I am new to this forum and would appreciate someone helping me in reversing what ComboFix.exe has done. Any HELP would be much appreciated. I Ran ComboFix.exe to fix two issues.
1).Runn DLL32IEDKC32 DLL Brand IE4 Signup. Which I believe is a virus?
2).Pup.Datamngr
AVG blocked a blackhole exploit kit when ComboFix.exe started its scan, which I allowed. When scan completed, I no longer have access to my system files or programs except a few. I get a error stating C:\Users|WayneAdams\Desktop.ini Illegal operation attempted on a registry key that has been marked for deletion. I will atempt to show these errors and some system folders by using snapshot which I can still use as administrator!
Everything that ComboFix.exe found has been moved to quarantined in a folder called Qoobox. AVG's Identity Protection is not active due to the quarantine. I no longer have access to system restore because of the error I mentioned earlier.
I have included 3 notepad logs or reports showing what ComboFix.exe has done.
Any help would be sincerely appreciated.
1rst) ComboFix 13-02-02.05 - WayneAdams 02/03/2013 0:36.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8174.6417 [GMT -5:00]
Running from: c:\users\WayneAdams\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\WayneAdams\AppData\Roaming\Roaming
c:\users\WayneAdams\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\WayneAdams\g2mdlhlpx.exe
c:\windows\msvcr71.dll
c:\windows\wininit.ini
c:\windows\SysWOW64\ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 01:53 . 2013-02-03 02:09 -------- d-----w- c:\users\TEMP
2013-01-30 17:51 . 2013-01-30 17:51 -------- d-----w- c:\program files (x86)\FileASSASSIN
2013-01-30 17:30 . 2013-01-30 17:30 -------- d-----w- c:\program files (x86)\Citrix
2013-01-30 13:29 . 2013-01-30 16:01 -------- d-----w- c:\windows\SysWow64\C2MP
2013-01-30 03:47 . 2013-01-30 03:47 -------- d-----w- c:\users\WayneAdams\AppData\Local\Coupon Companion
2013-01-30 03:46 . 2013-01-30 16:01 -------- d-----w- c:\program files (x86)\Coupon Companion
2013-01-30 01:07 . 2013-01-30 01:07 -------- d-----w- c:\programdata\APN
2013-01-29 04:44 . 2013-01-29 04:44 -------- d-----w- c:\program files (x86)\PANDORA.TV
2013-01-24 00:18 . 2013-01-24 00:18 -------- d-----w- c:\users\WayneAdams\AppData\Roaming\RealNetworks
2013-01-24 00:18 . 2013-01-30 16:01 -------- d-----w- c:\program files (x86)\RealNetworks
2013-01-24 00:18 . 2013-01-24 00:18 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-01-24 00:17 . 2013-01-24 00:17 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-18 17:40 . 2013-01-18 23:44 -------- d-----w- c:\users\WayneAdams\temp
2013-01-18 17:39 . 2013-01-19 23:55 -------- d-----w- c:\users\WayneAdams\AppData\Local\Avid
2013-01-18 17:35 . 2013-01-18 17:35 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2013-01-18 17:20 . 2013-01-18 17:20 -------- d-----w- c:\windows\system32\appmgmt
2013-01-18 17:07 . 2013-01-18 17:07 -------- d-----w- c:\programdata\PCTV Systems
2013-01-18 01:09 . 2013-01-18 01:09 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2013-01-18 01:00 . 2013-01-18 17:34 -------- d-----w- c:\program files (x86)\Pinnacle
2013-01-15 20:54 . 2012-05-08 23:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-15 20:52 . 2010-11-26 23:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-15 20:13 . 2013-01-15 20:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-15 20:11 . 2013-01-15 20:11 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-15 20:11 . 2013-01-15 20:11 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-15 20:11 . 2013-01-15 20:11 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-15 20:11 . 2013-01-15 20:11 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-15 20:07 . 2013-01-15 20:07 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-15 20:06 . 2013-01-15 20:06 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2013-01-15 20:06 . 2013-01-15 20:06 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-15 20:06 . 2013-01-15 20:06 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-15 20:06 . 2013-01-15 20:06 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-01-15 20:06 . 2013-01-15 20:06 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-15 20:06 . 2013-01-15 20:06 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-15 20:05 . 2013-01-15 20:05 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-15 20:05 . 2013-01-15 20:05 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-15 20:05 . 2013-01-15 20:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-15 20:05 . 2013-01-15 20:05 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-15 20:05 . 2013-01-15 20:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-01-15 20:05 . 2013-01-15 20:05 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-15 19:58 . 2013-01-15 19:58 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-01-15 19:58 . 2013-01-15 19:58 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-01-15 19:48 . 2013-01-15 19:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-15 19:48 . 2013-01-15 19:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-15 19:48 . 2013-01-15 19:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-15 19:47 . 2013-01-15 19:47 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-15 19:47 . 2013-01-15 19:47 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-01-15 19:47 . 2013-01-15 19:47 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-15 19:47 . 2013-01-15 19:47 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-15 19:47 . 2013-01-15 19:47 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-15 19:47 . 2013-01-15 19:47 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-15 19:47 . 2013-01-15 19:47 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-15 19:46 . 2013-01-15 19:46 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-01-15 19:42 . 2013-01-15 19:42 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-15 19:42 . 2013-01-15 19:42 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-01-15 19:42 . 2013-01-15 19:42 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-15 19:42 . 2013-01-15 19:42 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-15 19:42 . 2013-01-15 19:42 220672 ----a-w- c:\windows\system32\wintrust.dll
2013-01-15 19:42 . 2013-01-15 19:42 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-01-15 19:42 . 2013-01-15 19:42 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-01-15 19:36 . 2013-01-14 22:25 26448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-15 19:19 . 2013-01-15 20:51 -------- d-----w- c:\programdata\IObit
2013-01-15 19:19 . 2013-01-30 16:00 -------- d-----w- c:\users\WayneAdams\AppData\Roaming\IObit
2013-01-11 12:48 . 2013-01-13 00:33 -------- d-----w- c:\users\WayneAdams\AppData\Roaming\DMCache
2013-01-11 01:50 . 2013-01-11 01:50 -------- d-----w- c:\users\WayneAdams\AppData\Local\Garmin
2013-01-11 01:50 . 2013-01-11 01:59 -------- d-----w- c:\programdata\Garmin
2013-01-11 01:50 . 2013-01-11 01:50 -------- d-----w- c:\users\WayneAdams\AppData\Local\GARMIN_Corp
2013-01-11 01:49 . 2013-01-11 01:49 -------- d-----w- c:\program files\DIFX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 12:02 . 2011-10-18 12:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-02 11:52 . 2011-09-30 03:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-02 11:52 . 2011-09-30 03:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-15 19:59 . 2013-01-15 19:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-09 10:36 . 2012-04-04 21:47 697864 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 10:36 . 2011-09-26 16:55 74248 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-30 02:19 . 2012-12-30 02:19 178800 ------w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-12-29 15:50 . 2011-10-18 12:07 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-29 15:50 . 2011-10-18 12:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-29 10:34 . 2012-09-20 10:12 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-09-20 10:12 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-05-27 15:08 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2012-03-14 13:50 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2012-02-11 22:55 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2012-02-11 22:55 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2011-09-26 17:29 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 08:40 . 2011-01-08 00:49 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2011-01-08 00:49 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-03-14 13:51 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2011-09-26 17:29 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2011-01-08 00:48 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2011-01-08 00:48 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 07:54 . 2012-12-29 07:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-14 21:49 . 2012-12-29 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-10 03:39 . 2012-12-10 03:39 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-29 01:15 . 2012-11-29 00:24 181064 ----a-w- c:\windows\PSEXESVC.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-10 03:33 220632 ----a-w- c:\users\WayneAdams\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-10 03:33 220632 ----a-w- c:\users\WayneAdams\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-10 03:33 220632 ----a-w- c:\users\WayneAdams\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-06-23 22:20 2042504 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-06-23 22:20 2042504 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-06-23 22:20 2042504 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyGames"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^WayneAdams^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager^Registry: HKLM:RUN
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Cleaners^32*Registry: HKLM:RUN
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt^32*Registry: HKLM:RUN
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM^32*Registry: HKLM:RUN]
2012-12-03 07:35 946352 ----a-w- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task^32*Registry: HKLM:RUN]
2012-10-25 08:12 421888 ----a-w- c:\program files (x86)\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Roxio Burn]
2010-06-30 13:10 477680 ----a-w- c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-02-12 03:23 1242448 ----a-w- c:\program files (x86)\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched^32*Registry: HKLM:RUN]
2012-01-18 19:02 254696 ----a-w- c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DelReg"=c:\program files (x86)\MSI\OverclockingCenter\DelReg.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200]
R3 cpuz134;cpuz134; [x]
R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2010-04-12 44344]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4; [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-06-23 178784]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-05-06 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-05-06 13280]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 40712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2012-08-13 292736]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 aswKbd;aswKbd; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-09 31080]
S1 c2scsi64;c2scsi64;c:\windows\system32\DRIVERS\c2scsi64.sys [2010-07-16 167920]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-11-01 42248]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-02-27 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-14 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-14 130864]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-14 465232]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-02 1340976]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-03-26 81008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-14 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-14 166192]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 06:43 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 10:36]
.
2012-12-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-09-27 23:27]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 12:01]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 12:01]
.
2012-06-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-08-08 19:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-10 03:33 244696 ----a-w- c:\users\WayneAdams\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-10 03:33 244696 ----a-w- c:\users\WayneAdams\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-10 03:33 244696 ----a-w- c:\users\WayneAdams\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-06-23 22:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-06-23 22:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-06-23 22:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 10.0.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\fk8bv7e2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-12-23 11:09; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\fk8bv7e2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-15 09:25; [email protected]; c:\users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\fk8bv7e2.default\extensions\[email protected]
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e60789240000000000006c626dbc0c11&q=
FF - user.js: extensions.BabylonToolbar.id - e60789240000000000006c626dbc0c11
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15697
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.222:23
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=5112_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-ioloSystemService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269]
"ImagePath"="c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeARMservice]
"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdvancedSystemCareService6]
"ImagePath"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswKbd]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgfwfd]
"ImagePath"="system32\DRIVERS\avgfwd6a.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgfws]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgfws.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgtp]
"ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BOT4Service]
"ImagePath"="\"c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\c2scsi64]
"ImagePath"="system32\DRIVERS\c2scsi64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus]
"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cpuz134]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CSC]
"ImagePath"="system32\drivers\csc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CscService]
"ServiceDll"="%SystemRoot%\System32\cscsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DualCoreCenter]
"ImagePath"="\??\c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileMonitor]
"ImagePath"="\??\c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fssfltr]
"ImagePath"="system32\DRIVERS\fssfltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fsssvc]
"ImagePath"="\"c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdate]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdatem]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcmon]
"ImagePath"="\??\c:\windows\system32\drivers\hcmon.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService]
"ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HssDRV6]
"ImagePath"="system32\DRIVERS\hssdrv6.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt]
"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IDriverT]
"ImagePath"="\"c:\program files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IMFservice]
"ImagePath"="c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHD64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass]
"ImagePath"="\SystemRoot\system32\drivers\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid]
"ImagePath"="\SystemRoot\system32\drivers\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MarvinBus]
"ImagePath"="system32\DRIVERS\MarvinBus64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMScheduler]
"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMService]
"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBfilt]
"ImagePath"="system32\drivers\MBfilt64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEIx64]
"ImagePath"="system32\DRIVERS\HECIx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MozillaMaintenance]
"ImagePath"="\"c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci]
"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSI_MSIBIOS_010507]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios]
"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netr28ux]
"ImagePath"="system32\DRIVERS\netr28ux.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTIOLib_1_0_4]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nusb3hub]
"ImagePath"="system32\DRIVERS\nusb3hub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nusb3xhc]
"ImagePath"="system32\DRIVERS\nusb3xhc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NVHDA]
"ImagePath"="system32\drivers\nvhda64v.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvlddmkm]
"ImagePath"="system32\DRIVERS\nvlddmkm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvsvc]
"ImagePath"="c:\windows\system32\nvvsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvUpdatusService]
"ImagePath"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ose64]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\osppsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Outlook]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PanService]
"ImagePath"="c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PeerDistSvc]
"ServiceDll"="%SystemRoot%\system32\peerdistsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PuranDefrag]
"ImagePath"="\"c:\windows\system32\PuranDefragS.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PxHlpa64]
"ImagePath"="System32\Drivers\PxHlpa64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus]
"ImagePath"="system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDR]
"ImagePath"="System32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPUDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RdpVideoMiniport]
"ImagePath"="System32\drivers\rdpvideominiport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RealNetworks Downloader Resolver Service]
"ImagePath"="\"c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RegFilter]
"ImagePath"="\??\c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RoxMediaDB13]
"ImagePath"="\"c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RoxWatch12]
"ImagePath"="\"c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\s3cap]
"ImagePath"="\SystemRoot\system32\drivers\vms3cap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sahdad64]
"ImagePath"="System32\Drivers\Sahdad64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Saibad64]
"ImagePath"="System32\Drivers\Saibad64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SaibVdAd64]
"ImagePath"="System32\Drivers\SaibVdAd64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SbFw]
"ImagePath"="system32\drivers\SbFw.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBFWIMCL]
"ImagePath"="system32\DRIVERS\sbfwim.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBFWIMCLMP]
"ImagePath"="system32\DRIVERS\SBFWIM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbhips]
"ImagePath"="system32\drivers\sbhips.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBRE]
"ImagePath"="\??\c:\windows\system32\drivers\SBREdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBSDWSCService]
"ImagePath"="c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SbTis]
"ImagePath"="system32\drivers\sbtis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmartDefragBootTime]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmartDefragDriver]
"ImagePath"="System32\Drivers\SmartDefragDriver.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\speedfan]
"ImagePath"="SysWOW64\speedfan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Steam Client Service]
"ImagePath"="c:\program files (x86)\Common Files\Steam\SteamService.exe /RunAsService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Stereo Service]
"ImagePath"="c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\StillCam]
"ImagePath"="system32\DRIVERS\serscan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\storflt]
"ImagePath"="system32\drivers\vmstorfl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\storvsc]
"ImagePath"="\SystemRoot\system32\drivers\storvsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum]
"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Synth3dVsc]
"ImagePath"="System32\drivers\synth3dvsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\taphss]
"ImagePath"="system32\DRIVERS\taphss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\taphss6]
"ImagePath"="system32\DRIVERS\taphss6.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TeamViewer7]
"ImagePath"="c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD]
"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tsusbhub]
"ImagePath"="system32\drivers\tsusbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass]
"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmRdpService]
"ServiceDll"="%SystemRoot%\System32\umrdp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UrlFilter]
"ImagePath"="\??\c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp]
"ImagePath"="\SystemRoot\system32\drivers\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub]
"ImagePath"="\SystemRoot\system32\drivers\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci]
"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VBoxDrv]
"ImagePath"="system32\DRIVERS\VBoxDrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VBoxNetAdp]
"ImagePath"="system32\DRIVERS\VBoxNetAdp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VBoxNetFlt]
"ImagePath"="system32\DRIVERS\VBoxNetFlt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VBoxUSBMon]
"ImagePath"="system32\DRIVERS\VBoxUSBMon.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VGPU]
"ImagePath"="System32\drivers\rdvgkmd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmbus]
"ImagePath"="system32\drivers\vmbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMBusHID]
"ImagePath"="\SystemRoot\system32\drivers\VMBusHID.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmci]
"ImagePath"="\??\c:\windows\system32\drivers\vmci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmkbd]
"ImagePath"="\??\c:\windows\system32\drivers\VMkbd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMnetAdapter]
"ImagePath"="system32\DRIVERS\vmnetadapter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMnetBridge]
"ImagePath"="system32\DRIVERS\vmnetbridge.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMnetDHCP]
"ImagePath"="c:\windows\system32\vmnetdhcp.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMnetuserif]
"ImagePath"="\??\c:\windows\system32\drivers\vmnetuserif.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMware]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMware NAT Service]
"ImagePath"="c:\windows\system32\vmnat.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmx86]
"ImagePath"="\??\c:\windows\system32\drivers\vmx86.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vstor2-ws60]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus]
"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VWiFiFlt]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\YahooAUService]
"ImagePath"="\"c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{2054F5A7-0F68-41F5-8F70-FC42E6A5C649}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{22EDEAD7-0040-4E66-86BD-DF51272798A6}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{7431E8F0-319D-48E9-ACB7-C825953D13AE}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{AEC6C2BC-B836-41E6-B740-1AB74403D2F5}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{C46D88A1-6AAE-4219-BC26-7B9B9A5D3794}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{E82B5682-302A-40B0-80C5-D1D9A530D73D}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:33,00,01,e7,59,d8,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\03\1c\17\"1?"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\PANDORA.TV\PanService\PanProcess.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
.
**************************************************************************
.
Completion time: 2013-02-03 00:56:30 - machine was rebooted
.
Pre-Run: 677,299,970,048 bytes free
Post-Run: 677,174,374,400 bytes free
.
- - End Of File - - 8C7043EE563314F035A17C8033AC788D
2nd) OTL logfile created on: 2/3/2013 9:46:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WayneAdams\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 71.82% Memory free
15.96 Gb Paging File | 13.22 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 630.68 Gb Free Space | 67.71% Space Free | Partition Type: NTFS
Computer Name: WAYNEADAMS-PC | User Name: WayneAdams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/03 09:46:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WayneAdams\Desktop\OTL.exe
PRC - [2013/01/14 17:24:00 | 000,703,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/01/14 17:23:38 | 000,465,232 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2013/01/09 05:36:40 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/29 05:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/09/28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
========== Modules (No Company Name) ==========
MOD - [2013/01/14 17:24:58 | 000,349,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/14 17:24:58 | 000,051,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/14 17:24:56 | 000,183,632 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/14 17:24:30 | 000,893,264 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2012/06/23 17:20:18 | 006,307,928 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/08/13 16:27:44 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/22 17:37:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/14 17:23:38 | 000,465,232 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/01/09 05:36:41 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/29 05:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/07 20:56:35 | 000,529,232 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/03/25 22:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 22:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/13 12:02:00 | 000,039,408 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/07/16 05:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 05:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/01/15 14:42:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/01 13:31:08 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/11/01 13:25:26 | 000,042,248 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/10 11:30:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/09/09 13:15:29 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/14 17:23:00 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/02/27 11:36:14 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2012/02/23 11:11:26 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/06 13:30:50 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2011/05/06 13:30:46 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/25 22:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/03/25 22:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/25 22:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/03/25 22:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/03/25 21:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/25 19:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/03/25 19:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/02/10 13:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 13:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/16 10:12:14 | 000,167,920 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\C2SCSI64.SYS -- (c2scsi64)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/08/02 06:56:28 | 000,900,608 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2005/09/23 21:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/04/12 10:36:26 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys -- (DualCoreCenter)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsof...ss/allinone.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {E1C7D25E-7949-4E7E-AF86-73C9FFD173E1}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0006c626dbc0c11
IE - HKCU\..\SearchScopes\{35A11055-4C45-4B5C-BC63-CC3A88C0FF38}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{5106E20C-4472-4C45-800F-9488BE463818}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{C56128EB-AF71-4174-86EA-A5CFE62A08DA}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E1C7D25E-7949-4E7E-AF86-73C9FFD173E1}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519_yserp3tst"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:12.2.5.4
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\WayneAdams\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.4\ [2012/09/09 13:15:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/30 11:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/30 11:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/23 19:17:56 | 000,000,000 | ---D | M]
[2012/03/25 20:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Extensions
[2013/02/01 08:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\fk8bv7e2.default\extensions
[2013/01/15 14:25:48 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\fk8bv7e2.default\extensions\[email protected]
[2013/02/01 08:08:46 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\fk8bv7e2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/22 22:23:05 | 000,002,432 | ---- | M] () -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\fk8bv7e2.default\searchplugins\babylon1.xml
[2013/01/22 17:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/22 17:36:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/22 17:36:57 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/01/22 17:36:57 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2013/01/22 17:36:57 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/09/09 13:15:48 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.4
[2013/01/22 17:37:00 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/23 17:20:16 | 000,033,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013/01/23 19:17:53 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/11 04:53:42 | 000,003,571 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/12/22 22:22:57 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/11/29 18:43:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 18:43:58 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\WayneAdams\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\WayneAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\WayneAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\WayneAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\WayneAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Secure Search = C:\Users\WayneAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.4_0\
CHR - Extension: Gmail = C:\Users\WayneAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/02/03 00:52:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WinThemePack Logon] C:\Program Files (x86)\WinThemePack\Amazing Guns Logon Screen\tweak.exe (WinThemePack.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 147
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 147
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (Reg Error: Key error.)
O16:64bit: - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur.../FMSI_v4110.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16:64bit: - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_64.CAB (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7431E8F0-319D-48E9-ACB7-C825953D13AE}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEC6C2BC-B836-41E6-B740-1AB74403D2F5}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/11 18:17:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/07/21 12:40:24 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (RegistryDefragBootTime.exe)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/03 09:45:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\WayneAdams\Desktop\OTL.exe
[2013/02/03 01:30:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/03 01:23:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/02/03 00:56:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/03 00:34:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/03 00:34:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/03 00:34:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/03 00:33:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/03 00:32:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/02 22:43:58 | 005,029,149 | R--- | C] (Swearware) -- C:\Users\WayneAdams\Desktop\ComboFix.exe
[2013/02/02 22:13:13 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Desktop\You-Tube movies
[2013/02/02 22:11:49 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Desktop\fix it rkill
[2013/01/30 12:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013/01/30 12:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2013/01/30 12:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013/01/30 08:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
[2013/01/30 08:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecs for Windows 7 Pack
[2013/01/30 08:29:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2013/01/29 23:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/29 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Coupon Companion
[2013/01/29 22:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion
[2013/01/29 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Desktop\security programs
[2013/01/29 20:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/01/28 23:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV
[2013/01/28 23:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PANDORA.TV
[2013/01/23 19:18:31 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\RealNetworks
[2013/01/23 19:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/01/23 19:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/23 19:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/01/23 19:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/23 19:17:47 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/23 07:48:12 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\EAA Polymer 9mm
[2013/01/22 17:36:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/22 12:55:06 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Mechelle-Job Search
[2013/01/22 06:50:07 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/01/18 18:44:49 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Pinnacle
[2013/01/18 12:40:25 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\temp
[2013/01/18 12:40:18 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\InstantCDDVD
[2013/01/18 12:39:50 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Avid
[2013/01/18 12:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 16
[2013/01/18 12:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pegasus Imaging
[2013/01/18 12:34:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2013/01/18 12:20:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/18 12:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PCTV Systems
[2013/01/17 20:11:05 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Pinnacle Studio
[2013/01/17 20:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle
[2013/01/17 20:06:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2013/01/17 20:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2013/01/15 15:54:01 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/01/15 15:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/01/15 15:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/01/15 14:36:45 | 000,026,448 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/01/15 14:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/01/15 14:19:10 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\IObit
[2013/01/15 14:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/01/11 07:48:51 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\DMCache
[2013/01/10 20:50:20 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Garmin
[2013/01/10 20:50:19 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\My Garmin
[2013/01/10 20:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2013/01/10 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\GARMIN_Corp
[2013/01/10 20:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/02/03 09:46:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WayneAdams\Desktop\OTL.exe
[2013/02/03 09:43:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/03 09:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/03 08:52:10 | 000,030,464 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 08:52:10 | 000,030,464 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 02:09:39 | 000,000,144 | ---- | M] () -- C:\Users\WayneAdams\Desktop\ComboFix - Deleted EVERYTHING.url
[2013/02/03 00:56:51 | 000,730,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/03 00:56:51 | 000,626,624 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/03 00:56:51 | 000,107,526 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/03 00:52:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/03 00:52:28 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/03 00:52:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/02 22:44:04 | 005,029,149 | R--- | M] (Swearware) -- C:\Users\WayneAdams\Desktop\ComboFix.exe
[2013/02/02 07:48:30 | 000,000,161 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Florida Housing Finance Corporation (2).url
[2013/02/02 07:48:04 | 002,970,719 | ---- | M] () -- C:\Users\WayneAdams\Documents\Citrus 10-13[1] SHIP.pdf
[2013/02/02 07:19:09 | 000,000,171 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Florida Housing Finance Corporation.url
[2013/01/31 18:44:25 | 000,154,048 | ---- | M] () -- C:\Users\WayneAdams\Documents\ringsizer[1].pdf
[2013/01/30 14:58:29 | 000,001,013 | ---- | M] () -- C:\Users\WayneAdams\Desktop\KMPlayer.lnk
[2013/01/30 14:58:02 | 026,039,992 | ---- | M] () -- C:\Users\WayneAdams\Desktop\KMPlayer_3-5-0-77_00_20130123015648.exe
[2013/01/30 12:51:21 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/01/29 07:27:32 | 000,051,088 | ---- | M] () -- C:\Users\WayneAdams\Documents\habitat1.PNG
[2013/01/28 23:37:50 | 001,026,378 | ---- | M] () -- C:\Users\WayneAdams\Documents\Benefit Verification Letter 01282013.mht
[2013/01/25 20:36:31 | 000,000,183 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Penny Gun Auction.url
[2013/01/24 21:03:23 | 000,085,015 | ---- | M] () -- C:\Users\WayneAdams\Documents\Seal-and-Expunge-Application_Revised-06152010[1].pdf
[2013/01/24 19:15:26 | 000,561,751 | ---- | M] () -- C:\Users\WayneAdams\Documents\Habitat Orientation Jan 2013.jpg
[2013/01/23 19:18:19 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/23 19:17:47 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/22 09:56:35 | 000,001,210 | ---- | M] () -- C:\Users\WayneAdams\Documents\FLUID -- Florida Unemployment Internet Direct Claims.mht
[2013/01/19 18:55:37 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/01/18 12:40:48 | 000,003,584 | ---- | M] () -- C:\Users\WayneAdams\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/18 12:37:46 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Studio 16.lnk
[2013/01/18 12:14:26 | 005,508,818 | ---- | M] () -- C:\Users\WayneAdams\Documents\Studio 16 PDF.pdf
[2013/01/17 18:34:27 | 000,007,647 | ---- | M] () -- C:\Users\WayneAdams\AppData\Local\Resmon.ResmonCfg
[2013/01/15 22:43:26 | 000,560,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/15 15:52:55 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/01/15 15:52:31 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/01/15 14:19:10 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/01/15 14:19:10 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/01/14 17:25:40 | 000,026,448 | ---- | M] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/01/13 12:09:34 | 000,002,229 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Google Chrome.lnk
[2013/01/10 07:57:03 | 002,515,455 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Manual WOW.pdf
[2013/01/05 19:37:58 | 000,027,598 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Emotions-2.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/02/03 02:09:39 | 000,000,144 | ---- | C] () -- C:\Users\WayneAdams\Desktop\ComboFix - Deleted EVERYTHING.url
[2013/02/03 00:34:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/03 00:34:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/03 00:34:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/03 00:34:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/03 00:34:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/02 07:48:30 | 000,000,161 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Florida Housing Finance Corporation (2).url
[2013/02/02 07:48:04 | 002,970,719 | ---- | C] () -- C:\Users\WayneAdams\Documents\Citrus 10-13[1] SHIP.pdf
[2013/02/02 07:19:09 | 000,000,171 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Florida Housing Finance Corporation.url
[2013/01/31 18:44:25 | 000,154,048 | ---- | C] () -- C:\Users\WayneAdams\Documents\ringsizer[1].pdf
[2013/01/30 14:58:29 | 000,001,013 | ---- | C] () -- C:\Users\WayneAdams\Desktop\KMPlayer.lnk
[2013/01/30 14:57:32 | 026,039,992 | ---- | C] () -- C:\Users\WayneAdams\Desktop\KMPlayer_3-5-0-77_00_20130123015648.exe
[2013/01/30 12:51:21 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/01/29 07:27:32 | 000,051,088 | ---- | C] () -- C:\Users\WayneAdams\Documents\habitat1.PNG
[2013/01/28 23:37:48 | 001,026,378 | ---- | C] () -- C:\Users\WayneAdams\Documents\Benefit Verification Letter 01282013.mht
[2013/01/25 20:36:31 | 000,000,183 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Penny Gun Auction.url
[2013/01/24 21:03:23 | 000,085,015 | ---- | C] () -- C:\Users\WayneAdams\Documents\Seal-and-Expunge-Application_Revised-06152010[1].pdf
[2013/01/24 19:15:26 | 000,561,751 | ---- | C] () -- C:\Users\WayneAdams\Documents\Habitat Orientation Jan 2013.jpg
[2013/01/23 19:18:19 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/22 09:56:34 | 000,001,210 | ---- | C] () -- C:\Users\WayneAdams\Documents\FLUID -- Florida Unemployment Internet Direct Claims.mht
[2013/01/18 12:40:47 | 000,003,584 | ---- | C] () -- C:\Users\WayneAdams\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/18 12:37:46 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 16.lnk
[2013/01/18 12:22:45 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/01/18 12:14:25 | 005,508,818 | ---- | C] () -- C:\Users\WayneAdams\Documents\Studio 16 PDF.pdf
[2013/01/15 15:52:56 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/01/15 15:52:55 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/01/15 15:52:31 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/01/15 14:19:10 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/01/15 14:19:10 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/01/10 07:57:03 | 002,515,455 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Manual WOW.pdf
[2013/01/05 19:38:05 | 000,027,598 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Emotions-2.jpg
[2012/11/28 19:22:33 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-WAYNEADAMS-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2012/09/18 11:00:33 | 000,140,058 | ---- | C] () -- C:\Users\WayneAdams\AppData\Local\ars.cache
[2012/08/09 07:07:02 | 000,017,408 | ---- | C] () -- C:\Users\WayneAdams\AppData\Local\WebpageIcons.db
[2012/04/02 16:55:12 | 000,253,352 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/03/19 21:28:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2012/01/18 06:51:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/12/16 22:18:55 | 006,970,219 | ---- | C] () -- C:\Users\WayneAdams\AppData\Local\census.cache
[2011/12/16 18:43:34 | 000,000,036 | ---- | C] () -- C:\Users\WayneAdams\AppData\Local\housecall.guid.cache
[2011/12/14 22:55:24 | 000,007,647 | ---- | C] () -- C:\Users\WayneAdams\AppData\Local\Resmon.ResmonCfg
[2011/10/02 20:37:11 | 000,000,565 | ---- | C] () -- C:\Users\WayneAdams\AppData\Roaming\myMPQ.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/27 06:22:18 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/09/27 06:08:06 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2011/09/26 13:44:42 | 000,730,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/01/15 14:46:59 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/01/15 14:47:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/09/09 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\AVG
[2012/09/09 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\AVG2013
[2013/02/03 00:52:48 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Azureus
[2012/03/04 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\CleanMyPC Software
[2012/11/11 12:33:08 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\CompuClever
[2013/01/12 19:33:15 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\DMCache
[2012/02/03 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\DreamDale
[2012/04/03 13:26:42 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\DVD-Cloner
[2011/09/26 11:31:48 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\EMCO
[2012/11/09 00:54:48 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\f-secure
[2013/01/10 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Garmin
[2012/08/06 18:55:03 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\GlarySoft
[2013/01/30 11:00:51 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\IObit
[2011/12/15 08:46:46 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\iolo
[2012/12/22 21:29:46 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\iWin
[2012/03/17 16:31:42 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\MAXON
[2012/04/02 07:18:40 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Mipony
[2011/12/16 18:00:29 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Oberon Media
[2012/09/09 21:03:59 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Prey
[2012/07/06 22:36:06 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Quest3D
[2011/09/28 22:21:41 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\SeriousBit
[2012/01/16 10:12:24 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\ShamanGS
[2011/09/26 21:13:29 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Simple Star
[2012/10/12 09:53:38 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\TeamViewer
[2011/10/04 23:59:12 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Thunderbird
[2011/12/08 08:46:28 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Trine2
[2012/12/23 10:08:55 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
========== Alternate Data Streams ==========
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FAC5BCF5
< End of report >
3rd) OTL Extras logfile created on: 2/3/2013 9:46:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WayneAdams\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 71.82% Memory free
15.96 Gb Paging File | 13.22 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 630.68 Gb Free Space | 67.71% Space Free | Partition Type: NTFS
Computer Name: WAYNEADAMS-PC | User Name: WayneAdams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07AD936F-2474-4B73-8C9D-CBCA7388A46B}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{0FDF808F-2393-488B-B7BE-0EF122A62F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{17309A31-AC67-4663-BE2B-0F94B372FF7B}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{41D784B7-1BED-4485-B6D1-68E0353308DF}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{46C332B5-F3C5-4EFD-A05B-C0680B85B5B8}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{4AB65B99-E5A0-4991-B1E4-1B262C47867A}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{5560C342-4B50-43D7-8B25-E6A09D83C38F}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{6141ECE8-13EB-44A6-A2E9-58D4E7B248E8}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{636A3846-1E23-4913-B9F3-EDB6D67E9BCF}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"{8428AF0F-C00B-4B41-87F9-46B4FCDADE77}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{A22A8F9B-474B-4DF4-9137-C761681AA272}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{AE076E43-04F4-487A-ACDE-D2E2D979C852}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{D21CFF38-AEF7-4361-B289-37A47499A1C2}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{D5B3052F-868E-4CD0-9E3B-6C74DC5E772C}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{D7071D42-21A0-4F12-87C8-AE3A50F82AF5}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{D94DED66-AA89-44C4-9079-91DD7A466774}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{F5E6CE3C-2DA3-4F6D-9394-2007B6D83071}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{FBA71C77-53BF-47EB-B79F-E40A3C921B93}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"{FC406721-295A-4FB4-BA1C-BBD29A09A3A7}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{FDB6E2F8-4A00-4D94-91AA-CF49B65CB66D}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb" = Windows Media Player 64-bit Plug-in Fix
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20150000-0011-0000-1000-0000000FF1CE}" = Microsoft Professional Plus 2013
"{20150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B4E0635D-5901-4984-B1BF-70A841B4115D}" = Update for Microsoft Outlook 2013 Previ
"{20150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{20150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{20150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{20150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{20150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{20150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{20150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 Preview - English
"{20150000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 Preview - French
"{20150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 Preview - Spanish
"{20150000-002C-0409-1000-0000000FF1CE}" = Microsoft Proofing (English) 2013
"{20150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{20150000-006E-0409-1000-0000000FF1CE}" = Microsoft Shared MUI (English) 2013
"{20150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{20150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{20150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{20150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{20150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Shared 32-bit MUI (English) 2013
"{20150000-00E1-0409-1000-0000000FF1CE}" = Microsoft OSM MUI (English) 2013
"{20150000-00E2-0409-1000-0000000FF1CE}" = Microsoft OSM UX MUI (English) 2013
"{20150000-0115-0409-1000-0000000FF1CE}" = Microsoft Shared Setup Metadata MUI (English) 2013
"{20150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{20150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{235FC8A2-FFDF-4F74-A829-BA20EC015EC7}" = HP Photosmart 5520 series Product Improvement Study
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.1.4235 x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{53469789-996F-4193-9FBD-A053EE298C6F}" = HP Photosmart 5520 series Basic Device Software
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B374E6A8-501F-4BC0-BA59-4EE78F06B3B2}" = Oracle VM VirtualBox 4.1.10
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"EnhanceMySe7en_is1" = EnhanceMySe7en
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013 Preview
"Puran Utilities_is1" = Puran Utilities 1.0.2
"Speccy" = Speccy
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18E928DE-ABBA-4CEB-A9E4-205769B03FE8}" = Garmin BaseCamp
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33
"{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34AF0799-8123-41BA-885A-BDEB157607F9}" = Jewel Quest III
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1" = Windows Media Player Plus! 2.1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7137E26A-10F7-4B1C-9980-0893579E92DA}" = HP Photosmart 5520 series Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A181D43-86AE-4362-91BF-5C01A19653D7}_is1" = MiniTool Partition Wizard Professional Edition 6.0
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9FAD220A-64E6-4CB7-8488-F728C8E25D6D}_is1" = 1.12.1
"{A044C900-5DE1-4986-B0B8-D6A40271A929}" = Sound Effects
"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Battle vs. Chess_is1" = Battle vs. Chess
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"ControlCenterII_is1" = ControlCenterII
"Crysis WARHEAD®" = Crysis WARHEAD®
"Darksiders II_is1" = Darksiders II
"DualCoreCenter_is1" = DualCoreCenter
"Dungeon Defenders_is1" = Dungeon Defenders
"EMCO UnLock IT 3_is1" = EMCO UnLock IT 3.0
"FileASSASSIN" = FileASSASSIN
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FormatFactory" = FormatFactory 2.95
"GFWL_{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"Glary Utilities_is1" = Glary Utilities Pro 2.16.0.758
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Legends of Pegasus_is1" = Legends of Pegasus
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OverclockingCenter_is1" = OverclockingCenter
"Prey_R.G. Mechanics_is1" = Prey
"RealPlayer 16.0" = RealPlayer
"Ricochet Infinity_is1" = Ricochet Infinity
"Ricochet Xtreme Retail_is1" = Ricochet Xtreme
"Roxio PhotoShow" = Roxio PhotoShow
"Ship Simulator Extremes_is1" = Ship Simulator Extremes
"Shipsim2008" = Ship Simulator 2008
"Smart Defrag 2_is1" = Smart Defrag 2
"SMPlayer" = SMPlayer 0.8.3
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 7" = TeamViewer 7
"The KMPlayer" = The KMPlayer (remove only)
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"UMPlayer" = UMPlayer 0.98 [P4]
"VLC media player" = VLC media player 2.0.2
"War Chess" = War Chess
"Warhammer 40000 - Space Marine_is1" = Warhammer 40000 - Space Marine
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"GoToMeeting" = GoToMeeting 5.4.0.1060
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/8/2012 11:43:39 AM | Computer Name = WayneAdams-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9017
Error - 9/8/2012 11:43:39 AM | Computer Name = WayneAdams-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9017
Error - 9/8/2012 11:43:40 AM | Computer Name = WayneAdams-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 9/8/2012 11:43:40 AM | Computer Name = WayneAdams-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10015
Error - 9/8/2012 11:43:40 AM | Computer Name = WayneAdams-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10015
Error - 9/8/2012 11:43:41 AM | Computer Name = WayneAdams-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 9/8/2012 11:43:41 AM | Computer Name = WayneAdams-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11014
Error - 9/8/2012 11:43:41 AM | Computer Name = WayneAdams-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11014
Error - 9/8/2012 3:04:44 PM | Computer Name = WayneAdams-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 9/8/2012 3:15:45 PM | Computer Name = WayneAdams-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 9/8/2012 6:08:07 PM | Computer Name = WayneAdams-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
ConvertStringSidToSid(S-1-5-21-4170311062-3784861015-3588855755-1008.bak). hr
= 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event
Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow
Copy Optimization Writer Writer Instance ID: {c81cc5c6-70d2-4f00-9647-2666dfaaab71}
[ Media Center Events ]
Error - 8/6/2012 3:47:35 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 3:47:32 AM - Error connecting to the internet. 3:47:32 AM - Unable
to contact server..
Error - 8/6/2012 4:47:44 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 4:47:42 AM - Error connecting to the internet. 4:47:42 AM - Unable
to contact server..
Error - 8/6/2012 5:47:52 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 5:47:50 AM - Error connecting to the internet. 5:47:50 AM - Unable
to contact server..
Error - 8/6/2012 6:47:58 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 6:47:58 AM - Error connecting to the internet. 6:47:58 AM - Unable
to contact server..
Error - 8/6/2012 6:48:05 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 6:48:03 AM - Error connecting to the internet. 6:48:03 AM - Unable
to contact server..
Error - 8/11/2012 6:08:08 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 6:08:08 AM - Error connecting to the internet. 6:08:08 AM - Unable
to contact server..
Error - 8/11/2012 6:08:22 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 6:08:13 AM - Error connecting to the internet. 6:08:13 AM - Unable
to contact server..
Error - 8/15/2012 6:04:14 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 6:04:10 AM - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)
Error - 2/2/2013 6:51:37 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 5:51:37 AM - Error connecting to the internet. 5:51:37 AM - Unable
to contact server..
Error - 2/2/2013 6:51:49 AM | Computer Name = WayneAdams-PC | Source = MCUpdate | ID = 0
Description = 5:51:42 AM - Error connecting to the internet. 5:51:42 AM - Unable
to contact server..
[ System Events ]
Error - 2/3/2013 1:55:08 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 2/3/2013 2:22:10 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 2/3/2013 3:22:10 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 2/3/2013 4:22:10 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 2/3/2013 5:22:10 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 2/3/2013 6:22:10 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 2/3/2013 7:22:10 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 2/3/2013 8:22:10 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 2/3/2013 9:22:10 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 2/3/2013 10:22:10 AM | Computer Name = WayneAdams-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
< End of report >
OTL logfile created on: 3/19/2013 6:00:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WayneAdams\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 4.81 Gb Available Physical Memory | 60.25% Memory free
15.96 Gb Paging File | 12.48 Gb Available in Paging File | 78.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 582.19 Gb Free Space | 62.51% Space Free | Partition Type: NTFS
Computer Name: WAYNEADAMS-PC | User Name: WayneAdams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\WayneAdams\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\RegCure\RegCure.exe ()
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\RegCure\RegCure.exe ()
MOD - C:\Program Files (x86)\RegCure\zlibwapi.dll ()
MOD - C:\Program Files (x86)\RegCure\AutoUpdate.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PuranDefrag) -- C:\Windows\SysNative\PuranDefragS.exe (Puran Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaibVdAd64) -- C:\Windows\SysNative\drivers\SaibVdAd64.sys (Sonic Solutions)
DRV:64bit: - (Sahdad64) -- C:\Windows\SysNative\drivers\Sahdad64.sys (Sonic Solutions)
DRV:64bit: - (Saibad64) -- C:\Windows\SysNative\drivers\Saibad64.sys (Sonic Solutions)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-tyc9
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {D0073D66-AF66-4945-B4B4-9345E6AAD67A}
IE - HKCU\..\SearchScopes\{D0073D66-AF66-4945-B4B4-9345E6AAD67A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\WayneAdams\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/17 19:30:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/02/20 21:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Extensions
[2013/03/09 19:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\1iwghh1z.default\extensions
[2013/03/08 19:57:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\1iwghh1z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/03/04 00:56:54 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\1iwghh1z.default\extensions\[email protected]
[2013/02/23 18:21:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\WayneAdams\AppData\Roaming\Mozilla\Firefox\Profiles\1iwghh1z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/15 17:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/17 19:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/03/17 19:30:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/14 23:15:05 | 000,446,051 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15317 more lines...
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [HP Photosmart 5520 series (NET)] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WinThemePack Logon] C:\Program Files (x86)\WinThemePack\World Of WarCraft Logon Screen\tweak.exe (WinThemePack.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C27EF250-A2EE-4DB1-AC09-15DAF292E389}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/11 19:17:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a2a3569d-7b69-11e2-97b8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a2a3569d-7b69-11e2-97b8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\VZW_Software_upgrade_assistant_installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/19 17:58:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\WayneAdams\Desktop\OTL.exe
[2013/03/19 14:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/03/19 14:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/03/19 13:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/03/18 22:39:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/18 15:42:11 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013/03/18 15:42:11 | 000,095,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013/03/18 15:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/03/18 15:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/03/18 15:38:09 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Dropbox
[2013/03/18 15:34:36 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Dropbox
[2013/03/18 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Desktop\samsung appt
[2013/03/17 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\StarCraft II
[2013/03/17 19:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2013/03/17 19:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2013/03/17 19:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/03/17 19:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/03/17 17:53:59 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\{900E1508-395D-46EF-A28F-C6809B858857}
[2013/03/17 17:53:59 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\{7CD17FAE-0DC0-4D61-AEC2-F9ED8E0A9819}
[2013/03/17 12:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio 2010
[2013/03/17 08:49:18 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Unity
[2013/03/16 17:11:30 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
[2013/03/16 17:05:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/03/16 16:44:40 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT
[2013/03/16 16:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT
[2013/03/16 16:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OCCTPT
[2013/03/15 23:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2013/03/15 23:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure
[2013/03/15 23:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCure
[2013/03/15 22:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/03/15 17:46:19 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Macromedia
[2013/03/15 17:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/15 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/03/15 15:49:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013/03/15 12:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI
[2013/03/15 12:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformers Windows Theme
[2013/03/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/03/15 11:33:23 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\SkyDrive
[2013/03/15 11:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/03/14 22:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/03/14 22:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/03/14 20:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/14 20:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/14 17:18:47 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\GlarySoft
[2013/03/13 21:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/03/13 21:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/03/13 21:18:29 | 000,000,000 | ---D | C] -- C:\Upload
[2013/03/13 21:17:54 | 000,000,000 | ---D | C] -- C:\AllShare Play
[2013/03/13 17:31:52 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\{DD4E68DA-DBCD-4C1F-B85E-FF8A7BEBE383}
[2013/03/13 16:54:42 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/03/13 16:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013/03/13 16:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2013/03/13 15:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut
[2013/03/13 14:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2013/03/13 14:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2013/03/13 00:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 00:45:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/12 06:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/03/12 06:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/11 13:45:57 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013/03/08 19:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/07 21:59:14 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/03/07 17:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/03/07 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/03/07 16:49:11 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/07 16:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/07 15:55:47 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Verizon statements
[2013/03/07 10:21:33 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\SKIDROW
[2013/03/07 08:36:09 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Microsoft Help
[2013/03/07 04:07:32 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\PCFix
[2013/03/07 04:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFix
[2013/03/07 04:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix 2011 Registry Cleaner
[2013/03/07 03:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2013/03/07 03:25:06 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\DriverCure
[2013/03/07 02:37:33 | 000,000,000 | ---D | C] -- C:\Encryption
[2013/03/06 11:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\God Of War Windows Theme
[2013/03/06 11:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World Of WarCraft Logon Screen
[2013/03/06 11:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Forms Windows Theme
[2013/03/06 11:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinThemePack
[2013/03/06 11:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alien Form Logon Screen
[2013/03/05 17:06:33 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Supreme Savings
[2013/03/05 10:26:04 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Flight Simulator Files
[2013/03/05 03:58:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/03/05 03:57:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/04 16:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XP Repair Pro 4.0
[2013/03/04 15:16:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/04 09:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/03/04 00:06:00 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Fire Arm pdfs
[2013/03/03 23:07:05 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/03/03 23:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/03/03 21:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2013/03/03 21:21:58 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Apple Computer
[2013/03/03 20:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/03/03 20:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/03/03 20:48:08 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\VS Revo Group
[2013/03/03 20:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/03/03 20:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/03/03 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\PC VITALWARE
[2013/03/03 18:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC VITALWARE
[2013/03/03 16:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/03 16:01:09 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/03 16:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/02 22:55:56 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\IsolatedStorage
[2013/03/01 07:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ballance
[2013/03/01 07:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2013/02/28 20:37:29 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Open Download Manager
[2013/02/28 18:07:52 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Ant.com
[2013/02/28 17:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/02/28 14:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GroupPolicy
[2013/02/28 12:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/02/28 12:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/02/28 12:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/02/28 10:40:08 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\SeriousBit
[2013/02/28 04:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zuxxez
[2013/02/28 04:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zuxxez
[2013/02/28 04:18:45 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\PowerISO
[2013/02/28 04:17:19 | 000,127,384 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2013/02/28 04:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2013/02/28 03:42:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/28 02:52:00 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\FedEx_files
[2013/02/27 19:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2013/02/27 19:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2013/02/27 03:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CinemaNow
[2013/02/27 03:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildGames
[2013/02/27 03:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2013/02/27 03:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildGames
[2013/02/27 03:03:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/02/27 03:03:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/02/27 01:06:29 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Google
[2013/02/27 01:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/02/27 01:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/02/27 01:03:02 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/02/26 20:06:04 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Diablo III
[2013/02/26 01:05:45 | 000,000,000 | -H-D | C] -- C:\Windows\Icons
[2013/02/25 20:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013/02/25 20:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013/02/25 08:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2013/02/25 08:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2013/02/25 08:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/02/25 01:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/02/25 00:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND64
[2013/02/25 00:39:53 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/02/24 21:47:16 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Desktop\Games
[2013/02/24 21:23:55 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Desktop\Internet
[2013/02/24 18:13:09 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Diagnostics
[2013/02/24 15:43:15 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\VMware
[2013/02/24 14:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013/02/24 14:38:53 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/02/24 14:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/02/24 14:33:42 | 000,011,832 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\acpimof.dll
[2013/02/24 14:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2013/02/24 14:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2013/02/24 14:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/02/24 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/02/24 13:53:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013/02/24 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Outlook Files
[2013/02/24 13:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Processor ID Utility
[2013/02/24 13:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Corporation
[2013/02/24 13:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Utilities
[2013/02/24 13:24:24 | 001,367,424 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranFD.exe
[2013/02/24 13:24:24 | 000,292,736 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragS.exe
[2013/02/24 13:24:24 | 000,287,616 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDC.exe
[2013/02/24 13:24:24 | 000,256,896 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefrag.dll
[2013/02/24 13:24:24 | 000,132,480 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
[2013/02/24 13:16:39 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\FullTiltPoker
[2013/02/24 12:50:56 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Macrovision
[2013/02/24 12:50:27 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Sonic_Solutions
[2013/02/23 23:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/02/23 21:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/02/23 00:36:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/02/23 00:36:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/02/22 22:31:27 | 000,025,472 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/02/22 22:22:03 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\AVG
[2013/02/22 22:21:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/02/22 22:16:03 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\VirtualStore
[2013/02/22 21:44:46 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/02/22 16:05:11 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\RPPrivate
[2013/02/22 14:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/02/22 14:38:28 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\WinRAR
[2013/02/22 14:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/02/22 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Desktop\Security
[2013/02/22 14:18:45 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\mbar-1.01.0.1020[1]
[2013/02/22 07:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecs for Windows 7 Pack
[2013/02/22 07:59:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2013/02/22 01:23:13 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/02/22 01:19:43 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/02/22 01:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/02/22 00:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2013/02/21 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\FreeFixer
[2013/02/21 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\FreeFixer
[2013/02/21 23:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2013/02/21 23:07:42 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Media Player Classic
[2013/02/21 22:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/02/21 16:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM Links
[2013/02/21 16:37:27 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\MPlayer
[2013/02/21 16:19:23 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/21 16:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/21 11:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2013/02/21 11:24:03 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\RegRun2
[2013/02/21 11:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2013/02/21 11:02:37 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Habitat
[2013/02/21 04:00:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/02/21 02:55:19 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/02/21 02:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/02/21 02:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/21 02:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/02/21 02:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/21 02:46:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/02/21 02:35:47 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Roxio
[2013/02/21 01:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/02/21 01:30:33 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\PokerStars.NET
[2013/02/20 23:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/20 23:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/02/20 23:56:38 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Apple
[2013/02/20 23:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/02/20 23:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/02/20 23:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/02/20 23:48:19 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Skype
[2013/02/20 23:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/20 23:48:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/20 23:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/20 23:38:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/02/20 23:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/02/20 23:33:55 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Windows Live
[2013/02/20 23:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/02/20 23:15:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Backups
[2013/02/20 23:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/02/20 23:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/02/20 23:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/02/20 23:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/02/20 22:25:48 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\My Games
[2013/02/20 22:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2013/02/20 22:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CinemaNow
[2013/02/20 22:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CinemaNow
[2013/02/20 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Simple Star
[2013/02/20 22:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoShow Shared Assets
[2013/02/20 22:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2013/02/20 22:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013/02/20 22:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2013/02/20 22:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2013/02/20 22:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/02/20 22:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2013/02/20 22:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/02/20 22:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2013/02/20 22:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013/02/20 22:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2013/02/20 22:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2013/02/20 22:03:02 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Roxio Log Files
[2013/02/20 21:48:47 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Mozilla
[2013/02/20 21:48:47 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Mozilla
[2013/02/20 21:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/02/20 21:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/02/20 21:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/02/20 21:34:17 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\NVIDIA
[2013/02/20 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Adobe
[2013/02/20 20:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/02/20 20:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/02/20 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\HpUpdate
[2013/02/20 20:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/02/20 20:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/02/20 20:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/02/20 20:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/02/20 20:31:02 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\HP
[2013/02/20 20:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/02/20 19:18:16 | 000,000,000 | ---D | C] -- C:\Windows\w7sba
[2013/02/20 16:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/20 16:43:23 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Desktop\Media Players
[2013/02/20 12:34:01 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/20 12:29:33 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\MFAData
[2013/02/20 12:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/02/20 12:28:10 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Apple Computer
[2013/02/20 12:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/02/20 12:14:38 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Documents\Vuze Downloads
[2013/02/20 11:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/02/20 11:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/02/20 11:45:53 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Yahoo!
[2013/02/20 11:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/02/20 11:42:07 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\ElevatedDiagnostics
[2013/02/20 11:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/02/20 11:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2013/02/20 11:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013/02/20 10:28:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/02/20 10:26:27 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/02/20 09:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/02/20 09:22:05 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\.swt
[2013/02/20 09:20:49 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Azureus
[2013/02/20 09:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2013/02/20 09:05:36 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\vlc
[2013/02/20 09:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/02/20 09:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/02/20 09:02:52 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Programs
[2013/02/20 09:00:22 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\.smtube
[2013/02/20 09:00:01 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\fontconfig
[2013/02/20 08:58:46 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\.smplayer
[2013/02/20 08:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
[2013/02/20 08:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SMPlayer
[2013/02/20 08:58:24 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\OpenCandy
[2013/02/20 08:51:17 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2013/02/20 08:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2013/02/20 08:45:33 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Malwarebytes
[2013/02/20 08:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/20 08:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2013/02/20 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Microsoft Games
[2013/02/20 08:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/02/20 07:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/02/20 07:49:43 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/02/20 07:49:43 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/02/20 07:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/02/20 07:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/02/20 07:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/02/20 07:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/02/20 07:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/02/20 07:47:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/02/20 07:44:49 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Macromedia
[2013/02/20 07:44:47 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Adobe
[2013/02/20 07:44:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/02/20 07:44:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/02/20 07:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/02/20 07:37:15 | 000,900,608 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2013/02/20 07:35:19 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/20 07:35:19 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Searches
[2013/02/20 07:35:19 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/02/20 07:35:18 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/02/20 07:35:07 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Identities
[2013/02/20 07:35:05 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Contacts
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\AppData\Local\Temporary Internet Files
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\Templates
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\Start Menu
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\SendTo
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\Recent
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\PrintHood
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\NetHood
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\Documents\My Videos
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\Documents\My Pictures
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\Documents\My Music
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\My Documents
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\Local Settings
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\AppData\Local\History
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\Cookies
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\Application Data
[2013/02/20 07:34:50 | 000,000,000 | -HSD | C] -- C:\Users\WayneAdams\AppData\Local\Application Data
[2013/02/20 07:34:49 | 000,000,000 | --SD | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Videos
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Saved Games
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Pictures
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Music
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Links
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Favorites
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Downloads
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Documents
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\Desktop
[2013/02/20 07:34:49 | 000,000,000 | R--D | C] -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/02/20 07:34:49 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Temp
[2013/02/20 07:34:49 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Local\Microsoft
[2013/02/20 07:34:49 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData\Roaming\Media Center Programs
[2013/02/20 07:34:49 | 000,000,000 | ---D | C] -- C:\Users\WayneAdams\AppData
[2013/02/20 07:34:41 | 000,000,000 | -HSD | C] -- C:\Recovery
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/19 17:58:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WayneAdams\Desktop\OTL.exe
[2013/03/19 17:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/19 17:00:00 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2013/03/19 15:24:09 | 000,019,968 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 15:24:09 | 000,019,968 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 15:15:12 | 000,888,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/19 15:15:12 | 000,740,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/19 15:15:12 | 000,148,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/19 15:09:29 | 000,001,946 | ---- | M] () -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk
[2013/03/19 15:08:49 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/03/19 15:08:49 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2013/03/19 15:08:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/19 15:08:19 | 2132,991,999 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 14:37:46 | 000,000,263 | ---- | M] () -- C:\Users\WayneAdams\Desktop\After the First 48- Friends for Life Full Episode - The First 48 - A&E.url
[2013/03/19 05:08:05 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\PCFix.job
[2013/03/18 18:33:45 | 000,000,180 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Watch Big Fish Online Free - Crackle.url
[2013/03/18 18:32:13 | 000,000,238 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Root Verizon Samsung Galaxy S3 I535 Install Clockworkmod Recovery (2).url
[2013/03/18 17:07:13 | 000,000,238 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Root Verizon Samsung Galaxy S3 I535 Install Clockworkmod Recovery.url
[2013/03/18 16:24:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/03/17 20:00:00 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2013/03/17 19:42:17 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013/03/17 19:30:56 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/17 18:32:29 | 000,001,975 | ---- | M] () -- C:\Users\WayneAdams\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/17 13:50:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}.ini
[2013/03/16 16:44:43 | 000,000,981 | ---- | M] () -- C:\Users\WayneAdams\Desktop\OCCT.lnk
[2013/03/16 15:51:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\attrib
[2013/03/16 15:48:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\type
[2013/03/16 14:54:28 | 000,409,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/16 14:30:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\]
[2013/03/16 13:44:51 | 000,000,091 | ---- | M] () -- C:\Windows\WININIT.INI
[2013/03/16 05:30:06 | 000,003,584 | ---- | M] () -- C:\Users\WayneAdams\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/16 00:17:50 | 000,000,168 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Google.url
[2013/03/15 23:59:12 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2013/03/15 17:26:35 | 000,007,600 | ---- | M] () -- C:\Users\WayneAdams\AppData\Local\Resmon.ResmonCfg
[2013/03/15 16:16:10 | 000,002,001 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Skype.lnk
[2013/03/15 15:48:10 | 000,882,544 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/15 12:50:16 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Live Update 5.lnk
[2013/03/15 12:46:01 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Apply Transformers Windows Theme.lnk
[2013/03/14 23:52:20 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/03/14 23:15:05 | 000,446,051 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/14 22:52:22 | 000,001,296 | ---- | M] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/03/14 22:52:22 | 000,001,272 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Spybot - Search & Destroy.lnk
[2013/03/14 20:59:10 | 000,056,738 | ---- | M] () -- C:\Users\WayneAdams\Documents\cc_20130314_205832.reg backup 03.14.13.reg
[2013/03/14 20:51:34 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/14 06:53:45 | 008,246,053 | ---- | M] () -- C:\Users\WayneAdams\Documents\C_Spire_Wireless_L710_Galaxy_S_III_English_User_Manual_LI6_F5.pdf
[2013/03/13 23:20:51 | 000,000,246 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Memory Lane Shopping Cart.url
[2013/03/13 16:53:01 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/03/13 14:22:19 | 000,001,026 | ---- | M] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013/03/12 06:56:01 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/12 00:12:36 | 000,128,201 | ---- | M] () -- C:\Users\WayneAdams\Desktop\GetSystemInfo_WAYNEADAMS-PC_WayneAdams_2013_03_12_00_12_21.zip
[2013/03/07 21:11:40 | 000,000,189 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Get rid of Babylon from your system - Process to delete Babylon infection Clean Spyware.url
[2013/03/07 07:27:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/03/07 03:39:05 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013/03/05 20:19:58 | 000,000,212 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Apps Safe to Remove on Samsung Galaxy S3 (Sprint Version, Stock Rooted) - xda-developers.url
[2013/03/03 23:58:15 | 000,000,016 | ---- | M] () -- C:\Users\WayneAdams\AppData\Roaming\mbam.context.scan
[2013/03/03 23:27:20 | 000,001,111 | ---- | M] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/03/03 22:22:43 | 000,000,530 | ---- | M] () -- C:\Users\WayneAdams\Documents\Revo Uninstaller Pro 2.5.5 Complete License + Updates Allowed - BRiNGiT torrent - Windows - Other torrents - Software torrents - ExtraTorrent.com The World's Largest BitTorrent System.url
[2013/03/02 00:23:57 | 000,015,422 | ---- | M] () -- C:\Users\WayneAdams\Documents\MyContacts (1).csv.rtf
[2013/02/28 23:56:46 | 000,000,254 | ---- | M] () -- C:\Users\WayneAdams\Documents\Re-registering windows 64bit DLL's - Yahoo! Search Results.url
[2013/02/28 02:52:01 | 000,005,381 | ---- | M] () -- C:\Users\WayneAdams\Documents\FedEx.htm
[2013/02/28 01:56:56 | 000,001,451 | ---- | M] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/28 00:15:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/02/28 00:15:44 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/02/27 23:43:06 | 000,001,112 | ---- | M] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/02/27 19:16:20 | 000,001,385 | ---- | M] () -- C:\Users\WayneAdams\Desktop\Logitech Webcam 200 - Shortcut.lnk
[2013/02/27 03:38:10 | 000,001,749 | ---- | M] () -- C:\Users\WayneAdams\Documents\CinemaNow.lnk
[2013/02/27 02:54:26 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/02/27 02:02:47 | 051,655,718 | ---- | M] () -- C:\Users\WayneAdams\Documents\WoW-BradyGAMES-enUS-Guide.pdf
[2013/02/24 18:58:56 | 000,000,277 | ---- | M] () -- C:\Users\WayneAdams\Documents\error_sxs_assembly_missing(0x80073701) - Google Search.url
[2013/02/24 13:17:22 | 000,001,095 | ---- | M] () -- C:\Users\WayneAdams\Desktop\FullTiltPoker.exe - Shortcut.lnk
[2013/02/24 11:17:47 | 000,053,425 | ---- | M] () -- C:\Users\WayneAdams\Documents\Equifax_FACT_Rpt_02242013.pdf
[2013/02/24 11:11:59 | 000,226,336 | ---- | M] () -- C:\Users\WayneAdams\Documents\credit report.PNG
[2013/02/23 21:04:07 | 000,473,172 | ---- | M] () -- C:\Users\WayneAdams\Documents\warcraft orders.PNG
[2013/02/22 22:43:07 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/02/22 22:42:26 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/22 20:51:54 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\bassmod.dll
[2013/02/22 13:41:54 | 000,064,652 | ---- | M] () -- C:\Users\WayneAdams\Documents\phone order.PNG
[2013/02/22 13:37:18 | 000,085,722 | ---- | M] () -- C:\Users\WayneAdams\Documents\Order Confirmation.htm
[2013/02/22 01:21:36 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-WAYNEADAMS-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2013/02/20 23:13:22 | 000,000,567 | ---- | M] () -- C:\Windows\SysNative\Settings.ini
[2013/02/20 20:35:21 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/02/20 20:34:30 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5520 series.lnk
[2013/02/20 20:34:30 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5520 series.lnk
[2013/02/20 12:33:19 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/20 10:32:00 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/02/20 10:32:00 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/02/20 09:20:56 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/19 14:37:46 | 000,000,263 | ---- | C] () -- C:\Users\WayneAdams\Desktop\After the First 48- Friends for Life Full Episode - The First 48 - A&E.url
[2013/03/18 18:33:45 | 000,000,180 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Watch Big Fish Online Free - Crackle.url
[2013/03/18 18:32:13 | 000,000,238 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Root Verizon Samsung Galaxy S3 I535 Install Clockworkmod Recovery (2).url
[2013/03/18 17:07:13 | 000,000,238 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Root Verizon Samsung Galaxy S3 I535 Install Clockworkmod Recovery.url
[2013/03/18 16:24:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/03/17 19:42:12 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013/03/17 19:30:56 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/17 13:50:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}.ini
[2013/03/16 16:44:43 | 000,000,981 | ---- | C] () -- C:\Users\WayneAdams\Desktop\OCCT.lnk
[2013/03/16 15:50:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\attrib
[2013/03/16 15:48:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\type
[2013/03/16 14:30:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\]
[2013/03/16 13:44:44 | 000,000,091 | ---- | C] () -- C:\Windows\WININIT.INI
[2013/03/16 05:30:06 | 000,003,584 | ---- | C] () -- C:\Users\WayneAdams\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/16 00:22:57 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\RegCure Startup.job
[2013/03/16 00:17:50 | 000,000,168 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Google.url
[2013/03/16 00:00:03 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2013/03/16 00:00:02 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2013/03/15 23:59:12 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2013/03/15 17:26:35 | 000,007,600 | ---- | C] () -- C:\Users\WayneAdams\AppData\Local\Resmon.ResmonCfg
[2013/03/15 16:16:10 | 000,002,001 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Skype.lnk
[2013/03/15 12:50:16 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Live Update 5.lnk
[2013/03/15 12:46:01 | 000,002,290 | ---- | C] () -- C:\Users\Public\Desktop\Apply Transformers Windows Theme.lnk
[2013/03/15 08:56:17 | 000,001,946 | ---- | C] () -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk
[2013/03/15 08:39:35 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 5520 series.lnk
[2013/03/15 08:39:35 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/03/15 08:39:35 | 000,001,190 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5520 series.lnk
[2013/03/14 23:52:20 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/14 22:52:22 | 000,001,296 | ---- | C] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/03/14 22:52:22 | 000,001,272 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Spybot - Search & Destroy.lnk
[2013/03/14 20:59:07 | 000,056,738 | ---- | C] () -- C:\Users\WayneAdams\Documents\cc_20130314_205832.reg backup 03.14.13.reg
[2013/03/14 20:51:34 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/14 06:53:45 | 008,246,053 | ---- | C] () -- C:\Users\WayneAdams\Documents\C_Spire_Wireless_L710_Galaxy_S_III_English_User_Manual_LI6_F5.pdf
[2013/03/13 23:20:51 | 000,000,246 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Memory Lane Shopping Cart.url
[2013/03/13 16:54:42 | 000,001,975 | ---- | C] () -- C:\Users\WayneAdams\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/13 16:53:01 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/03/13 16:10:54 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013/03/13 14:22:19 | 000,001,026 | ---- | C] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013/03/12 06:56:01 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/12 06:55:54 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/12 00:12:36 | 000,128,201 | ---- | C] () -- C:\Users\WayneAdams\Desktop\GetSystemInfo_WAYNEADAMS-PC_WayneAdams_2013_03_12_00_12_21.zip
[2013/03/07 21:11:40 | 000,000,189 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Get rid of Babylon from your system - Process to delete Babylon infection Clean Spyware.url
[2013/03/07 04:20:35 | 000,000,254 | ---- | C] () -- C:\Windows\tasks\PCFix.job
[2013/03/05 20:19:58 | 000,000,212 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Apps Safe to Remove on Samsung Galaxy S3 (Sprint Version, Stock Rooted) - xda-developers.url
[2013/03/03 23:58:15 | 000,000,016 | ---- | C] () -- C:\Users\WayneAdams\AppData\Roaming\mbam.context.scan
[2013/03/03 23:07:06 | 000,001,111 | ---- | C] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/03/03 22:22:43 | 000,000,530 | ---- | C] () -- C:\Users\WayneAdams\Documents\Revo Uninstaller Pro 2.5.5 Complete License + Updates Allowed - BRiNGiT torrent - Windows - Other torrents - Software torrents - ExtraTorrent.com The World's Largest BitTorrent System.url
[2013/03/03 20:55:05 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/03/03 08:36:57 | 2132,991,999 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/02 00:23:57 | 000,015,422 | ---- | C] () -- C:\Users\WayneAdams\Documents\MyContacts (1).csv.rtf
[2013/02/28 23:56:46 | 000,000,254 | ---- | C] () -- C:\Users\WayneAdams\Documents\Re-registering windows 64bit DLL's - Yahoo! Search Results.url
[2013/02/28 12:30:29 | 000,001,468 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/02/28 04:17:20 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013/02/28 02:51:59 | 000,005,381 | ---- | C] () -- C:\Users\WayneAdams\Documents\FedEx.htm
[2013/02/28 00:15:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/02/28 00:15:44 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/02/27 19:16:20 | 000,001,385 | ---- | C] () -- C:\Users\WayneAdams\Desktop\Logitech Webcam 200 - Shortcut.lnk
[2013/02/27 19:13:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/02/27 02:02:46 | 051,655,718 | ---- | C] () -- C:\Users\WayneAdams\Documents\WoW-BradyGAMES-enUS-Guide.pdf
[2013/02/24 18:58:56 | 000,000,277 | ---- | C] () -- C:\Users\WayneAdams\Documents\error_sxs_assembly_missing(0x80073701) - Google Search.url
[2013/02/24 13:17:22 | 000,001,095 | ---- | C] () -- C:\Users\WayneAdams\Desktop\FullTiltPoker.exe - Shortcut.lnk
[2013/02/24 11:17:44 | 000,053,425 | ---- | C] () -- C:\Users\WayneAdams\Documents\Equifax_FACT_Rpt_02242013.pdf
[2013/02/24 11:11:59 | 000,226,336 | ---- | C] () -- C:\Users\WayneAdams\Documents\credit report.PNG
[2013/02/23 21:04:07 | 000,473,172 | ---- | C] () -- C:\Users\WayneAdams\Documents\warcraft orders.PNG
[2013/02/22 22:43:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/02/22 22:42:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/22 20:51:54 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2013/02/22 13:41:54 | 000,064,652 | ---- | C] () -- C:\Users\WayneAdams\Documents\phone order.PNG
[2013/02/22 13:37:18 | 000,085,722 | ---- | C] () -- C:\Users\WayneAdams\Documents\Order Confirmation.htm
[2013/02/22 01:26:02 | 000,882,544 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/22 01:21:36 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-WAYNEADAMS-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2013/02/20 23:13:22 | 000,000,567 | ---- | C] () -- C:\Windows\SysNative\Settings.ini
[2013/02/20 22:14:00 | 000,001,749 | ---- | C] () -- C:\Users\WayneAdams\Documents\CinemaNow.lnk
[2013/02/20 21:48:44 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/20 20:35:21 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/02/20 07:53:53 | 003,035,306 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/02/20 07:44:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/20 07:40:46 | 000,001,451 | ---- | C] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/20 07:35:25 | 000,001,423 | ---- | C] () -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/02/20 07:35:20 | 000,001,457 | ---- | C] () -- C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/02/20 07:34:50 | 000,001,112 | ---- | C] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/02/20 07:34:50 | 000,000,272 | ---- | C] () -- C:\Users\WayneAdams\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/26 17:10:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2012/08/20 23:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012/08/20 23:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/08/20 23:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012/08/20 23:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2012/08/20 23:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2012/08/20 23:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2012/08/20 23:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2012/08/20 23:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2012/08/20 23:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2012/08/20 23:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2012/07/19 14:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/07/19 14:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2012/07/19 14:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2012/07/19 14:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/07/19 14:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/07/19 14:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2012/07/19 14:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/05/30 09:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 03:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
========== ZeroAccess Check ==========
[2013/03/13 00:37:11 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/23 15:03:11 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/23 15:03:12 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/02 23:26:56 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Ant.com
[2013/03/04 09:05:02 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\AVG
[2013/03/19 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Azureus
[2013/03/07 03:25:06 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\DriverCure
[2013/03/19 16:20:36 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Dropbox
[2013/02/22 00:03:14 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\FreeFixer
[2013/03/14 17:18:47 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\GlarySoft
[2013/02/28 20:37:29 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Open Download Manager
[2013/03/05 06:27:15 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\OpenCandy
[2013/03/03 18:02:10 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\PC VITALWARE
[2013/03/07 04:08:59 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\PCFix
[2013/03/03 11:27:12 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\PowerISO
[2013/03/06 16:38:01 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\RPPrivate
[2013/03/03 11:27:13 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\SeriousBit
[2013/02/20 22:12:46 | 000,000,000 | ---D | M] -- C:\Users\WayneAdams\AppData\Roaming\Simple Star
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >
Edited by Dakeyras, 20 March 2013 - 08:00 AM.
Added new OTL log.