Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Restarts When I Shut Down + Other Problems [Solved]


  • This topic is locked This topic is locked

#1
Vinceroman

Vinceroman

    Member

  • Member
  • PipPipPip
  • 196 posts
Hello, I have been posting on the other forum under Hardware mainly about computer problems and the RAM. Instead of repeating the whole problem I have it in my first post here http://www.geekstogo...other-problems/ and I have been getting help from 'philpower2' who recommended me to start a topic here. We have gone through a lot of testing and now moving on to check if there is any possible malware infection in my computer. My knowledge for computers is not a lot so please bare with me. My anti virus tool by the way is the MS Essentials.

OTL LOG

OTL logfile created on: 30/12/2012 13:00:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vinceroman\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.30 Gb Available Physical Memory | 15.07% Memory free
4.00 Gb Paging File | 1.51 Gb Available in Paging File | 37.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 884.79 Gb Free Space | 94.99% Space Free | Partition Type: NTFS

Computer Name: VINCEROMAN-PC | User Name: vinceroman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/30 13:00:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vinceroman\Downloads\OTL.exe
PRC - [2012/12/28 23:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\vinceroman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/25 19:59:52 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe
PRC - [2012/10/25 19:58:54 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2012/09/23 20:43:34 | 001,343,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/21 14:04:11 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012/02/21 14:04:09 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012/02/21 14:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012/02/21 13:19:12 | 000,371,256 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
PRC - [2012/02/16 17:16:58 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.229\deploy\LolClient.exe
PRC - [2012/01/02 02:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/05 01:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/05 01:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/05 01:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/05 01:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/05 01:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/05 01:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/05 01:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/05 01:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/10/25 19:59:52 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe
MOD - [2012/10/25 19:58:54 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2012/09/23 20:43:36 | 000,313,992 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
MOD - [2012/02/21 13:15:34 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd
MOD - [2012/02/21 13:14:59 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\ShellLib\_ShellLib.pyd
MOD - [2012/01/02 02:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/24 02:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
MOD - [2011/08/24 02:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd
MOD - [2011/08/24 02:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/28 14:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/12 12:19:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/21 14:04:11 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/02/21 14:04:09 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012/02/21 14:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/14 06:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012/04/17 19:22:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/12/23 19:38:40] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})
DRV - [2011/10/27 06:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA E5 48 04 51 D5 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google Search = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\vinceroman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61609D3F-34F7-4CEB-8059-AC0C8F325F3A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/26 11:10:06 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\Adobe
[2012/12/26 11:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/12/26 11:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/12/23 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\ElevatedDiagnostics
[2012/12/23 19:35:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
[2012/12/23 19:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012/12/23 19:25:40 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\CyberLink
[2012/12/23 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/12/23 18:53:05 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\uTorrent
[2012/12/23 18:40:13 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\MediaShow
[2012/12/23 18:33:22 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Documents\CyberLink
[2012/12/23 18:32:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012/12/23 18:32:21 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\MediaServer
[2012/12/23 18:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012/12/23 18:32:04 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\CyberLink
[2012/12/23 18:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/12/23 18:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/12/23 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012/12/23 12:29:39 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Documents\SmartPack
[2012/12/23 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPack
[2012/12/23 12:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartPack
[2012/12/18 15:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/12/18 15:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/12/16 22:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/12/16 22:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/12/13 08:14:49 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Desktop\Microsoft Office
[2012/12/12 19:16:32 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Desktop\VMTCE
[2012/12/12 15:35:11 | 000,000,000 | ---D | C] -- C:\MATLAB
[2012/12/12 12:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/12 12:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/12/12 12:36:35 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/12/12 12:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/12/12 12:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/12/12 12:31:53 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\Microsoft Help
[2012/12/12 12:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/12/12 12:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/12/12 12:30:45 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/12/12 12:15:30 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\MicrosoftStore
[2012/12/09 23:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/12/09 23:49:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/12/09 23:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/12/09 23:25:54 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/12/09 23:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/12/09 23:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012/12/09 15:08:47 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Gyazo
[2012/12/09 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2012/12/09 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo
[2012/12/09 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Malwarebytes
[2012/12/09 14:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/06 18:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/12/06 18:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/12/06 18:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/12/06 17:53:50 | 000,000,000 | ---D | C] -- C:\bd4e1039af4efc156a2106562b81
[2012/12/05 03:57:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/12/05 00:55:49 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Dropbox
[2012/12/05 00:54:50 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/12/05 00:53:31 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Dropbox
[2012/12/05 00:29:15 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\LolClient
[2012/12/05 00:29:14 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Macromedia
[2012/12/05 00:29:12 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Adobe
[2012/12/04 23:37:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/12/04 23:37:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/12/04 22:46:14 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/12/04 22:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2012/12/04 22:13:49 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Desktop\League of Legends
[2012/12/04 22:12:47 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\.swt
[2012/12/04 22:10:26 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Skype
[2012/12/04 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/04 22:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/12/04 22:10:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/12/04 22:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/12/04 21:51:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/04 20:03:58 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/12/04 20:03:58 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Searches
[2012/12/04 20:03:58 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/12/04 20:03:58 | 000,000,000 | -H-D | C] -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/12/04 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Identities
[2012/12/04 20:03:49 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Contacts
[2012/12/04 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\VirtualStore
[2012/12/04 20:03:38 | 000,000,000 | --SD | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Videos
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Saved Games
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Pictures
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Music
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Links
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Favorites
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Downloads
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Documents
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Desktop
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\AppData\Local\Temporary Internet Files
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Templates
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Start Menu
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\SendTo
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Recent
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\PrintHood
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\NetHood
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Documents\My Videos
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Documents\My Pictures
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Documents\My Music
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\My Documents
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Local Settings
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\AppData\Local\History
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Cookies
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Application Data
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\AppData\Local\Application Data
[2012/12/04 20:03:38 | 000,000,000 | -H-D | C] -- C:\Users\vinceroman\AppData
[2012/12/04 20:03:38 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\Temp
[2012/12/04 20:03:38 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\Microsoft
[2012/12/04 20:03:38 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Media Center Programs
[2012/12/04 20:03:33 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/12/04 20:03:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/12/04 19:58:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/12/04 19:57:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/12/30 12:44:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/30 12:28:13 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 12:28:13 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 12:23:08 | 000,035,181 | ---- | M] () -- C:\Users\vinceroman\Desktop\Untitled.jpg
[2012/12/30 12:21:13 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/30 12:21:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/30 12:21:00 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/30 12:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/29 15:36:32 | 000,041,276 | ---- | M] () -- C:\Users\vinceroman\Desktop\3.jpg
[2012/12/29 14:25:05 | 000,001,059 | ---- | M] () -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/29 14:24:44 | 000,001,037 | ---- | M] () -- C:\Users\vinceroman\Desktop\Dropbox.lnk
[2012/12/29 14:20:32 | 000,045,116 | ---- | M] () -- C:\Users\vinceroman\Desktop\2.jpg
[2012/12/28 12:36:15 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat
[2012/12/27 18:00:31 | 000,151,734 | ---- | M] () -- C:\Users\vinceroman\Desktop\11111.jpg
[2012/12/27 11:44:18 | 000,193,409 | ---- | M] () -- C:\Users\vinceroman\Desktop\123.jpg
[2012/12/26 11:55:26 | 000,106,656 | ---- | M] () -- C:\Users\vinceroman\Desktop\111.jpg
[2012/12/26 11:09:05 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/24 12:19:06 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/24 12:19:06 | 000,630,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/24 12:19:06 | 000,111,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/23 19:35:41 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2012/12/23 18:54:20 | 000,000,967 | ---- | M] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/12/23 18:54:20 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/12/23 13:02:19 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/12/23 13:00:31 | 002,440,041 | ---- | M] () -- C:\Users\vinceroman\Desktop\Photo 23-12-2012 12 21 08.jpg
[2012/12/23 12:52:52 | 000,001,901 | ---- | M] () -- C:\Users\vinceroman\Desktop\PLDS SmartPack Utility.lnk
[2012/12/21 11:18:33 | 000,343,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/17 13:17:25 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2012/12/13 08:04:37 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/12 19:16:34 | 000,659,456 | ---- | M] (http://mikelab.kiev.ua/) -- C:\Users\vinceroman\Desktop\vmt.exe
[2012/12/10 00:03:07 | 000,007,604 | ---- | M] () -- C:\Users\vinceroman\AppData\Local\Resmon.ResmonCfg
[2012/12/09 23:25:54 | 000,001,007 | ---- | M] () -- C:\Users\vinceroman\Desktop\SpeedFan.lnk
[2012/12/09 23:25:51 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/12/09 15:08:33 | 000,001,006 | ---- | M] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2012/12/09 15:08:33 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2012/12/06 18:02:38 | 386,101,180 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/04 23:41:23 | 000,001,437 | ---- | M] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/04 23:18:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/12/04 23:18:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/12/04 22:50:01 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/12/04 22:10:21 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/04 20:01:01 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/12/04 20:01:01 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012/12/30 12:23:08 | 000,035,181 | ---- | C] () -- C:\Users\vinceroman\Desktop\Untitled.jpg
[2012/12/29 15:36:32 | 000,041,276 | ---- | C] () -- C:\Users\vinceroman\Desktop\3.jpg
[2012/12/29 14:20:32 | 000,045,116 | ---- | C] () -- C:\Users\vinceroman\Desktop\2.jpg
[2012/12/28 12:36:15 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat
[2012/12/27 18:00:31 | 000,151,734 | ---- | C] () -- C:\Users\vinceroman\Desktop\11111.jpg
[2012/12/27 11:44:18 | 000,193,409 | ---- | C] () -- C:\Users\vinceroman\Desktop\123.jpg
[2012/12/26 11:55:26 | 000,106,656 | ---- | C] () -- C:\Users\vinceroman\Desktop\111.jpg
[2012/12/26 11:09:05 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/26 11:09:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/24 12:19:06 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/23 19:35:41 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2012/12/23 18:54:20 | 000,000,967 | ---- | C] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/12/23 18:54:20 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/12/23 13:00:53 | 002,440,041 | ---- | C] () -- C:\Users\vinceroman\Desktop\Photo 23-12-2012 12 21 08.jpg
[2012/12/23 12:28:18 | 000,001,901 | ---- | C] () -- C:\Users\vinceroman\Desktop\PLDS SmartPack Utility.lnk
[2012/12/18 15:41:03 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/12/16 22:50:51 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2012/12/09 23:50:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/09 23:25:54 | 000,001,007 | ---- | C] () -- C:\Users\vinceroman\Desktop\SpeedFan.lnk
[2012/12/09 23:25:50 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/12/09 15:08:33 | 000,001,006 | ---- | C] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2012/12/09 15:08:33 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2012/12/06 20:33:42 | 000,007,604 | ---- | C] () -- C:\Users\vinceroman\AppData\Local\Resmon.ResmonCfg
[2012/12/06 18:29:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/06 18:26:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/05 00:55:49 | 000,001,037 | ---- | C] () -- C:\Users\vinceroman\Desktop\Dropbox.lnk
[2012/12/05 00:55:03 | 000,001,059 | ---- | C] () -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/04 23:18:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/12/04 23:18:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/12/04 22:50:01 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/12/04 22:10:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/04 21:51:35 | 386,101,180 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/04 20:04:03 | 000,001,409 | ---- | C] () -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/12/04 20:04:00 | 000,001,443 | ---- | C] () -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/12/04 20:03:38 | 000,000,290 | ---- | C] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/12/04 20:03:38 | 000,000,272 | ---- | C] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/12/04 20:00:54 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/12/04 20:00:51 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/12/04 19:57:44 | 1609,179,136 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/28 01:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/28 01:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/12 21:15:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/30 12:53:45 | 000,000,000 | ---D | M] -- C:\Users\vinceroman\AppData\Roaming\Dropbox
[2012/12/09 15:08:47 | 000,000,000 | ---D | M] -- C:\Users\vinceroman\AppData\Roaming\Gyazo
[2012/12/05 00:29:15 | 000,000,000 | ---D | M] -- C:\Users\vinceroman\AppData\Roaming\LolClient
[2012/12/23 19:25:13 | 000,000,000 | ---D | M] -- C:\Users\vinceroman\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Users\vinceroman\Desktop\Photo 23-12-2012 12 21 08.jpg:com.dropbox.attributes

< End of report >
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hello Vinceroman and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I am analyzing your log file now, and reading over your other thread in the Hardware forum.

Give me a little while to go over all this and I will be back shortly.
  • 0

#3
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi there,
No malware in that log, but ....

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • uTorrent
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
Please visit the following site:
P2P File Sharing: Evaluate the Risks
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Downloading torrents these days is pretty risky and seeing that program on there, I want to look a little deeper.

Before we start, could you please move the OTL program from your downloads folder to your desktop, that will make things easier for both of us.
In your downloads folder you should find the Extras.txt from the first OTL run, can you please post that in your next reply?

Step 1
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt
  • Post this log in your next response

In your next reply I would like to see:
  • any RKreport.txt files
  • OTL custom scan log
  • Extras.txt log file from the previous run (it should be in your downloads folder)

  • 0

#4
Vinceroman

Vinceroman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 196 posts
Here is the RK Report

RogueKiller V8.4.1 [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : vinceroman [Admin rights]
Mode : Scan -- Date : 12/30/2012 19:15:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 4bd8660ce939702eae2d0cfa697a8f47
[BSP] 53aca97083f98f4caff74e27342939f1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12302012_02d1915.txt >>
RKreport[1]_S_12302012_02d1915.txt



OTL Custom Scan Log

OTL logfile created on: 30/12/2012 19:17:39 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vinceroman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.36% Memory free
4.00 Gb Paging File | 2.50 Gb Available in Paging File | 62.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 883.67 Gb Free Space | 94.87% Space Free | Partition Type: NTFS

Computer Name: VINCEROMAN-PC | User Name: vinceroman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/30 13:00:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vinceroman\Desktop\OTL.exe
PRC - [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/21 14:04:11 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012/02/21 14:04:09 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012/02/21 14:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012/02/21 13:19:12 | 000,371,256 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
PRC - [2012/01/02 02:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/05 01:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/05 01:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/05 01:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/05 01:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/05 01:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/05 01:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/05 01:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/05 01:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/02/21 13:15:34 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd
MOD - [2012/02/21 13:14:59 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\ShellLib\_ShellLib.pyd
MOD - [2012/01/02 02:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/24 02:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
MOD - [2011/08/24 02:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd
MOD - [2011/08/24 02:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/28 14:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/12 12:19:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/21 14:04:11 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/02/21 14:04:09 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012/02/21 14:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/14 06:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012/04/17 19:22:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/12/23 19:38:40] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})
DRV - [2011/10/27 06:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2131956343-743052189-834718620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2131956343-743052189-834718620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2131956343-743052189-834718620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA E5 48 04 51 D5 CD 01 [binary data]
IE - HKU\S-1-5-21-2131956343-743052189-834718620-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2131956343-743052189-834718620-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2131956343-743052189-834718620-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google Search = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\vinceroman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\vinceroman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2131956343-743052189-834718620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61609D3F-34F7-4CEB-8059-AC0C8F325F3A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/30 19:14:43 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Desktop\RK_Quarantine
[2012/12/30 13:00:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vinceroman\Desktop\OTL.exe
[2012/12/26 11:10:06 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\Adobe
[2012/12/26 11:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/12/26 11:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/12/23 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\ElevatedDiagnostics
[2012/12/23 19:35:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
[2012/12/23 19:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012/12/23 19:25:40 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\CyberLink
[2012/12/23 18:40:13 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\MediaShow
[2012/12/23 18:33:22 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Documents\CyberLink
[2012/12/23 18:32:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012/12/23 18:32:21 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\MediaServer
[2012/12/23 18:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012/12/23 18:32:04 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\CyberLink
[2012/12/23 18:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/12/23 18:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/12/23 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012/12/23 12:29:39 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Documents\SmartPack
[2012/12/23 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPack
[2012/12/23 12:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartPack
[2012/12/18 15:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/12/18 15:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/12/16 22:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/12/16 22:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/12/13 08:14:49 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Desktop\Microsoft Office
[2012/12/12 19:16:32 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Desktop\VMTCE
[2012/12/12 15:35:11 | 000,000,000 | ---D | C] -- C:\MATLAB
[2012/12/12 12:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/12 12:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/12/12 12:36:35 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/12/12 12:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/12/12 12:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/12/12 12:31:53 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\Microsoft Help
[2012/12/12 12:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/12/12 12:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/12/12 12:30:45 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/12/12 12:15:30 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\MicrosoftStore
[2012/12/09 23:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/12/09 23:49:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/12/09 23:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/12/09 23:25:54 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/12/09 23:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/12/09 23:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012/12/09 15:08:47 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Gyazo
[2012/12/09 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2012/12/09 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo
[2012/12/09 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Malwarebytes
[2012/12/09 14:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/06 18:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/12/06 18:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/12/06 18:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/12/06 17:53:50 | 000,000,000 | ---D | C] -- C:\bd4e1039af4efc156a2106562b81
[2012/12/05 03:57:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/12/05 00:55:49 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Dropbox
[2012/12/05 00:54:50 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/12/05 00:53:31 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Dropbox
[2012/12/05 00:29:15 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\LolClient
[2012/12/05 00:29:14 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Macromedia
[2012/12/05 00:29:12 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Adobe
[2012/12/04 23:37:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/12/04 23:37:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/12/04 22:46:14 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/12/04 22:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2012/12/04 22:13:49 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\Desktop\League of Legends
[2012/12/04 22:12:47 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\.swt
[2012/12/04 22:10:26 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Skype
[2012/12/04 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/04 22:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/12/04 22:10:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/12/04 22:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/12/04 21:51:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/04 20:03:58 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/12/04 20:03:58 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Searches
[2012/12/04 20:03:58 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/12/04 20:03:58 | 000,000,000 | -H-D | C] -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/12/04 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Identities
[2012/12/04 20:03:49 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Contacts
[2012/12/04 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\VirtualStore
[2012/12/04 20:03:38 | 000,000,000 | --SD | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Videos
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Saved Games
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Pictures
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Music
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Links
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Favorites
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Downloads
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Documents
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\Desktop
[2012/12/04 20:03:38 | 000,000,000 | R--D | C] -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\AppData\Local\Temporary Internet Files
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Templates
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Start Menu
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\SendTo
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Recent
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\PrintHood
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\NetHood
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Documents\My Videos
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Documents\My Pictures
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Documents\My Music
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\My Documents
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Local Settings
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\AppData\Local\History
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Cookies
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\Application Data
[2012/12/04 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\vinceroman\AppData\Local\Application Data
[2012/12/04 20:03:38 | 000,000,000 | -H-D | C] -- C:\Users\vinceroman\AppData
[2012/12/04 20:03:38 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\Temp
[2012/12/04 20:03:38 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Local\Microsoft
[2012/12/04 20:03:38 | 000,000,000 | ---D | C] -- C:\Users\vinceroman\AppData\Roaming\Media Center Programs
[2012/12/04 20:03:33 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/12/04 20:03:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/12/04 19:58:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/12/04 19:57:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/12/30 19:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/30 19:13:23 | 000,759,808 | ---- | M] () -- C:\Users\vinceroman\Desktop\RogueKiller.exe
[2012/12/30 18:57:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/30 18:44:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/30 13:00:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vinceroman\Desktop\OTL.exe
[2012/12/30 12:28:13 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 12:28:13 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 12:23:08 | 000,035,181 | ---- | M] () -- C:\Users\vinceroman\Desktop\Untitled.jpg
[2012/12/30 12:21:13 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/30 12:21:00 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/29 15:36:32 | 000,041,276 | ---- | M] () -- C:\Users\vinceroman\Desktop\3.jpg
[2012/12/29 14:25:05 | 000,001,059 | ---- | M] () -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/29 14:24:44 | 000,001,037 | ---- | M] () -- C:\Users\vinceroman\Desktop\Dropbox.lnk
[2012/12/29 14:20:32 | 000,045,116 | ---- | M] () -- C:\Users\vinceroman\Desktop\2.jpg
[2012/12/27 18:00:31 | 000,151,734 | ---- | M] () -- C:\Users\vinceroman\Desktop\11111.jpg
[2012/12/27 11:44:18 | 000,193,409 | ---- | M] () -- C:\Users\vinceroman\Desktop\123.jpg
[2012/12/26 11:55:26 | 000,106,656 | ---- | M] () -- C:\Users\vinceroman\Desktop\111.jpg
[2012/12/26 11:09:05 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/24 12:19:06 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/24 12:19:06 | 000,630,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/24 12:19:06 | 000,111,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/23 19:35:41 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2012/12/23 13:02:19 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/12/23 13:00:31 | 002,440,041 | ---- | M] () -- C:\Users\vinceroman\Desktop\Photo 23-12-2012 12 21 08.jpg
[2012/12/23 12:52:52 | 000,001,901 | ---- | M] () -- C:\Users\vinceroman\Desktop\PLDS SmartPack Utility.lnk
[2012/12/21 11:18:33 | 000,343,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/17 13:17:25 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2012/12/13 08:04:37 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/12 19:16:34 | 000,659,456 | ---- | M] (http://mikelab.kiev.ua/) -- C:\Users\vinceroman\Desktop\vmt.exe
[2012/12/10 00:03:07 | 000,007,604 | ---- | M] () -- C:\Users\vinceroman\AppData\Local\Resmon.ResmonCfg
[2012/12/09 23:25:54 | 000,001,007 | ---- | M] () -- C:\Users\vinceroman\Desktop\SpeedFan.lnk
[2012/12/09 23:25:51 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/12/09 15:08:33 | 000,001,006 | ---- | M] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2012/12/09 15:08:33 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2012/12/06 18:02:38 | 386,101,180 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/04 23:41:23 | 000,001,437 | ---- | M] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/04 23:18:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/12/04 23:18:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/12/04 22:50:01 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/12/04 22:10:21 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/04 20:01:01 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/12/04 20:01:01 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012/12/30 19:13:06 | 000,759,808 | ---- | C] () -- C:\Users\vinceroman\Desktop\RogueKiller.exe
[2012/12/30 12:23:08 | 000,035,181 | ---- | C] () -- C:\Users\vinceroman\Desktop\Untitled.jpg
[2012/12/29 15:36:32 | 000,041,276 | ---- | C] () -- C:\Users\vinceroman\Desktop\3.jpg
[2012/12/29 14:20:32 | 000,045,116 | ---- | C] () -- C:\Users\vinceroman\Desktop\2.jpg
[2012/12/27 18:00:31 | 000,151,734 | ---- | C] () -- C:\Users\vinceroman\Desktop\11111.jpg
[2012/12/27 11:44:18 | 000,193,409 | ---- | C] () -- C:\Users\vinceroman\Desktop\123.jpg
[2012/12/26 11:55:26 | 000,106,656 | ---- | C] () -- C:\Users\vinceroman\Desktop\111.jpg
[2012/12/26 11:09:05 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/26 11:09:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/24 12:19:06 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/23 19:35:41 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2012/12/23 13:00:53 | 002,440,041 | ---- | C] () -- C:\Users\vinceroman\Desktop\Photo 23-12-2012 12 21 08.jpg
[2012/12/23 12:28:18 | 000,001,901 | ---- | C] () -- C:\Users\vinceroman\Desktop\PLDS SmartPack Utility.lnk
[2012/12/18 15:41:03 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/12/16 22:50:51 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2012/12/09 23:50:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/09 23:25:54 | 000,001,007 | ---- | C] () -- C:\Users\vinceroman\Desktop\SpeedFan.lnk
[2012/12/09 23:25:50 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/12/09 15:08:33 | 000,001,006 | ---- | C] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2012/12/09 15:08:33 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2012/12/06 20:33:42 | 000,007,604 | ---- | C] () -- C:\Users\vinceroman\AppData\Local\Resmon.ResmonCfg
[2012/12/06 18:29:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/06 18:26:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/05 00:55:49 | 000,001,037 | ---- | C] () -- C:\Users\vinceroman\Desktop\Dropbox.lnk
[2012/12/05 00:55:03 | 000,001,059 | ---- | C] () -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/04 23:18:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/12/04 23:18:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/12/04 22:50:01 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/12/04 22:10:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/04 21:51:35 | 386,101,180 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/04 20:04:03 | 000,001,409 | ---- | C] () -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/12/04 20:04:00 | 000,001,443 | ---- | C] () -- C:\Users\vinceroman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/12/04 20:03:38 | 000,000,290 | ---- | C] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/12/04 20:03:38 | 000,000,272 | ---- | C] () -- C:\Users\vinceroman\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/12/04 20:00:54 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/12/04 20:00:51 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/12/04 19:57:44 | 1609,179,136 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/28 01:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/28 01:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/12 21:15:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/30 12:53:45 | 000,000,000 | ---D | M] -- C:\Users\vinceroman\AppData\Roaming\Dropbox
[2012/12/09 15:08:47 | 000,000,000 | ---D | M] -- C:\Users\vinceroman\AppData\Roaming\Gyazo
[2012/12/05 00:29:15 | 000,000,000 | ---D | M] -- C:\Users\vinceroman\AppData\Roaming\LolClient

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/21 03:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 03:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 03:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 22:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 05:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 04:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 03:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 03:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 06:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 03:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 17:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 11:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 06:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 03:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 03:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 01:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 03:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 03:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 03:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 03:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 03:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 03:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 05:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 03:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 03:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 03:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 03:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 03:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 03:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 03:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 03:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 03:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 03:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 03:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/21 03:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 03:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 08:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 08:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 08:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 08:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 08:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 08:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Users\vinceroman\Desktop\Photo 23-12-2012 12 21 08.jpg:com.dropbox.attributes

< End of report >



Extras log from previous scan

OTL Extras logfile created on: 30/12/2012 13:00:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vinceroman\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.30 Gb Available Physical Memory | 15.07% Memory free
4.00 Gb Paging File | 1.51 Gb Available in Paging File | 37.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 884.79 Gb Free Space | 94.99% Space Free | Partition Type: NTFS

Computer Name: VINCEROMAN-PC | User Name: vinceroman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1084B659-C8DE-4568-BAED-55477F043CAE}" = lport=138 | protocol=17 | dir=in | app=system |
"{1CDAB2DE-EE3A-49C2-B289-1365FB544862}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2C81F3FD-F660-4F15-A93A-F6E41ECE1C0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{41816DAB-4F51-4BFE-9528-583EA51160D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59A348AE-9142-4155-9B48-50865A8FC1CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5AE37CE6-4130-4A09-84DC-7B7C97929DFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B5A4C18-1EBF-4333-857D-A05D97339CA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71F4F883-316C-45CB-87F3-B6E4508CDE49}" = rport=138 | protocol=17 | dir=out | app=system |
"{7640F47A-A91E-41D8-9816-8DA084663995}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DDC0A50-F813-4313-8807-04895A034DF9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{813CD24D-D1CE-411E-AD95-FA68CD7F7030}" = lport=10243 | protocol=6 | dir=in | app=system |
"{839DC3C8-BD3B-43E9-92B6-3173290E9258}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BEA1436-7EC0-4CE6-9CAC-E9509E0F8F8B}" = rport=137 | protocol=17 | dir=out | app=system |
"{A6DB343E-B4A6-4C30-A455-2A7DFCD981B2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF4BE9B9-E42E-450D-9E1D-E1A4E0FC7184}" = lport=445 | protocol=6 | dir=in | app=system |
"{B57813BF-24F9-4FBE-B0B7-2B8DEAC2970D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BB7B1731-29FC-4A42-A91F-9B167C9BFDB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C62F4B1E-3888-436C-9745-4A5381463306}" = rport=139 | protocol=6 | dir=out | app=system |
"{E2B188C2-8B5D-4A63-A4D3-CDA74D1FD0D5}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1983703-2D8B-4B4D-93D1-2B80675B5124}" = lport=137 | protocol=17 | dir=in | app=system |
"{F74CED2E-22CE-4BCD-890F-D574DE9B60CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9262AB1-24B8-4A1E-8AE4-0CE1DFD0943E}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07DBF6B0-F4CD-4DE4-8C1F-F6E7322ABA1D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08962F2C-331E-4CCC-90AA-391D355F59D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D33873F-388A-4068-839C-60C3C701C628}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{153F7ACB-4653-4D3F-A503-D7950DCB3ADE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{157DF0A7-0B77-4797-8BB0-628DEBBCC98D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1BCD2EC5-BCFE-4B85-82AF-A4AE6ADE4250}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D618557-C33A-427B-AE8B-78E3563D6D5E}" = protocol=17 | dir=in | app=c:\users\vinceroman\appdata\roaming\dropbox\bin\dropbox.exe |
"{261EED8B-3E20-4888-A345-D730B7E0CC1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A49BD2E-65F1-4A42-9408-AF82BAD57652}" = protocol=1 | dir=out | [email protected],-28544 |
"{2EF054D9-7FDC-4D99-B965-E5A2825FC7CA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{30F52EB5-A479-4377-B062-E6271EE24436}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{32AE003C-AC05-4868-BCF7-572003608D81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3503789F-A4CB-4578-B29D-5604933D7795}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38AE575A-3C24-47F9-B10D-1C9194BD4803}" = protocol=58 | dir=out | [email protected],-28546 |
"{49D2EDBA-9AB0-46EE-B2C6-CDDE8F635B7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67DDCF08-8EED-4276-9F5D-0467D23F46C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E69284C-D1E9-4213-8713-615C1DCA5B1D}" = protocol=58 | dir=in | [email protected],-28545 |
"{76EA4DD3-8583-4CED-A53F-E53068220B12}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7928C9E5-2CD5-4190-9F71-DCC117F0C856}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8A92B2AF-DCDF-40FA-8A37-3CDB67992024}" = protocol=6 | dir=in | app=c:\users\vinceroman\appdata\roaming\dropbox\bin\dropbox.exe |
"{8D8C1CA8-06EE-4A28-8956-86D202303621}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{A52C44E3-4274-4879-BD8A-09C677DC513D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{A96C3C82-1CA7-44BA-9101-989D23A5FFDD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{ABE3177F-1E52-4B52-BCB8-EFDE7B9B652C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AEB59A6C-5DD9-4AF9-9FDD-E76AC2ECDDA1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{B762F0AA-06A5-4646-9A99-A7E31B7CDC2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC5C74AD-3DE8-4BF8-BF2B-50CB792F7ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6DCDFC3-58F6-4F4F-9429-C1A85FD252C6}" = protocol=6 | dir=out | app=system |
"{DC8685BF-9C4E-4A40-B87D-A588EB2EB857}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8EA8E18-D255-4CE6-8730-23C2FC99686A}" = protocol=1 | dir=in | [email protected],-28543 |
"{EB091BC1-0511-471B-8DBB-B6A8A4420A2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6FBE206-E41F-48D9-B7A8-1C2D9E1CCF4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2B95FECA-16D7-4A15-9A27-C180548B955C}C:\users\vinceroman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\vinceroman\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D1050752-82CB-4B58-AC31-46EA30A203D4}C:\users\vinceroman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\vinceroman\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Google Chrome" = Google Chrome
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"SpeedFan" = SpeedFan (remove only)
"uTorrent" = µTorrent

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/12/2012 15:56:00 | Computer Name = vinceroman-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/12/2012 08:19:31 | Computer Name = vinceroman-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/12/2012 10:18:43 | Computer Name = vinceroman-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 6.0.0.126, time stamp:
0x509ce778 Faulting module name: Flash32_11_5_502_135.ocx_unloaded, version: 0.0.0.0,
time stamp: 0x50b84945 Exception code: 0xc0000005 Fault offset: 0x630943bd Faulting
process id: 0xad0 Faulting application start time: 0x01cde5be8cf2626e Faulting application
path: C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: Flash32_11_5_502_135.ocx
Report
Id: a5b6bb1e-51c2-11e2-a5c8-485b395f034c

Error - 29/12/2012 10:25:03 | Computer Name = vinceroman-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/12/2012 10:28:13 | Computer Name = vinceroman-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/12/2012 10:44:44 | Computer Name = vinceroman-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/12/2012 11:00:30 | Computer Name = vinceroman-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/12/2012 11:44:27 | Computer Name = vinceroman-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/12/2012 08:19:45 | Computer Name = vinceroman-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/12/2012 08:22:50 | Computer Name = vinceroman-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 27/12/2012 13:58:09 | Computer Name = vinceroman-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:52:12 on ?27/?12/?2012 was unexpected.

Error - 27/12/2012 14:13:14 | Computer Name = vinceroman-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:06:03 on ?27/?12/?2012 was unexpected.

Error - 27/12/2012 18:24:43 | Computer Name = vinceroman-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:14:06 on ?27/?12/?2012 was unexpected.

Error - 28/12/2012 08:15:29 | Computer Name = vinceroman-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 00:31:37 on ?28/?12/?2012 was unexpected.

Error - 28/12/2012 15:54:17 | Computer Name = vinceroman-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 16:15:52 on ?28/?12/?2012 was unexpected.

Error - 29/12/2012 08:17:48 | Computer Name = vinceroman-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:13:10 on ?28/?12/?2012 was unexpected.

Error - 29/12/2012 10:26:53 | Computer Name = vinceroman-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.6. The computer with the IP address 192.168.0.24 did not
allow the name to be claimed by this computer.

Error - 29/12/2012 11:12:09 | Computer Name = vinceroman-PC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 29/12/2012 11:42:44 | Computer Name = vinceroman-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:40:10 on ?29/?12/?2012 was unexpected.

Error - 30/12/2012 08:18:03 | Computer Name = vinceroman-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:07:54 on ?29/?12/?2012 was unexpected.


< End of report >
  • 0

#5
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hmmm, don't see anything malware related in those logs.

Let's do a Malwarebytes scan and an online virus scan to see what they come up with.

Step 1
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
When asked about the trial version, please decline for now.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • Malwarebytes log
  • ESET online virus scan log

  • 0

#6
Vinceroman

Vinceroman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 196 posts
Hello, here is the MBAM log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.31.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
vinceroman :: VINCEROMAN-PC [administrator]

31/12/2012 08:37:43
mbam-log-2012-12-31 (08-37-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203073
Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESET log file

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=124ccc95d007a740bae2de4bdd47f217
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-31 09:24:58
# local_time=2012-12-31 09:24:58 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 54349625 109410948 0 0
# scanned=100059
# found=0
# cleaned=0
# scan_time=2308
  • 0

#7
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi again - Happy New Year!

Well, those logs look squeaky clean to me.
Let's clean up my tools now, and I will try to figure out what is going on, but honestly, I think my colleague in the previous thread is better qualified to help with this issue.

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • Go Start > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:

I see one more thing to try, I know it sounds crazy but I see where it worked in two cases. Please select shutdown then immediately turn off your monitor.
Did the computer shut down properly with the monitor off?
  • 0

#8
Vinceroman

Vinceroman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 196 posts
Ive just done what youve asked me to do which was to click shut down then turn off the computer by pressing the power button.. On the start up, it did not show the screen where I have to choose if I want to run in safe mode or in normal mode (Not sure what the screen is called). I will try to click shut down and see what happens. I hope it will work.

Also, the malwarebytes anti-malware has run out. I get the pop up on start up that I am no longer protected because the trial version has expired.. Shall I uninstall this or?

Last thing, I just wanna say thanks for all the help and Happy New Year to you too. Mine will be in less 5 and a half hours but I will reply if I see your message here.

Thanks again


PS: Computer still restarted when I went on shut down. From now on I will do that way though, click shut down then press power button.

Edited by Vinceroman, 31 December 2012 - 12:35 PM.

  • 0

#9
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts

Ive just done what youve asked me to do which was to click shut down then turn off the computer by pressing the power button.


Sorry if I worded it poorly, I only wanted you to power off your monitor(s), not the computer itself.
Down on the lower right side of the monitor there is the power button, it should be the farthest button on the right, just about in the corner.
So here is the sequence I would like you to try -
Click on the Start Orb and select Shut Down
as soon as you click on Shut Down, please press the power button on your monitor(s) to turn off the monitor(s) only.

If all goes right, you should hear the fans stop spinning on your tower after a few moments. If they don't stop after say 5 minutes or so, you can turn the monitor back on and see if it restarted itself.

Malwarebytes is still a great program to keep, even if the Pro trial has expired. I use the free version and scan my computer with it every other week, but feel free to uninstall it if you don't want it.
  • 0

#10
Vinceroman

Vinceroman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 196 posts
My monitors are actually TV screens, I clicked shut down and pressed the off button on my screen. The computer still restarted after pressing the shut down button. It's always been the fans spin make a loud noise then into a quiet noise then back into a loud noise meaning it didn't shut down and its restarting.
  • 0

#11
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Ok, it was worth trying. I had read of a few users that had success after doing so.

I can say that your logs are not showing any malware at this time. I would suggest that you go back to your original thread, and if I can think of anything else, I can post in there.
Sorry that I have not been more helpful.
  • 0

#12
phillpower2

phillpower2

    Tech Staff

  • Technician
  • 21,513 posts
Thanks for taking care of Vinceroman Crowbar :thumbsup:

Vinceroman, see you back at your earlier topic http://www.geekstogo...other-problems/
  • 0

#13
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
No Problem, I wish I could have been more help.
  • 0

#14
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP