\Windows\SysNative\aswBoot.exe -> [2013/05/09 01:58:11 | 000,287,840 | ---- | M] (AVAST Software)
     
    [Files - No Company Name]
     .recently-used.xbel -> C:\Users\Johann\.recently-used.xbel -> [2013/06/03 20:37:30 | 000,000,218 | ---- | C] ()
     Adobe Reader XI.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> [2013/06/03 09:55:40 | 000,002,441 | ---- | C] ()
     VLC media player.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk -> [2013/06/03 09:34:11 | 000,001,086 | ---- | C] ()
     Microsoft Visual C# 2010 Express.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Visual C# 2010 Express.lnk -> [2013/06/03 09:21:24 | 000,000,758 | ---- | C] ()
     Scarab Darkroom.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\Scarab Darkroom.lnk -> [2013/06/03 09:20:55 | 000,002,629 | ---- | C] ()
     COMODO Firewall.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO Firewall.lnk -> [2013/06/03 09:20:37 | 000,001,862 | ---- | C] ()
     Raw Therapee V4.0 64Bit.lnk -> C:\Users\Johann\Application Data\Microsoft\Internet Explorer\Quick Launch\Raw Therapee V4.0 64Bit.lnk -> [2013/06/03 09:20:05 | 000,002,579 | ---- | C] ()
     recently-used.xbel -> C:\Users\Johann\AppData\Local\recently-used.xbel -> [2013/06/02 09:30:40 | 000,001,500 | ---- | C] ()
     GIMP 2.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk -> [2013/06/02 09:19:41 | 000,000,894 | ---- | C] ()
     Pidgin.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk -> [2013/05/17 13:31:19 | 000,000,993 | ---- | C] ()
     Scarab Darkroom.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scarab Darkroom.lnk -> [2013/05/09 02:08:37 | 000,002,629 | ---- | C] ()
     Scarab Darkroom Manual.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scarab Darkroom Manual.lnk -> [2013/05/09 02:08:37 | 000,002,629 | ---- | C] ()
     Resmon.ResmonCfg -> C:\Users\Johann\AppData\Local\Resmon.ResmonCfg -> [2013/04/19 18:33:16 | 000,007,605 | ---- | C] ()
     Bench32.INI -> C:\Windows\Bench32.INI -> [2013/03/24 15:45:31 | 000,000,000 | ---- | C] ()
     PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2012/02/18 00:36:19 | 004,409,282 | ---- | C] ()
     IusEventLog.dll -> C:\Windows\SysWow64\IusEventLog.dll -> [2012/02/02 22:08:26 | 000,001,536 | ---- | C] ()
     
    [File - Lop Check]
     .purple -> C:\Users\Johann\AppData\Roaming\.purple -> [2013/05/17 17:58:11 | 000,000,000 | ---D | M]
     ASUS WebStorage -> C:\Users\Johann\AppData\Roaming\ASUS WebStorage -> [2013/03/23 18:06:37 | 000,000,000 | ---D | M]
     Bitcoin -> C:\Users\Johann\AppData\Roaming\Bitcoin -> [2013/04/20 10:08:09 | 000,000,000 | ---D | M]
     LolClient -> C:\Users\Johann\AppData\Roaming\LolClient -> [2013/03/24 00:07:03 | 000,000,000 | ---D | M]
     poclbm -> C:\Users\Johann\AppData\Roaming\poclbm -> [2013/04/20 23:26:39 | 000,000,000 | ---D | M]
     raidcall -> C:\Users\Johann\AppData\Roaming\raidcall -> [2013/05/03 22:27:27 | 000,000,000 | ---D | M]
     TS3Client -> C:\Users\Johann\AppData\Roaming\TS3Client -> [2013/05/11 00:50:59 | 000,000,000 | ---D | M]
     ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job -> C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job -> [2013/06/03 20:18:04 | 000,000,828 | ---- | M] ()
     ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job -> C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job -> [2013/06/03 13:53:00 | 000,000,830 | ---- | M] ()
     SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/13 22:08:49 | 000,027,192 | ---- | M] ()
     
    [File - Purity Scan]
     
    [Custom Scans]
    < %SYSTEMDRIVE%\*.* >
     bootmgr -> C:\bootmgr -> [2009/07/13 18:38:58 | 000,383,562 | RHS- | M] ()
     BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/07/28 23:03:37 | 000,008,192 | RHS- | M] ()
     G75VW.BIN -> C:\G75VW.BIN -> [2012/03/01 23:11:36 | 006,293,504 | ---- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2013/06/03 20:17:51 | 4263,444,478 | -HS- | M] ()
     pagefile.sys -> C:\pagefile.sys -> [2013/06/03 20:17:51 | 4252,938,237 | -HS- | M] ()
    < %systemroot%\system32\*.wt >
    < %systemroot%\system32\*.ruy >
    < %systemroot%\Fonts\*.com >
     GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/13 22:32:31 | 000,026,040 | ---- | M] ()
     GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/13 22:32:31 | 000,026,489 | ---- | M] ()
     GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/13 22:32:31 | 000,029,779 | ---- | M] ()
     GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/13 22:32:31 | 000,043,318 | ---- | M] ()
    < %systemroot%\Fonts\*.dll >
    < %systemroot%\Fonts\*.ini >
     desktop.ini -> C:\Windows\Fonts\desktop.ini -> [2009/06/10 13:49:50 | 000,000,065 | ---- | M] ()
    < %systemroot%\Fonts\*.ini2 >
    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    < %systemroot%\REPAIR\*.bak1 >
    < %systemroot%\REPAIR\*.ini >
    < %systemroot%\system32\*.jpg >
    < %systemroot%\*.scr >
     avastSS.scr -> C:\Windows\avastSS.scr -> [2013/05/09 01:58:37 | 000,041,664 | ---- | M] (AVAST Software)
     WLXPGSS.SCR -> C:\Windows\WLXPGSS.SCR -> [2011/05/13 16:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation)
    < %systemroot%\*._sy >
    < %APPDATA%\Adobe\Update\*.* >
    < %ALLUSERSPROFILE%\Favorites\*.* >
    < %APPDATA%\Microsoft\*.* >
    < %PROGRAMFILES%\*.* >
     desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] ()
    < %APPDATA%\Update\*.* >
    < %systemroot%\*. /mp /s >
     
    CREATERESTOREPOINT
    Restore point Set: OTS Restore Point
    < %systemroot%\system32\*.dll /lockedfiles >
    < %systemroot%\Tasks\*.job /lockedfiles >
    < %systemroot%\System32\config\*.sav >
    < %systemroot%\system32\user32.dll /md5 >
     user32.dll : MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -> C:\Windows\system32\user32.dll -> [2010/11/20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation)
    < %systemroot%\system32\ws2_32.dll /md5 >
     ws2_32.dll : MD5=7FF15A4F092CD4A96055BA69F903E3E9 -> C:\Windows\system32\ws2_32.dll -> [2010/11/20 05:21:40 | 000,206,848 | ---- | M] (Microsoft Corporation)
    < %systemroot%\system32\ws2help.dll /md5 >
     ws2help.dll : MD5=808AABDF9337312195CAFF76D1804786 -> C:\Windows\system32\ws2help.dll -> [2009/07/13 18:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation)
    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ not found. -> -> 
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >

    This looks bad..what should i do???

  2. #2
    Member
    Join Date
    Jun 2013
    Posts
    6
    Points
    0

    Default

    Correction, I ran gmer.exe and it found unknown MBR code.

  3. #3
    Member
    Join Date
    Jun 2013
    Posts
    6
    Points
    0

    Default

    MBRcheck log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: ASUSTeK COMPUTER INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK COMPUTER INC.
    System Product Name: G75VW
    Logical Drives Mask: 0x00000034

    Kernel Drivers (total 181):
    0x03811000 \SystemRoot\system32\ntoskrnl.exe
    0x03DF7000 \SystemRoot\system32\hal.dll
    0x0400E000 \SystemRoot\system32\kdcom.dll
    0x00C8C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CDB000 \SystemRoot\system32\PSHED.dll
    0x00CEF000 \SystemRoot\system32\CLFS.SYS
    0x00E08000 \SystemRoot\system32\CI.dll
    0x00EC8000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F8A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F9A000 \SystemRoot\system32\drivers\ACPI.sys
    0x00FF1000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00D4D000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00D57000 \SystemRoot\system32\drivers\pci.sys
    0x00D8A000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00D97000 \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    0x00DA0000 \SystemRoot\System32\drivers\partmgr.sys
    0x00DB5000 \SystemRoot\system32\drivers\compbatt.sys
    0x00DBE000 \SystemRoot\system32\drivers\BATTC.SYS
    0x00DCA000 \SystemRoot\system32\drivers\volmgr.sys
    0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01007000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x013AB000 \SystemRoot\system32\drivers\atapi.sys
    0x013B4000 \SystemRoot\system32\drivers\ataport.SYS
    0x013DE000 \SystemRoot\system32\drivers\msahci.sys
    0x013E9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00C76000 \SystemRoot\system32\drivers\amdxata.sys
    0x01482000 \SystemRoot\system32\drivers\fltmgr.sys
    0x014CE000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01639000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x014E2000 \SystemRoot\System32\Drivers\msrpc.sys
    0x017DB000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01540000 \SystemRoot\System32\Drivers\cng.sys
    0x01600000 \SystemRoot\System32\drivers\pcw.sys
    0x01611000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01893000 \SystemRoot\system32\drivers\ndis.sys
    0x01985000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
    0x0182B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x015B2000 \SystemRoot\system32\drivers\volsnap.sys
    0x01874000 \SystemRoot\System32\Drivers\spldr.sys
    0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0187C000 \SystemRoot\System32\Drivers\mup.sys
    0x019E5000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x0161B000 \SystemRoot\system32\drivers\disk.sys
    0x01C45000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x01C75000 \SystemRoot\System32\Drivers\aswVmm.sys
    0x01CA5000 \SystemRoot\System32\Drivers\aswRvrt.sys
    0x04613000 \SystemRoot\System32\DRIVERS\cmderd.sys
    0x0461C000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01CC6000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0x03076000 \SystemRoot\system32\DRIVERS\cmdguard.sys
    0x03128000 \SystemRoot\System32\Drivers\Null.SYS
    0x03131000 \SystemRoot\System32\Drivers\Beep.SYS
    0x03138000 \SystemRoot\System32\drivers\vga.sys
    0x03146000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0316B000 \SystemRoot\System32\drivers\watchdog.sys
    0x0317B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x03184000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0318D000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x03196000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x031A1000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x031B2000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x031D4000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x031E1000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
    0x031EE000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x03000000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x040F4000 \SystemRoot\system32\drivers\afd.sys
    0x0417D000 \SystemRoot\System32\Drivers\aswrdr2.sys
    0x04191000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x0419A000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x041C0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x041D6000 \SystemRoot\system32\DRIVERS\inspect.sys
    0x041F1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x04000000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x0401B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0402F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x04039000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x04043000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04094000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x040A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x040AB000 \SystemRoot\System32\drivers\discache.sys
    0x040BA000 \SystemRoot\System32\Drivers\dfsc.sys
    0x040D8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x04C85000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x04CE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x068FE000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x06800000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x073A6000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04D0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04D31000 \SystemRoot\system32\DRIVERS\iusb3xhc.sys
    0x073EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04C00000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x073EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04C13000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x05042000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x052F4000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05301000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x0531D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0533B000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x053A6000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x053B5000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x053BD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x053CC000 \SystemRoot\system32\DRIVERS\Smb_driver.sys
    0x053D7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x053DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x053F2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x05000000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x05010000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03045000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05026000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x01DC5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04C69000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x01C00000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x01C21000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x05032000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x054C4000 \SystemRoot\system32\DRIVERS\ks.sys
    0x05507000 \SystemRoot\system32\DRIVERS\btath_bus.sys
    0x05514000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05526000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x0555C000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x055B6000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x055CB000 \SystemRoot\system32\drivers\nvhda64v.sys
    0x05400000 \SystemRoot\system32\drivers\portcls.sys
    0x0543D000 \SystemRoot\system32\drivers\drmk.sys
    0x0545F000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05465000 \SystemRoot\system32\DRIVERS\iusb3hub.sys
    0x05C66000 \SystemRoot\system32\drivers\viahduaa.sys
    0x05E89000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05E97000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05EB0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05EB9000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05EC6000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04646000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x05ED4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x000E0000 \SystemRoot\System32\win32k.sys
    0x05EE7000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05EF3000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x05F01000 \SystemRoot\system32\DRIVERS\btfilter.sys
    0x05F9A000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x02A5B000 \SystemRoot\System32\Drivers\bthport.sys
    0x004A0000 \SystemRoot\System32\TSDDD.dll
    0x02AE7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x00740000 \SystemRoot\System32\cdd.dll
    0x02B04000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x02B32000 \SystemRoot\system32\drivers\luafv.sys
    0x02B55000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x02B7D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x02BA9000 \SystemRoot\system32\drivers\BthEnum.sys
    0x02BB9000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\btath_rcp.sys
    0x05FB2000 \SystemRoot\system32\drivers\btath_avdt.sys
    0x02E73000 \SystemRoot\system32\drivers\btath_a2dp.sys
    0x02EE4000 \SystemRoot\system32\DRIVERS\btath_hcrp.sys
    0x02F3E000 \SystemRoot\system32\DRIVERS\btath_flt.sys
    0x02F4D000 \SystemRoot\system32\DRIVERS\btath_lwflt.sys
    0x02F63000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x02F6E000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02F83000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02FD6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x060BF000 \SystemRoot\system32\drivers\HTTP.sys
    0x06188000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x061A6000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x061BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x06000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0604E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x08073000 \SystemRoot\system32\drivers\peauth.sys
    0x08119000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x08124000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x08155000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x08167000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0863F000 \SystemRoot\System32\DRIVERS\srv.sys
    0x086D7000 \SystemRoot\system32\DRIVERS\umpass.sys
    0x087C0000 \??\C:\Users\Johann\AppData\Local\Temp\pftyrpoc.sys
    0x77770000 \Windows\System32\ntdll.dll
    0x47E00000 \Windows\System32\smss.exe
    0xFFA90000 \Windows\System32\apisetschema.dll
    0xFF8B0000 \Windows\System32\autochk.exe

    Processes (total 92):
    0 System Idle Process
    4 System
    536 C:\Windows\System32\smss.exe
    680 csrss.exe
    780 C:\Windows\System32\wininit.exe
    796 csrss.exe
    844 C:\Windows\System32\services.exe
    864 C:\Windows\System32\lsass.exe
    872 C:\Windows\System32\lsm.exe
    976 C:\Windows\System32\svchost.exe
    388 C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    556 C:\Windows\System32\winlogon.exe
    692 C:\Windows\System32\nvvsvc.exe
    580 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    772 C:\Windows\System32\svchost.exe
    1084 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    1140 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\svchost.exe
    1316 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\svchost.exe
    1544 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1564 C:\Windows\System32\nvvsvc.exe
    1756 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    2012 C:\Windows\System32\spoolsv.exe
    1168 C:\Windows\System32\svchost.exe
    1428 C:\Windows\System32\svchost.exe
    1864 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    2180 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    2232 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    2316 C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    2436 C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    2504 C:\Program Files\Intel\iCLS Client\HeciServer.exe
    2588 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    2676 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    2708 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    2880 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2908 C:\Windows\System32\svchost.exe
    2972 C:\Windows\System32\ViakaraokeSrv.exe
    3036 C:\Program Files (x86)\Winstep\WsxService.exe
    2292 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2728 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    3212 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3664 C:\Windows\System32\svchost.exe
    3728 C:\Windows\System32\svchost.exe
    3940 C:\Windows\System32\taskhost.exe
    3224 C:\Windows\System32\dwm.exe
    4108 C:\Windows\explorer.exe
    4672 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    4696 cavwp.exe
    4888 C:\Windows\System32\SearchIndexer.exe
    5084 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    4316 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    4732 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    3880 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4760 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    5388 C:\Windows\System32\svchost.exe
    5572 C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    5760 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5768 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    5800 C:\Program Files\Rainlendar2\Rainlendar2.exe
    5844 C:\Program Files (x86)\Winstep\Nexus.exe
    6140 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    5232 C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    5296 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    4336 C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    6504 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    7072 C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    5684 dllhost.exe
    5184 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    5376 C:\Windows\System32\svchost.exe
    5712 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    3020 C:\Program Files (x86)\Pando Networks\Media Booster\BsSndRpt.exe
    7196 C:\Windows\System32\audiodg.exe
    6860 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    8160 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    8132 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    7400 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    7296 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    6976 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    3808 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    6104 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    6276 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    912 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    7216 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    808 C:\Windows\System32\SearchProtocolHost.exe
    6500 C:\Windows\System32\SearchFilterHost.exe
    1808 dllhost.exe
    7576 dllhost.exe
    7152 C:\Users\Johann\Downloads\MBRCheck.exe
    7372 C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18015_none_d282acc418b89129\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`14900000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`14900000 (NTFS)

    PhysicalDrive0 Model Number: INTELSSDSC2CW120A3
    PhysicalDrive1 Model Number: HitachiHTS727575A9E364, Rev: JF4OA200

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
    698 GB \\.\PhysicalDrive1 Unknown MBR code
    SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:

    Done!

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Correction, I ran gmer.exe and it found unknown MBR code.
    This is nothing to worry about.

    Please run the following tools and post there logs.

    1.
    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the Delete button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.


    2.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member
    Join Date
    Jun 2013
    Posts
    6
    Points
    0

    Default

    AdwCleaner v2.302 - Logfile created 06/10/2013 at 10:04:13
    # Updated 06/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Johann - ASUS-ROG
    # Boot Mode : Normal
    # Running from : C:\Users\Johann\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\boost_interprocess

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\Software\InstallIQ

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16483

    [OK] Registry is clean.

    -\\ Mozilla Firefox v21.0 (en-US)

    File : C:\Users\Johann\AppData\Roaming\Mozilla\Firefox\Profiles\t7cv33e3.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1103 octets] - [10/06/2013 10:01:49]
    AdwCleaner[S1].txt - [322 octets] - [10/06/2013 10:02:35]
    AdwCleaner[S2].txt - [1102 octets] - [10/06/2013 10:04:13]

    ########## EOF - C:\AdwCleaner[S2].txt - [1162 octets] ##########

  6. #6
    Member
    Join Date
    Jun 2013
    Posts
    6
    Points
    0

    Default

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Johann [Admin rights]
    Mode : Scan -- Date : 06/10/2013 10:08:05
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{20A97276-700E-4CB5-9F53-FC03180D1256} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{9AB7C896-2747-437C-B61D-256CD0FB8C8C} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{20A97276-700E-4CB5-9F53-FC03180D1256} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{9AB7C896-2747-437C-B61D-256CD0FB8C8C} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\avastSS.scr) [7] -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: INTEL SSDSC2CW120A3 +++++
    --- User ---
    [MBR] f2352a5d0a5ebca27cb15c211781703d
    [BSP] 63b6ea295a4ca3fc181a1b8f1ca580cc : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Hitachi HTS727575A9E364 +++++
    --- User ---
    [MBR] ad713a678123121a6c749d3ccf01951a
    [BSP] 9232ae22d11388c45bfb33240f8535b1 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_06102013_02d1008.txt >>
    RKreport[1]_S_06102013_02d1008.txt

  7. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click DNSFIX
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    2.

    Please download Listparts64
    Run the tool, click Scan and post the log (Result.txt) it makes.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #8
    Member
    Join Date
    Jun 2013
    Posts
    6
    Points
    0

    Default

    You sure about that? I'm using comodo secure dns...

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    [SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\avastSS.scr) [7] -> FOUND
    Don't run the DNSFIX Instead run Roguekiller and select delete for the file above.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
    If you are the topic starter and need this topic reopened, send me a message.

    Everyone else, please begin a new topic.

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-