Jump to content

AllanGay

Honorary Members
  • Posts

    76
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok, working on this. The first registry key was not there, so I'll skip it and find the ones I can find.
  2. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2013 01 Ran by SYSTEM at 27-02-2013 00:05:33 Running from F:\ Windows Vista Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x] HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x] HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x] HKLM\...\Run: [TPwrMain] .EXE [x] HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-15] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [synTPStart] TPSTART.EXE [x] HKLM\...\Run: [NDSTray.exe] DSTRAY.EXE [x] HKLM\...\Run: [Windows Mobile-based device management] C.EXE [x] HKLM\...\Run: [sSBkgdUpdate] G -BOOT [x] HKLM\...\Run: [OpwareSE4] IPAGESE4\OPWARESE4.EXE" [x] HKLM\...\Run: [sunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x] HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x] HKLM\...\Run: [synTPEnh] H.EXE [x] HKLM\...\Run: [PAP7501_Monitor] DOWS\PIXART\PAP7501\GUCI_AVS.EXE [x] HKLM\...\Run: [Malwarebytes' Anti-Malware] TI-MALWARE\MBAMGUI.EXE" /STARTTRAY [x] HKLM\...\Run: [QuickTime Task] "C:\Windows\System32\qttask.exe" -atboottime [98304 2013-02-25] (Apple Computer, Inc.) HKU\Morgan\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\Morgan\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-05-13] (Google Inc.) HKU\Morgan\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5248312 2010-03-19] (Yahoo! Inc.) HKU\Morgan\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation) HKU\Morgan\...\Run: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe" [48648 2011-05-22] (Mobile Stream) HKU\Morgan\...\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [490880 2012-09-24] (IObit) HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation) HKLM\...\Runonce: [GrpConv] grpconv -o [x] Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Startup: C:\Users\Morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) ==================== Services (Whitelisted) =================== 2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit) 2 gupdate1c9872b7d755da3; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-02-04] (Google Inc.) 2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-02-26] (SurfRight B.V.) 2 KillZA; "C:\Users\Morgan\Desktop\killza\KillZA\KillZA.exe" /svc [834488 2012-10-16] (Foolish IT) 3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093872 2008-06-30] (Symantec Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation) 2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] () 3 PSEXESVC; C:\Windows\PSEXESVC.EXE [181064 2013-02-25] (Sysinternals) 2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [427576 2007-03-29] (TOSHIBA Corporation) 2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) 2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-18] (Microsoft Corporation) 2 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-18] (Microsoft Corporation) 3 ATTRcAppSvc; "C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [x] 3 CAATT; "C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [x] 2 napagent32; C:\Windows\system32\ddraw32.exe [x] ==================== Drivers (Whitelisted) ==================== 3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [17296 2011-05-22] (Mobile Stream) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation) 3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd) 3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [874496 2006-11-02] (Microsoft Corporation) 3 SWNC8U56; C:\Windows\System32\DRIVERS\swnc8u56.sys [101248 2007-06-27] (Sierra Wireless Inc.) 3 SWUMX56; C:\Windows\System32\DRIVERS\swumx56.sys [73856 2007-06-27] (Sierra Wireless Inc.) 3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.) 3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.) 3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.) 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 catchme; \??\C:\Users\Morgan\AppData\Local\Temp\catchme.sys [x] 2 CWMonitor; \??\C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys [x] 3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x] 3 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [x] 3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 lvpopflt; C:\Windows\System32\DRIVERS\lvpopflt.sys [x] 3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [x] 3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [x] 2 MCSTRM; [x] 3 MFE_RR; \??\C:\Users\Morgan\AppData\Local\Temp\mfe_rr.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x] 3 SVRPEDRV; \??\C:\Windows\System32\sysprep\UP_date\PEDrv.sys [x] 3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [x] 3 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [x] 3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-02-26 12:59 - 2013-02-26 12:59 - 00001715 ____A C:\Users\Morgan\Desktop\RKreport[1]_S_02262013_02d1559.txt 2013-02-26 11:34 - 2012-03-06 07:16 - 00131072 ____A (FoolishIT.com) C:\Windows\GooG.exe 2013-02-26 11:16 - 2013-02-26 11:16 - 00000000 ____D C:\Program Files\HitmanPro 2013-02-26 11:15 - 2013-02-26 11:15 - 00000000 ____D C:\ProgramData\HitmanPro 2013-02-26 11:15 - 2013-02-26 11:15 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro 2013-02-26 08:59 - 2013-02-26 08:59 - 00000000 ____D C:\Windows\SoftwareDistribution.old 2013-02-25 18:18 - 2013-02-26 08:44 - 00000000 ____D C:\ComboFix 2013-02-25 17:50 - 2013-02-25 18:59 - 00000000 ____D C:\Windows\System32\CatRoot2.old 2013-02-25 16:47 - 2013-02-25 16:47 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_wscsvc 2013-02-25 16:46 - 2013-02-25 16:40 - 00000486 ____A C:\Users\Morgan\Desktop\legacy_wscsvc.zip 2013-02-25 15:28 - 2013-02-25 15:28 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-02-25 15:28 - 2013-02-25 15:17 - 04009167 ____A C:\Users\Morgan\Desktop\ServicesRepair.exe 2013-02-25 14:58 - 2013-02-25 14:51 - 00294400 ____A C:\Users\Morgan\Desktop\exeHelper.com 2013-02-25 14:22 - 2013-02-25 14:22 - 00000052 ____A C:\Windows\avmcoins.log 2013-02-25 14:20 - 2013-02-25 14:20 - 00000002 ____A C:\Windows\Twain001.Mtx 2013-02-25 14:18 - 2013-02-25 14:18 - 00000197 ____A C:\Windows\ODBCINST.INI 2013-02-22 11:02 - 2013-02-26 08:34 - 00000263 ____A C:\Windows\zerobyte_files_deleted.txt 2013-02-22 11:02 - 2013-02-26 08:34 - 00000261 ____A C:\Windows\System32\zerobyte_files_deleted.txt 2013-02-22 10:56 - 2012-07-30 07:14 - 00031616 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-02-22 10:40 - 2013-02-22 10:40 - 00000556 ____A C:\Users\Morgan\Desktop\D7.exe - Shortcut.lnk 2013-02-22 10:39 - 2013-02-22 10:39 - 00000628 ____A C:\Users\Morgan\Desktop\KillZA.exe - Shortcut.lnk 2013-02-22 10:37 - 2013-02-22 10:37 - 00053248 ____A C:\Windows\System32\zlib.dll 2013-02-22 10:35 - 2013-02-26 13:47 - 00000000 ____D C:\Support 2013-02-22 10:34 - 2013-02-22 10:35 - 00000000 ____D C:\Users\Morgan\Desktop\killza 2013-02-22 09:53 - 2013-02-22 09:54 - 00000000 ____D C:\Users\Morgan\Desktop\D7 2013-02-22 05:27 - 2013-02-22 05:27 - 00000207 ____A C:\Windows\tweaking.com-regbackup-NONPAREIL-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat 2013-02-22 05:26 - 2013-02-22 05:26 - 00000000 ____D C:\RegBackup 2013-02-22 04:30 - 2013-02-22 04:30 - 00002079 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2013-02-22 04:30 - 2013-02-22 04:30 - 00000000 ____D C:\Program Files\Tweaking.com 2013-02-22 04:06 - 2013-02-22 04:26 - 00000000 ____D C:\Users\Morgan\Desktop\M.W 2013-02-09 17:46 - 2013-02-25 12:53 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2013-02-09 16:41 - 2013-02-26 12:58 - 00000000 ____D C:\Users\Morgan\Desktop\RK_Quarantine 2013-02-09 15:12 - 2013-02-09 15:12 - 00001306 ____A C:\Windows\setupact.log 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_sdrsvc 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_mpssvc 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_bits 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_bfe 2013-02-09 13:35 - 2013-02-09 13:29 - 00782848 ____A C:\Users\Morgan\Desktop\RogueKiller.exe 2013-02-09 12:16 - 2013-02-26 13:01 - 00027384 ____A C:\Windows\PFRO.log 2013-02-09 12:14 - 2013-02-09 12:14 - 00000000 ____D C:\ProgramData\McAfee 2013-02-09 12:14 - 2013-02-09 12:14 - 00000000 ____D C:\ProgramData\Application Data\McAfee 2013-02-09 12:09 - 2013-02-09 12:03 - 03177840 ____A (McAfee, Inc.) C:\Users\Morgan\Desktop\MCPR.exe 2013-02-09 10:45 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2013-02-09 10:45 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2013-02-09 10:45 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2013-02-09 10:37 - 2013-02-25 17:33 - 05034894 ___RA (Swearware) C:\Users\Morgan\Desktop\ComboFix.exe 2013-02-08 16:12 - 2013-02-08 16:13 - 00000000 ____D C:\ProgramData\IObit 2013-02-08 16:12 - 2013-02-08 16:13 - 00000000 ____D C:\ProgramData\Application Data\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Users\Morgan\Application Data\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Users\Morgan\AppData\Roaming\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Program Files\IObit 2013-02-08 13:30 - 2013-02-08 13:30 - 00000000 ____D C:\FRST 2013-02-08 12:30 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-02-08 10:53 - 2013-02-25 19:28 - 00000000 ____D C:\Users\Morgan\Desktop\reports ==================== One Month Modified Files and Folders ======== 2013-02-26 15:53 - 2007-12-26 17:16 - 01465054 ____A C:\Windows\WindowsUpdate.log 2013-02-26 15:53 - 2006-11-02 05:01 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-02-26 15:53 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-26 15:53 - 2006-11-02 04:47 - 00003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-26 15:53 - 2006-11-02 04:47 - 00003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-02-26 15:31 - 2012-03-30 17:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-26 14:55 - 2009-06-29 16:36 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-02-26 13:47 - 2013-02-22 10:35 - 00000000 ____D C:\Support 2013-02-26 13:44 - 2009-06-29 16:36 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-26 13:02 - 2006-11-02 04:47 - 01740896 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-26 13:01 - 2013-02-09 12:16 - 00027384 ____A C:\Windows\PFRO.log 2013-02-26 12:59 - 2013-02-26 12:59 - 00001715 ____A C:\Users\Morgan\Desktop\RKreport[1]_S_02262013_02d1559.txt 2013-02-26 12:58 - 2013-02-09 16:41 - 00000000 ____D C:\Users\Morgan\Desktop\RK_Quarantine 2013-02-26 11:16 - 2013-02-26 11:16 - 00000000 ____D C:\Program Files\HitmanPro 2013-02-26 11:15 - 2013-02-26 11:15 - 00000000 ____D C:\ProgramData\HitmanPro 2013-02-26 11:15 - 2013-02-26 11:15 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro 2013-02-26 11:15 - 2006-11-02 02:33 - 00005510 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-26 10:51 - 2009-02-06 14:20 - 00000000 ____D C:\Users\Morgan\Application Data\GARMIN 2013-02-26 10:51 - 2009-02-06 14:20 - 00000000 ____D C:\Users\Morgan\AppData\Roaming\GARMIN 2013-02-26 08:59 - 2013-02-26 08:59 - 00000000 ____D C:\Windows\SoftwareDistribution.old 2013-02-26 08:44 - 2013-02-25 18:18 - 00000000 ____D C:\ComboFix 2013-02-26 08:34 - 2013-02-22 11:02 - 00000263 ____A C:\Windows\zerobyte_files_deleted.txt 2013-02-26 08:34 - 2013-02-22 11:02 - 00000261 ____A C:\Windows\System32\zerobyte_files_deleted.txt 2013-02-26 08:34 - 2006-11-02 03:18 - 00000000 ____D C:\users\Default 2013-02-25 19:28 - 2013-02-08 10:53 - 00000000 ____D C:\Users\Morgan\Desktop\reports 2013-02-25 18:59 - 2013-02-25 17:50 - 00000000 ____D C:\Windows\System32\CatRoot2.old 2013-02-25 18:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool 2013-02-25 17:33 - 2013-02-09 10:37 - 05034894 ___RA (Swearware) C:\Users\Morgan\Desktop\ComboFix.exe 2013-02-25 16:47 - 2013-02-25 16:47 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_wscsvc 2013-02-25 16:40 - 2013-02-25 16:46 - 00000486 ____A C:\Users\Morgan\Desktop\legacy_wscsvc.zip 2013-02-25 15:28 - 2013-02-25 15:28 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-02-25 15:17 - 2013-02-25 15:28 - 04009167 ____A C:\Users\Morgan\Desktop\ServicesRepair.exe 2013-02-25 15:03 - 2012-06-21 04:22 - 00000370 ____A C:\rkill.log 2013-02-25 14:51 - 2013-02-25 14:58 - 00294400 ____A C:\Users\Morgan\Desktop\exeHelper.com 2013-02-25 14:22 - 2013-02-25 14:22 - 00000052 ____A C:\Windows\avmcoins.log 2013-02-25 14:22 - 2011-07-11 09:13 - 00098304 ____A (Apple Computer, Inc.) C:\Windows\System32\qttask.exe 2013-02-25 14:20 - 2013-02-25 14:20 - 00000002 ____A C:\Windows\Twain001.Mtx 2013-02-25 14:18 - 2013-02-25 14:18 - 00000197 ____A C:\Windows\ODBCINST.INI 2013-02-25 12:53 - 2013-02-09 17:46 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2013-02-22 12:08 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Offline Web Pages 2013-02-22 11:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Media 2013-02-22 11:58 - 2011-07-10 19:59 - 00000000 ____D C:\Users\Public\Libraries 2013-02-22 11:58 - 2011-07-10 19:57 - 00000000 ____D C:\Program Files (x86) 2013-02-22 11:58 - 2006-11-02 04:37 - 00000000 ____D C:\Users\Public\Recorded TV 2013-02-22 11:58 - 2006-11-02 03:18 - 00000000 ____D C:\users\Public 2013-02-22 11:57 - 2012-02-17 20:45 - 00000000 ____D C:\Users\Morgan\Documents\My Playstation Themes 2013-02-22 11:56 - 2011-07-10 23:13 - 00000000 ____D C:\Program Files\Skype 2013-02-22 11:11 - 2008-02-15 16:49 - 00000000 ____D C:\users\Morgan 2013-02-22 10:40 - 2013-02-22 10:40 - 00000556 ____A C:\Users\Morgan\Desktop\D7.exe - Shortcut.lnk 2013-02-22 10:39 - 2013-02-22 10:39 - 00000628 ____A C:\Users\Morgan\Desktop\KillZA.exe - Shortcut.lnk 2013-02-22 10:37 - 2013-02-22 10:37 - 00053248 ____A C:\Windows\System32\zlib.dll 2013-02-22 10:35 - 2013-02-22 10:34 - 00000000 ____D C:\Users\Morgan\Desktop\killza 2013-02-22 09:54 - 2013-02-22 09:53 - 00000000 ____D C:\Users\Morgan\Desktop\D7 2013-02-22 05:27 - 2013-02-22 05:27 - 00000207 ____A C:\Windows\tweaking.com-regbackup-NONPAREIL-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat 2013-02-22 05:26 - 2013-02-22 05:26 - 00000000 ____D C:\RegBackup 2013-02-22 04:30 - 2013-02-22 04:30 - 00002079 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2013-02-22 04:30 - 2013-02-22 04:30 - 00000000 ____D C:\Program Files\Tweaking.com 2013-02-22 04:26 - 2013-02-22 04:06 - 00000000 ____D C:\Users\Morgan\Desktop\M.W 2013-02-09 17:47 - 2008-02-16 01:26 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-02-09 15:12 - 2013-02-09 15:12 - 00001306 ____A C:\Windows\setupact.log 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_sdrsvc 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_mpssvc 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_bits 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_bfe 2013-02-09 13:48 - 2012-06-21 08:20 - 00352855 ____A (Farbar) C:\Users\Morgan\Desktop\FSS.exe 2013-02-09 13:29 - 2013-02-09 13:35 - 00782848 ____A C:\Users\Morgan\Desktop\RogueKiller.exe 2013-02-09 12:14 - 2013-02-09 12:14 - 00000000 ____D C:\ProgramData\McAfee 2013-02-09 12:14 - 2013-02-09 12:14 - 00000000 ____D C:\ProgramData\Application Data\McAfee 2013-02-09 12:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\config\Journal 2013-02-09 12:03 - 2013-02-09 12:09 - 03177840 ____A (McAfee, Inc.) C:\Users\Morgan\Desktop\MCPR.exe 2013-02-08 16:13 - 2013-02-08 16:12 - 00000000 ____D C:\ProgramData\IObit 2013-02-08 16:13 - 2013-02-08 16:12 - 00000000 ____D C:\ProgramData\Application Data\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Users\Morgan\Application Data\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Users\Morgan\AppData\Roaming\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Program Files\IObit 2013-02-08 13:30 - 2013-02-08 13:30 - 00000000 ____D C:\FRST 2013-02-08 04:51 - 2012-06-21 08:59 - 00000000 ____D C:\Windows\ERDNT ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 2037.81 MB Available physical RAM: 1645.49 MB Total Pagefile: 1866.29 MB Available Pagefile: 1716.1 MB Total Virtual: 2047.88 MB Available Virtual: 1982.35 MB ==================== Partitions ============================= 1 Drive c: (SQ004585V03) (Fixed) (Total:184.84 GB) (Free:27.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.33 GB) NTFS 4 Drive f: (AL'S) (Removable) (Total:3.73 GB) (Free:1 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 186 GB 3257 KB Disk 1 Online 3824 MB 0 B Partitions of Disk 0: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Partitions of Disk 1: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Last Boot: 2013-02-26 13:52 ==================== End Of Log ============================
  3. Frst.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2013 (ATTENTION: FRST version is 20 days old) Ran by SYSTEM at 26-02-2013 19:08:52 Running from F:\ Windows Vista Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x] HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x] HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x] HKLM\...\Run: [TPwrMain] .EXE [x] HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-15] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [synTPStart] TPSTART.EXE [x] HKLM\...\Run: [NDSTray.exe] DSTRAY.EXE [x] HKLM\...\Run: [Windows Mobile-based device management] C.EXE [x] HKLM\...\Run: [sSBkgdUpdate] G -BOOT [x] HKLM\...\Run: [OpwareSE4] IPAGESE4\OPWARESE4.EXE" [x] HKLM\...\Run: [sunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x] HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x] HKLM\...\Run: [synTPEnh] H.EXE [x] HKLM\...\Run: [PAP7501_Monitor] DOWS\PIXART\PAP7501\GUCI_AVS.EXE [x] HKLM\...\Run: [Malwarebytes' Anti-Malware] TI-MALWARE\MBAMGUI.EXE" /STARTTRAY [x] HKLM\...\Run: [QuickTime Task] "C:\Windows\System32\qttask.exe" -atboottime [98304 2013-02-25] (Apple Computer, Inc.) HKU\Morgan\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\Morgan\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-05-13] (Google Inc.) HKU\Morgan\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5248312 2010-03-19] (Yahoo! Inc.) HKU\Morgan\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation) HKU\Morgan\...\Run: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe" [48648 2011-05-22] (Mobile Stream) HKU\Morgan\...\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [490880 2012-09-24] (IObit) HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation) HKLM\...\Runonce: [GrpConv] grpconv -o [x] Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Startup: C:\Users\Morgan\Start Menu\Programs\Startup\Yahoo! Widgets.lnk ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) ==================== Services (Whitelisted) =================== 2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit) 2 gupdate1c9872b7d755da3; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-02-04] (Google Inc.) 2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-02-26] (SurfRight B.V.) 2 KillZA; "C:\Users\Morgan\Desktop\killza\KillZA\KillZA.exe" /svc [834488 2012-10-16] (Foolish IT) 3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093872 2008-06-30] (Symantec Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation) 2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] () 3 PSEXESVC; C:\Windows\PSEXESVC.EXE [181064 2013-02-25] (Sysinternals) 2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [427576 2007-03-29] (TOSHIBA Corporation) 2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) 2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-18] (Microsoft Corporation) 2 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-18] (Microsoft Corporation) 3 ATTRcAppSvc; "C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [x] 3 CAATT; "C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [x] 2 napagent32; C:\Windows\system32\ddraw32.exe [x] ==================== Drivers (Whitelisted) ==================== 3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [17296 2011-05-22] (Mobile Stream) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation) 3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd) 3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [874496 2006-11-02] (Microsoft Corporation) 3 SWNC8U56; C:\Windows\System32\DRIVERS\swnc8u56.sys [101248 2007-06-27] (Sierra Wireless Inc.) 3 SWUMX56; C:\Windows\System32\DRIVERS\swumx56.sys [73856 2007-06-27] (Sierra Wireless Inc.) 3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.) 3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.) 3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.) 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 catchme; \??\C:\Users\Morgan\AppData\Local\Temp\catchme.sys [x] 2 CWMonitor; \??\C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys [x] 3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x] 3 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [x] 3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 lvpopflt; C:\Windows\System32\DRIVERS\lvpopflt.sys [x] 3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [x] 3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [x] 2 MCSTRM; [x] 3 MFE_RR; \??\C:\Users\Morgan\AppData\Local\Temp\mfe_rr.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x] 3 SVRPEDRV; \??\C:\Windows\System32\sysprep\UP_date\PEDrv.sys [x] 3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [x] 3 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [x] 3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-02-26 12:59 - 2013-02-26 12:59 - 00001715 ____A C:\Users\Morgan\Desktop\RKreport[1]_S_02262013_02d1559.txt 2013-02-26 11:34 - 2012-03-06 07:16 - 00131072 ____A (FoolishIT.com) C:\Windows\GooG.exe 2013-02-26 11:16 - 2013-02-26 11:16 - 00000000 ____D C:\Program Files\HitmanPro 2013-02-26 11:15 - 2013-02-26 11:15 - 00000000 ____D C:\Users\All Users\HitmanPro 2013-02-26 11:15 - 2013-02-26 11:15 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro 2013-02-26 08:59 - 2013-02-26 08:59 - 00000000 ____D C:\Windows\SoftwareDistribution.old 2013-02-25 18:18 - 2013-02-26 08:44 - 00000000 ____D C:\ComboFix 2013-02-25 17:50 - 2013-02-25 18:59 - 00000000 ____D C:\Windows\System32\CatRoot2.old 2013-02-25 16:47 - 2013-02-25 16:47 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_wscsvc 2013-02-25 16:46 - 2013-02-25 16:40 - 00000486 ____A C:\Users\Morgan\Desktop\legacy_wscsvc.zip 2013-02-25 15:28 - 2013-02-25 15:28 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-02-25 15:28 - 2013-02-25 15:17 - 04009167 ____A C:\Users\Morgan\Desktop\ServicesRepair.exe 2013-02-25 14:58 - 2013-02-25 14:51 - 00294400 ____A C:\Users\Morgan\Desktop\exeHelper.com 2013-02-25 14:22 - 2013-02-25 14:22 - 00000052 ____A C:\Windows\avmcoins.log 2013-02-25 14:20 - 2013-02-25 14:20 - 00000002 ____A C:\Windows\Twain001.Mtx 2013-02-25 14:18 - 2013-02-25 14:18 - 00000197 ____A C:\Windows\ODBCINST.INI 2013-02-22 11:02 - 2013-02-26 08:34 - 00000263 ____A C:\Windows\zerobyte_files_deleted.txt 2013-02-22 11:02 - 2013-02-26 08:34 - 00000261 ____A C:\Windows\System32\zerobyte_files_deleted.txt 2013-02-22 10:56 - 2012-07-30 07:14 - 00031616 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-02-22 10:40 - 2013-02-22 10:40 - 00000556 ____A C:\Users\Morgan\Desktop\D7.exe - Shortcut.lnk 2013-02-22 10:39 - 2013-02-22 10:39 - 00000628 ____A C:\Users\Morgan\Desktop\KillZA.exe - Shortcut.lnk 2013-02-22 10:37 - 2013-02-22 10:37 - 00053248 ____A C:\Windows\System32\zlib.dll 2013-02-22 10:35 - 2013-02-26 13:47 - 00000000 ____D C:\Support 2013-02-22 10:34 - 2013-02-22 10:35 - 00000000 ____D C:\Users\Morgan\Desktop\killza 2013-02-22 09:53 - 2013-02-22 09:54 - 00000000 ____D C:\Users\Morgan\Desktop\D7 2013-02-22 05:27 - 2013-02-22 05:27 - 00000207 ____A C:\Windows\tweaking.com-regbackup-NONPAREIL-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat 2013-02-22 05:26 - 2013-02-22 05:26 - 00000000 ____D C:\RegBackup 2013-02-22 04:30 - 2013-02-22 04:30 - 00002079 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2013-02-22 04:30 - 2013-02-22 04:30 - 00000000 ____D C:\Program Files\Tweaking.com 2013-02-22 04:06 - 2013-02-22 04:26 - 00000000 ____D C:\Users\Morgan\Desktop\M.W 2013-02-09 17:46 - 2013-02-25 12:53 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2013-02-09 16:41 - 2013-02-26 12:58 - 00000000 ____D C:\Users\Morgan\Desktop\RK_Quarantine 2013-02-09 15:12 - 2013-02-09 15:12 - 00001306 ____A C:\Windows\setupact.log 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_sdrsvc 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_mpssvc 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_bits 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_bfe 2013-02-09 13:35 - 2013-02-09 13:29 - 00782848 ____A C:\Users\Morgan\Desktop\RogueKiller.exe 2013-02-09 12:16 - 2013-02-26 13:01 - 00027384 ____A C:\Windows\PFRO.log 2013-02-09 12:14 - 2013-02-09 12:14 - 00000000 ____D C:\Users\All Users\McAfee 2013-02-09 12:14 - 2013-02-09 12:14 - 00000000 ____D C:\Users\All Users\Application Data\McAfee 2013-02-09 12:09 - 2013-02-09 12:03 - 03177840 ____A (McAfee, Inc.) C:\Users\Morgan\Desktop\MCPR.exe 2013-02-09 10:45 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2013-02-09 10:45 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2013-02-09 10:45 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2013-02-09 10:45 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2013-02-09 10:37 - 2013-02-25 17:33 - 05034894 ___RA (Swearware) C:\Users\Morgan\Desktop\ComboFix.exe 2013-02-08 16:12 - 2013-02-08 16:13 - 00000000 ____D C:\Users\All Users\IObit 2013-02-08 16:12 - 2013-02-08 16:13 - 00000000 ____D C:\Users\All Users\Application Data\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Users\Morgan\Application Data\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Users\Morgan\AppData\Roaming\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Program Files\IObit 2013-02-08 13:30 - 2013-02-08 13:30 - 00000000 ____D C:\FRST 2013-02-08 12:30 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-02-08 10:53 - 2013-02-25 19:28 - 00000000 ____D C:\Users\Morgan\Desktop\reports ==================== One Month Modified Files and Folders ======== 2013-02-26 15:53 - 2007-12-26 17:16 - 01465054 ____A C:\Windows\WindowsUpdate.log 2013-02-26 15:53 - 2006-11-02 05:01 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-02-26 15:53 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-26 15:53 - 2006-11-02 04:47 - 00003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-26 15:53 - 2006-11-02 04:47 - 00003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-02-26 15:31 - 2012-03-30 17:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-26 14:55 - 2009-06-29 16:36 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-02-26 13:47 - 2013-02-22 10:35 - 00000000 ____D C:\Support 2013-02-26 13:44 - 2009-06-29 16:36 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-26 13:02 - 2006-11-02 04:47 - 01740896 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-26 13:01 - 2013-02-09 12:16 - 00027384 ____A C:\Windows\PFRO.log 2013-02-26 12:59 - 2013-02-26 12:59 - 00001715 ____A C:\Users\Morgan\Desktop\RKreport[1]_S_02262013_02d1559.txt 2013-02-26 12:58 - 2013-02-09 16:41 - 00000000 ____D C:\Users\Morgan\Desktop\RK_Quarantine 2013-02-26 11:16 - 2013-02-26 11:16 - 00000000 ____D C:\Program Files\HitmanPro 2013-02-26 11:15 - 2013-02-26 11:15 - 00000000 ____D C:\Users\All Users\HitmanPro 2013-02-26 11:15 - 2013-02-26 11:15 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro 2013-02-26 11:15 - 2006-11-02 02:33 - 00005510 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-26 10:51 - 2009-02-06 14:20 - 00000000 ____D C:\Users\Morgan\Application Data\GARMIN 2013-02-26 10:51 - 2009-02-06 14:20 - 00000000 ____D C:\Users\Morgan\AppData\Roaming\GARMIN 2013-02-26 08:59 - 2013-02-26 08:59 - 00000000 ____D C:\Windows\SoftwareDistribution.old 2013-02-26 08:44 - 2013-02-25 18:18 - 00000000 ____D C:\ComboFix 2013-02-26 08:34 - 2013-02-22 11:02 - 00000263 ____A C:\Windows\zerobyte_files_deleted.txt 2013-02-26 08:34 - 2013-02-22 11:02 - 00000261 ____A C:\Windows\System32\zerobyte_files_deleted.txt 2013-02-26 08:34 - 2006-11-02 03:18 - 00000000 ____D C:\users\Default 2013-02-25 19:28 - 2013-02-08 10:53 - 00000000 ____D C:\Users\Morgan\Desktop\reports 2013-02-25 18:59 - 2013-02-25 17:50 - 00000000 ____D C:\Windows\System32\CatRoot2.old 2013-02-25 18:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool 2013-02-25 17:33 - 2013-02-09 10:37 - 05034894 ___RA (Swearware) C:\Users\Morgan\Desktop\ComboFix.exe 2013-02-25 16:47 - 2013-02-25 16:47 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_wscsvc 2013-02-25 16:40 - 2013-02-25 16:46 - 00000486 ____A C:\Users\Morgan\Desktop\legacy_wscsvc.zip 2013-02-25 15:28 - 2013-02-25 15:28 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-02-25 15:17 - 2013-02-25 15:28 - 04009167 ____A C:\Users\Morgan\Desktop\ServicesRepair.exe 2013-02-25 15:03 - 2012-06-21 04:22 - 00000370 ____A C:\rkill.log 2013-02-25 14:51 - 2013-02-25 14:58 - 00294400 ____A C:\Users\Morgan\Desktop\exeHelper.com 2013-02-25 14:22 - 2013-02-25 14:22 - 00000052 ____A C:\Windows\avmcoins.log 2013-02-25 14:22 - 2011-07-11 09:13 - 00098304 ____A (Apple Computer, Inc.) C:\Windows\System32\qttask.exe 2013-02-25 14:20 - 2013-02-25 14:20 - 00000002 ____A C:\Windows\Twain001.Mtx 2013-02-25 14:18 - 2013-02-25 14:18 - 00000197 ____A C:\Windows\ODBCINST.INI 2013-02-25 12:53 - 2013-02-09 17:46 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2013-02-22 12:08 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Offline Web Pages 2013-02-22 11:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Media 2013-02-22 11:58 - 2011-07-10 19:59 - 00000000 ____D C:\Users\Public\Libraries 2013-02-22 11:58 - 2011-07-10 19:57 - 00000000 ____D C:\Program Files (x86) 2013-02-22 11:58 - 2006-11-02 04:37 - 00000000 ____D C:\Users\Public\Recorded TV 2013-02-22 11:58 - 2006-11-02 03:18 - 00000000 ____D C:\users\Public 2013-02-22 11:57 - 2012-02-17 20:45 - 00000000 ____D C:\Users\Morgan\Documents\My Playstation Themes 2013-02-22 11:56 - 2011-07-10 23:13 - 00000000 ____D C:\Program Files\Skype 2013-02-22 11:11 - 2008-02-15 16:49 - 00000000 ____D C:\users\Morgan 2013-02-22 10:40 - 2013-02-22 10:40 - 00000556 ____A C:\Users\Morgan\Desktop\D7.exe - Shortcut.lnk 2013-02-22 10:39 - 2013-02-22 10:39 - 00000628 ____A C:\Users\Morgan\Desktop\KillZA.exe - Shortcut.lnk 2013-02-22 10:37 - 2013-02-22 10:37 - 00053248 ____A C:\Windows\System32\zlib.dll 2013-02-22 10:35 - 2013-02-22 10:34 - 00000000 ____D C:\Users\Morgan\Desktop\killza 2013-02-22 09:54 - 2013-02-22 09:53 - 00000000 ____D C:\Users\Morgan\Desktop\D7 2013-02-22 05:27 - 2013-02-22 05:27 - 00000207 ____A C:\Windows\tweaking.com-regbackup-NONPAREIL-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat 2013-02-22 05:26 - 2013-02-22 05:26 - 00000000 ____D C:\RegBackup 2013-02-22 04:30 - 2013-02-22 04:30 - 00002079 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2013-02-22 04:30 - 2013-02-22 04:30 - 00000000 ____D C:\Program Files\Tweaking.com 2013-02-22 04:26 - 2013-02-22 04:06 - 00000000 ____D C:\Users\Morgan\Desktop\M.W 2013-02-09 17:47 - 2008-02-16 01:26 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-02-09 15:12 - 2013-02-09 15:12 - 00001306 ____A C:\Windows\setupact.log 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_sdrsvc 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_mpssvc 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_bits 2013-02-09 14:48 - 2013-02-09 14:48 - 00000000 ____D C:\Users\Morgan\Desktop\legacy_bfe 2013-02-09 13:48 - 2012-06-21 08:20 - 00352855 ____A (Farbar) C:\Users\Morgan\Desktop\FSS.exe 2013-02-09 13:29 - 2013-02-09 13:35 - 00782848 ____A C:\Users\Morgan\Desktop\RogueKiller.exe 2013-02-09 12:14 - 2013-02-09 12:14 - 00000000 ____D C:\Users\All Users\McAfee 2013-02-09 12:14 - 2013-02-09 12:14 - 00000000 ____D C:\Users\All Users\Application Data\McAfee 2013-02-09 12:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\config\Journal 2013-02-09 12:03 - 2013-02-09 12:09 - 03177840 ____A (McAfee, Inc.) C:\Users\Morgan\Desktop\MCPR.exe 2013-02-08 16:13 - 2013-02-08 16:12 - 00000000 ____D C:\Users\All Users\IObit 2013-02-08 16:13 - 2013-02-08 16:12 - 00000000 ____D C:\Users\All Users\Application Data\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Users\Morgan\Application Data\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Users\Morgan\AppData\Roaming\IObit 2013-02-08 16:12 - 2013-02-08 16:12 - 00000000 ____D C:\Program Files\IObit 2013-02-08 13:30 - 2013-02-08 13:30 - 00000000 ____D C:\FRST 2013-02-08 04:51 - 2012-06-21 08:59 - 00000000 ____D C:\Windows\ERDNT ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 2037.81 MB Available physical RAM: 1666.92 MB Total Pagefile: 1866.29 MB Available Pagefile: 1735.39 MB Total Virtual: 2047.88 MB Available Virtual: 1975.72 MB ==================== Partitions ============================= 1 Drive c: (SQ004585V03) (Fixed) (Total:184.84 GB) (Free:27.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.33 GB) NTFS 4 Drive f: (AL'S) (Removable) (Total:3.73 GB) (Free:1 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 186 GB 3257 KB Disk 1 Online 3824 MB 0 B Partitions of Disk 0: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Partitions of Disk 1: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Last Boot: 2013-02-26 13:52 ==================== End Of Log ============================
  4. i'm getting nowhere. everytime the system has to restart. nothing happens due to the fact that none of these programs work in normal mode. Combofix ran. it found rootkit.zeroaccess. it needed to reboot to remove the rootkit. it said if the internet services did not return to run Combofix one more time. nothing changed. so, i ran combo fix again, and, the same results happened twice. there was no log created. i went to c:\combofix to search for the text file. i did not find it. while in combo fix i double clicked on some of the .cmd and some of them ran, sme returned failed attempts due to not having administrator rights
  5. FSS.text Farbar Service Scanner Version: 30-01-2013 Ran by Morgan (administrator) on 25-02-2013 at 19:56:24 Running from "C:\Users\Morgan\Desktop" Windows Vista Home Premium Service Pack 2 (X86) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll". BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll => MD5 is legit C:\Windows\system32\iphlpsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  6. After running ServicesRepairTool(SafeMode) this is the FFS.txt log Farbar Service Scanner Version: 30-01-2013 Ran by Morgan (administrator) on 25-02-2013 at 18:37:46 Running from "C:\Users\Morgan\Desktop" Windows Vista Home Premium Service Pack 2 (X86) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll". BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll => MD5 is legit C:\Windows\system32\iphlpsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  7. RoguekillerReport RogueKiller V8.5.0 [Feb 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Morgan [Admin rights] Mode : Scan -- Date : 02/25/2013 18:08:57 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [iFEO] HKLM\[...]\d3d9caps.dat : Debugger (IFEO_Dummy.exe) -> FOUND [HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2035GSS ATA Device +++++ --- User --- [MBR] a6471346488279ab26a76220e7507f9d [bSP] 1484d177a6412ee8722ddffc19149bb5 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 189278 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4]_S_02252013_02d1808.txt >> RKreport[1]_S_02252013_02d1244.txt ; RKreport[2]_D_02252013_02d1304.txt ; RKreport[3]_S_02252013_02d1322.txt ; RKreport[4]_S_02252013_02d1808.txt
  8. exehelperlog.txt exeHelper by Raktor Build 20100414 Run at 17:58:26 on 02/25/13 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- FSSlog.txt Farbar Service Scanner Version: 30-01-2013 Ran by Morgan (administrator) on 25-02-2013 at 18:00:48 Running from "C:\Users\Morgan\Desktop" Windows Vista Home Premium Service Pack 2 (X86) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll". BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll => MD5 is legit C:\Windows\system32\iphlpsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  9. I found these 2 registry entries, i think they are not helping HKLM\Software\Polocies\Microsoft\Windows NT\SystemRestore - DisableSR HKLM\Software\Polocies\Microsoft\Windows NT\SystemRestore - DisableConfig
  10. Next i selected the Registry tab and deleted the following: HJPOL HKCU Software\Micrsoft\Windows\CurrentVersion\Policies\System Disableregistrytools RogueKiller V8.5.0 [Feb 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Morgan [Admin rights] Mode : Remove -- Date : 02/25/2013 13:04:21 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] a6471346488279ab26a76220e7507f9d [bSP] 1484d177a6412ee8722ddffc19149bb5 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 189278 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02252013_02d1304.txt >> RKreport[1]_S_02252013_02d1244.txt ; RKreport[2]_D_02252013_02d1304.txt Next i selected the files tab it was clear.
  11. OK, there were missing registry keys that need to be replaced, You attached the following zip files: legacy_mpssvc.zip legacy_bfe.zip legacy_sdrsvc.zip legacy_bits.zip I unzipped those files and saved to the Desktop, They were renamed: legacy_mpssvc.reg legacy_bfe.reg legacy_sdrsvc.reg legacy_bits.reg Next I did the following: Windows key+R), type regedit and clicked OK. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root Right-Click Root and selected Permissions... Clicked Advanced. Under Owner tab selected the entry starting with my user name, example: Farbar(Farbar-PC\Farbar) Put a check mark next to Replace owner on subcontainers and objects and clicked Apply. The response was: "Owner Registry Editor could not set owner on the key currently selected, or some of its subkeys. [OK]" Under Security type while Everyone was selected I put a check mark in the box under Allow next to Full Control. Click Apply and OK. It was accepted. I went to the Desktop right clicked the .reg files and selected merge and all files were succesfully merged. I ran RogueKiller and got a hit. RogueKiller V8.5.0 [Feb 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Morgan [Admin rights] Mode : Scan -- Date : 02/25/2013 12:44:37 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] a6471346488279ab26a76220e7507f9d [bSP] 1484d177a6412ee8722ddffc19149bb5 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 189278 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02252013_02d1244.txt >> RKreport[1]_S_02252013_02d1244.txt
  12. Also, there is no tweaking.com_windows_repair_log. It never appeared to fully run. because apon system restart it would not work in normal mode and if I pressed f8 it still never cntinued any further actions maybe that is why there is not a log.
  13. ok Kevin there has been much progress. There are some things still unresolved also. Originally in normal mode the following items returned the response, The specified service does not exist as an installed service: The Local Internet Connection/Connect to a network Volume Control USB ports Any files ending .exe McAfee anti virus Malwarebytes Anti-Malware Pictures Videos Now, at this point the Volume Control, USB ports, Pictures and Videos have returned in normal mode. Some funtionality to the Network Connection has returned but not all. if you hover over the computer icon in the system tray it says " the specified service...." If you click the icon, you are able to open the connect to network window, which populates with active networks, this was not possible before. when i select my network and click connect, it says "windows cannot connect to ATT001" When i click "diagnose the problem" it says: "Windows is not set to automatically connect to ATT01. You need t select a wireless network and connect to it. ->View available wireless networks You can select a network and connect to it and save it on the preferred network list. [Cancel]" When i click View available wireless networks, the process starts all over again. I even went so far as to try to set up a new router access point or connect to network but, there was a windows shield icon on the [Next] button and the next page would not open. I am still ipressed because non of these actions were possible before. Files ending with .exe .scr .dat anything other than .txt return the response "The specified service..." McAfee is uninstalled, Malwarebytes, FSS, Tweaking.com, ComboFix, RogueKiller all have the windows shield icon, and cannot be run as administrator the all return the response, "The specified service..." Just because,... i clicked unhide.exe I had been using to gain access to my USB ports, some files in my system 32 folder appear and something inside my recycle bin appears then rehides itself, everytime i click unhide it does that. then a window pops up that says my recycle bin is corrupted. This only happens in safe mode, however the unhide.exe/.scr does not work in Normal mode. Thats everything i have.
  14. Ok i ran the program from Tweaking.com as instructed above. however, there was no file named c:\tweaking.com_windows_repair_logs. I did find these logs in the log folder in the tweaking.com folder: Windows_repair_hkey_local_machine_3_log.txt WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Dlwin.exe\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\MSWIN.EXE\* : registry key is skipped (contains wildcard) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 - RegSetKeySecurity Error : 6 The handle is invalid. WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\Ndi\params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\Ndi\params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\Ndi\params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\Ndi\params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0004\Ndi\Params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\Ndi\params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0008\Ndi\params\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\* : registry key is skipped (contains wildcard) WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\* : registry key is skipped (contains wildcard)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.