Gotcha. OTL And Extras first. The extra registry was checked to safe list but I didn't notice it before starting the scan. Limited time to do another.
OTL logfile created on: 2013-02-21 12:45:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lebels\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
5.92 Gb Total Physical Memory | 4.63 Gb Available Physical Memory | 78.29% Memory free
6.85 Gb Paging File | 5.14 Gb Available in Paging File | 75.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.70 Gb Total Space | 854.88 Gb Free Space | 93.66% Space Free | Partition Type: NTFS
Computer Name: LEBEL | User Name: Lebels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013-02-21 12:44:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lebels\Downloads\OTL.exe
PRC - [2012-11-25 14:21:01 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe
PRC - [2012-11-25 14:21:01 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
PRC - [2012-11-16 05:52:51 | 000,173,344 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
PRC - [2012-11-07 04:08:39 | 001,037,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
PRC - [2012-09-23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-09-20 16:48:43 | 001,193,176 | ---- | M] () -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-08-23 22:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
PRC - [2012-08-13 23:00:00 | 000,152,424 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
PRC - [2012-08-13 23:00:00 | 000,022,376 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2012-08-06 18:04:40 | 000,524,944 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2012-08-01 01:08:36 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
PRC - [2012-07-17 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012-07-17 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-07-04 11:57:44 | 000,990,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2012-06-19 15:10:52 | 000,177,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrlS.exe
PRC - [2012-06-15 11:16:08 | 000,202,016 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
PRC - [2012-04-04 17:00:28 | 000,108,032 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\WebProxy.exe
PRC - [2011-11-25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011-04-13 11:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
PRC - [2011-03-07 14:27:06 | 000,225,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
PRC - [2010-08-16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\psksvc.exe
PRC - [2008-06-19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
PRC - [2008-02-04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe
========== Modules (No Company Name) ========== MOD - [2012-09-20 16:48:43 | 001,193,176 | ---- | M] () -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012-05-28 10:49:28 | 000,855,328 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PLATCTRL.bpl
MOD - [2012-05-14 11:26:04 | 000,187,904 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdmdm.dll
MOD - [2012-05-14 11:25:36 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
MOD - [2007-02-14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\MiniCrypto.dll
MOD - [2004-05-19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\LIBXML2.DLL
========== Services (SafeList) ========== SRV:
64bit: - [2013-01-09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:
64bit: - [2013-01-09 17:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:
64bit: - [2013-01-09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:
64bit: - [2012-12-05 22:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:
64bit: - [2012-12-05 22:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:
64bit: - [2012-11-05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:
64bit: - [2012-11-05 22:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:
64bit: - [2012-09-20 03:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:
64bit: - [2012-09-20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:
64bit: - [2012-09-20 00:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:
64bit: - [2012-08-22 21:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:
64bit: - [2012-07-25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:
64bit: - [2012-07-25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:
64bit: - [2012-07-25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:
64bit: - [2012-07-25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:
64bit: - [2012-07-25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:
64bit: - [2012-07-25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:
64bit: - [2012-07-25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:
64bit: - [2012-07-25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:
64bit: - [2012-07-25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:
64bit: - [2012-07-25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:
64bit: - [2012-07-25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:
64bit: - [2012-07-25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:
64bit: - [2012-07-25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:
64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:
64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:
64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:
64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:
64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:
64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:
64bit: - [2012-04-20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012-11-25 14:21:01 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe -- (TotalRecipeSearch_14Service)
SRV - [2012-11-16 05:52:51 | 000,173,344 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe -- (TPSrv)
SRV - [2012-11-05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-09-23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-08-30 11:01:12 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-08-23 22:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2012-08-13 23:00:00 | 000,022,376 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2012-08-01 01:08:36 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012-07-25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-07-17 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-07-17 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-07-13 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012-06-19 15:10:52 | 000,177,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2012-06-15 11:16:08 | 000,202,016 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2011-11-25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011-04-13 11:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe -- (PAVSRV)
SRV - [2010-08-16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\psksvc.exe -- (PskSvcRetail)
SRV - [2008-06-19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe -- (PSIMSVC)
SRV - [2008-02-04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2013-01-09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:
64bit: - [2013-01-09 19:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:
64bit: - [2012-11-26 21:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:
64bit: - [2012-11-26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:
64bit: - [2012-11-19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:
64bit: - [2012-11-06 01:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:
64bit: - [2012-11-06 01:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:
64bit: - [2012-11-05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:
64bit: - [2012-10-12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:
64bit: - [2012-10-11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:
64bit: - [2012-10-11 01:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:
64bit: - [2012-09-20 01:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:
64bit: - [2012-09-20 01:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:
64bit: - [2012-09-20 01:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:
64bit: - [2012-09-20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2012-09-20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2012-09-20 01:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:
64bit: - [2012-08-28 14:18:16 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2012-07-25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2012-07-25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:
64bit: - [2012-07-25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:
64bit: - [2012-07-25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:
64bit: - [2012-07-25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:
64bit: - [2012-07-25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:
64bit: - [2012-07-25 23:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:
64bit: - [2012-07-25 23:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:
64bit: - [2012-07-25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:
64bit: - [2012-07-25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2012-07-25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2012-07-25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:
64bit: - [2012-07-25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2012-07-25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:
64bit: - [2012-07-25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:
64bit: - [2012-07-25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2012-07-25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:
64bit: - [2012-07-25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2012-07-25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2012-07-25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:
64bit: - [2012-07-25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:
64bit: - [2012-07-25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:
64bit: - [2012-07-25 22:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:
64bit: - [2012-07-25 22:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:
64bit: - [2012-07-25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:
64bit: - [2012-07-25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:
64bit: - [2012-07-25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:
64bit: - [2012-07-25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:
64bit: - [2012-07-25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:
64bit: - [2012-07-25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:
64bit: - [2012-07-25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:
64bit: - [2012-07-25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:
64bit: - [2012-07-25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:
64bit: - [2012-07-25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:
64bit: - [2012-07-25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:
64bit: - [2012-07-25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:
64bit: - [2012-07-25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:
64bit: - [2012-07-25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:
64bit: - [2012-07-25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:
64bit: - [2012-07-25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:
64bit: - [2012-07-25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:
64bit: - [2012-07-25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2012-07-25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:
64bit: - [2012-07-25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:
64bit: - [2012-07-25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:
64bit: - [2012-07-25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:
64bit: - [2012-07-24 09:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:
64bit: - [2012-07-12 15:46:14 | 000,498,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\e1c63x64.sys -- (e1cexpress)
DRV:
64bit: - [2012-07-09 14:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:
64bit: - [2012-07-02 01:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:
64bit: - [2012-06-18 17:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:
64bit: - [2012-06-14 23:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:
64bit: - [2012-06-02 08:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:
64bit: - [2012-03-26 17:57:36 | 000,071,432 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\amm6460.sys -- (AmFSM)
DRV:
64bit: - [2010-06-22 17:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\pavboot64.sys -- (pavboot)
DRV:
64bit: - [2009-10-27 11:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\ShldFlt.sys -- (ShldFlt)
DRV:
64bit: - [2009-07-24 08:55:10 | 000,011,264 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV:
64bit: - [2006-09-03 00:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BrSerIf.sys -- (BrSerIf)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6B3B407F-1FB0-41FE-A80F-CD0E85421DBA}
IE:
64bit: - HKLM\..\SearchScopes\{6B3B407F-1FB0-41FE-A80F-CD0E85421DBA}: "URL" =
http://www.bing.com/...E10TR&pc=MAARJSIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6B3B407F-1FB0-41FE-A80F-CD0E85421DBA}
IE - HKLM\..\SearchScopes\{6B3B407F-1FB0-41FE-A80F-CD0E85421DBA}: "URL" =
http://www.bing.com/...E10TR&pc=MAARJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3697601651-4224588778-4085700216-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://acer13.msn.comIE - HKU\S-1-5-21-3697601651-4224588778-4085700216-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.facebook.com/IE - HKU\S-1-5-21-3697601651-4224588778-4085700216-1001\..\URLSearchHook: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - No CLSID value found
IE - HKU\S-1-5-21-3697601651-4224588778-4085700216-1001\..\SearchScopes,DefaultScope = {6B3B407F-1FB0-41FE-A80F-CD0E85421DBA}
IE - HKU\S-1-5-21-3697601651-4224588778-4085700216-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\14ffxtbr@TotalRecipeSearch_14.com: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin [2012-11-25 14:21:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\McAfee\MSK
O1 HOSTS File: ([2012-07-25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Toolbar BHO) - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (MindSpark)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Search Assistant BHO) - {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (TotalRecipeSearch) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [ConnectionManager] C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TotalRecipeSearch Search Scope Monitor] C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-21-3697601651-4224588778-4085700216-1001..\Run: [Spotify Web Helper] C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:
64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:
64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:
64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:
64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{953AE800-6E5A-4E63-AA6E-828486930398}: DhcpNameServer = 192.168.0.1
O18:
64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:
64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:
64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:
64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:
64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:
64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013-02-19 10:45:09 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013-02-19 10:45:09 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013-02-19 09:12:30 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013-02-19 09:12:29 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013-02-19 09:12:29 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013-02-19 09:12:27 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013-02-19 09:12:27 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013-02-19 09:12:27 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013-02-19 09:12:26 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013-02-19 09:12:26 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013-02-19 09:12:25 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013-02-19 09:12:25 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013-02-19 09:12:25 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013-02-19 09:12:24 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013-02-19 09:12:24 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013-02-19 09:12:24 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013-02-19 09:12:24 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013-02-19 09:12:24 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013-02-19 09:12:24 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013-02-19 09:12:24 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013-02-19 09:12:24 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013-02-19 09:12:24 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013-02-19 09:12:24 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013-02-19 09:12:24 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013-02-19 09:12:24 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013-02-19 09:12:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013-02-19 09:12:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013-02-19 09:12:24 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013-02-19 09:12:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013-02-19 09:12:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013-02-12 13:23:31 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-02-12 13:22:59 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-02-12 13:22:58 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013-02-12 13:22:58 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-02-12 13:22:58 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-02-12 13:22:58 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-02-12 13:22:58 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-02-12 13:22:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-02-12 13:22:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-02-12 13:22:58 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013-02-12 13:22:58 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-02-12 13:22:58 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013-02-12 13:22:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-01-24 08:38:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-01-24 08:38:41 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-01-24 08:38:40 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
========== Files - Modified Within 30 Days ========== [2013-02-21 08:51:59 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013-02-21 08:04:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-20 11:34:13 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-02-20 11:34:13 | 000,722,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-02-20 11:34:13 | 000,136,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-02-20 11:29:48 | 000,301,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-02-20 11:29:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-02-20 11:29:26 | 787,120,127 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-19 12:44:20 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013-02-13 14:27:41 | 000,249,636 | ---- | M] () -- C:\Users\Lebels\Documents\Diamond North Credit Union - Account Activity (1).oxps
[2013-02-12 17:23:58 | 000,224,432 | ---- | M] () -- C:\Users\Lebels\Documents\Diamond North Credit Union - Payments.oxps
[2013-02-06 17:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-02-06 17:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-01-31 11:47:54 | 000,264,463 | ---- | M] () -- C:\Users\Lebels\Documents\Diamond North Credit Union - Account Activity.oxps
[2013-01-31 11:22:46 | 000,172,613 | ---- | M] () -- C:\Users\Lebels\Documents\GST HST NETFILE - Confirmation.oxps
[2013-01-24 08:41:06 | 000,000,198 | ---- | M] () -- C:\Users\Lebels\Desktop\Yourlink Webmail.url
========== Files Created - No Company Name ========== [2013-02-20 11:29:42 | 000,301,960 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-02-19 09:12:24 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013-02-13 14:27:41 | 000,249,636 | ---- | C] () -- C:\Users\Lebels\Documents\Diamond North Credit Union - Account Activity (1).oxps
[2013-02-12 17:23:58 | 000,224,432 | ---- | C] () -- C:\Users\Lebels\Documents\Diamond North Credit Union - Payments.oxps
[2013-01-31 11:47:54 | 000,264,463 | ---- | C] () -- C:\Users\Lebels\Documents\Diamond North Credit Union - Account Activity.oxps
[2013-01-31 11:22:46 | 000,172,613 | ---- | C] () -- C:\Users\Lebels\Documents\GST HST NETFILE - Confirmation.oxps
[2013-01-24 08:41:06 | 000,000,198 | ---- | C] () -- C:\Users\Lebels\Desktop\Yourlink Webmail.url
[2013-01-15 09:16:23 | 000,252,832 | R--- | C] () -- C:\Windows\patchw32.dll
[2012-11-11 21:18:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012-11-11 11:14:07 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012-11-11 11:14:07 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2012-11-10 16:24:50 | 000,000,248 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012-11-09 11:41:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012-11-08 15:36:14 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012-08-28 14:18:32 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012-08-28 14:18:10 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-08-28 14:18:08 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012-07-26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012-04-20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-01-09 17:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-01-09 17:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ========== ========== Base Services ==========SRV:
64bit: - [2012-09-20 00:30:35 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:
64bit: - [2012-07-25 21:05:04 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:
64bit: - [2012-07-25 21:08:16 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:
64bit: - [2012-07-25 21:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:
64bit: - [2012-11-26 22:17:32 | 000,718,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:
64bit: - [2012-07-25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2012-07-25 21:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:
64bit: - [2012-07-25 21:05:36 | 000,507,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2012-07-25 21:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:
64bit: - [2012-07-25 21:05:12 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:
64bit: - [2012-07-25 21:05:21 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:
64bit: - [2012-07-25 21:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:
64bit: - [2012-10-10 23:43:40 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2012-10-10 23:06:02 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:
64bit: - [2012-09-20 00:31:07 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:
64bit: - [2012-07-25 21:05:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:
64bit: - [2012-07-25 21:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2012-07-25 21:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:
64bit: - [2012-07-25 21:05:51 | 000,438,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:
64bit: - [2012-07-25 21:05:51 | 000,474,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:
64bit: - [2012-07-25 21:07:25 | 000,502,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:
64bit: - [2012-09-20 00:31:57 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:
64bit: - [2012-07-25 21:06:34 | 000,255,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:
64bit: - [2013-01-09 17:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:
64bit: - [2012-09-20 00:32:17 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:
64bit: - [2012-07-25 23:26:47 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:
64bit: - [2012-09-20 00:33:04 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:
64bit: - [2012-07-25 21:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:
64bit: - [2012-07-25 21:07:03 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:
64bit: - [2012-07-25 21:07:03 | 000,358,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:
64bit: - [2012-07-25 21:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:
64bit: - [2012-07-25 21:07:09 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:
64bit: - [2012-09-20 00:33:39 | 000,035,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:
64bit: - [2012-07-25 21:08:12 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:
64bit: - [2012-07-25 21:07:23 | 000,309,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:
64bit: - [2012-07-25 21:07:16 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2012-07-25 21:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:
64bit: - [2012-07-25 21:07:08 | 001,282,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:
64bit: - [2012-07-25 21:07:28 | 000,305,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2012-07-25 21:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:
64bit: - [2012-07-25 21:07:30 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:
64bit: - [2012-07-25 21:07:00 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:
64bit: - [2012-07-25 21:08:49 | 001,482,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:
64bit: - [2012-11-05 22:17:42 | 000,785,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:
64bit: - [2012-11-05 22:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:
64bit: - [2012-07-25 21:07:08 | 000,148,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:
64bit: - [2012-07-25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:
64bit: - [2012-07-25 21:07:47 | 001,731,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:
64bit: - [2012-10-10 23:44:35 | 000,904,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:
64bit: - [2012-07-25 21:07:47 | 000,570,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:
64bit: - [2012-07-25 21:08:34 | 000,124,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2012-07-25 21:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:
64bit: - [2012-07-25 21:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:
64bit: - [2012-11-26 22:19:52 | 003,345,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:
64bit: - [2012-07-25 21:05:31 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:
64bit: - [2012-11-05 22:19:59 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:
64bit: - [2012-07-25 21:08:02 | 000,191,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2012-10-10 23:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012-10-11 02:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2012-07-25 21:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012-07-25 22:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012-10-10 23:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
[2012-10-10 23:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2012-10-11 01:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
[2012-10-11 01:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
< MD5 for: SERVICES >[2012-07-25 23:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
< MD5 for: SERVICES.CFG >[2012-09-23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
< MD5 for: SERVICES.EXE >[2012-09-20 00:33:11 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012-07-25 23:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012-09-20 00:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012-09-20 00:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
< MD5 for: SERVICES.EXE.MUI >[2012-07-26 01:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\SysNative\en-US\services.exe.mui
[2012-07-26 01:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui
< MD5 for: SERVICES.JS >[2012-07-26 01:54:02 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 01:53:53 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 01:53:50 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 01:54:33 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 01:53:57 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-12-17 12:24:19 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2012-12-17 12:24:19 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.29_x64__8wekyb3d8bbwe\common\js\services.js
[2012-12-17 12:24:19 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2012-12-18 11:45:07 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.27_x64__8wekyb3d8bbwe\common\js\services.js
[2012-12-18 11:45:07 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.31_x64__8wekyb3d8bbwe\common\js\services.js
[2012-12-18 11:45:07 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2012-12-17 12:25:21 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2012-12-17 12:27:30 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2012-12-17 11:08:58 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2012-12-23 21:35:56 | 000,006,271 | ---- | M] () MD5=70C3BFEF8C7A6FEF764BB4B737935AC3 -- C:\Program Files\WindowsApps\ChaChaSearch.ChaChaPushNotification_1.0.0.56_neutral__62vv7yjt7tgyp\js\services.js
[2012-12-23 21:35:56 | 000,006,271 | ---- | M] () MD5=70C3BFEF8C7A6FEF764BB4B737935AC3 -- C:\Program Files\WindowsApps\ChaChaSearch.ChaChaPushNotification_1.1.1.0_neutral__62vv7yjt7tgyp\js\services.js
[2012-12-23 21:35:56 | 000,006,271 | ---- | M] () MD5=70C3BFEF8C7A6FEF764BB4B737935AC3 -- C:\Program Files\WindowsApps\ChaChaSearch.ChaChaPushNotification_1.1.2.0_neutral__62vv7yjt7tgyp\js\services.js
[2012-12-23 21:35:56 | 000,006,271 | ---- | M] () MD5=70C3BFEF8C7A6FEF764BB4B737935AC3 -- C:\Program Files\WindowsApps\ChaChaSearch.ChaChaPushNotification_1.1.3.0_neutral__62vv7yjt7tgyp\js\services.js
[2013-01-23 10:18:17 | 000,069,359 | ---- | M] () MD5=80CE8A6918A7BDB5328F93F4A3BB26B0 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\common\js\services.js
[2012-07-31 21:27:04 | 000,004,761 | ---- | M] () MD5=9D136FCA750DBB05B52AB77A35D536D6 -- C:\Program Files\WindowsApps\ChaChaSearch.ChaChaPushNotification_1.0.0.32_neutral__62vv7yjt7tgyp\js\services.js
< MD5 for: SERVICES.LNK >[2012-07-25 14:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 14:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 14:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
< MD5 for: SERVICES.MOF >[2012-06-02 08:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012-06-02 08:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
< MD5 for: SERVICES.MSC >[2012-07-26 01:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012-06-02 08:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012-07-26 01:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012-06-02 08:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012-07-26 01:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012-06-02 08:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012-06-02 08:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012-07-26 01:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
< MD5 for: SERVICES.POWERREVIEWS[1].XML >[2013-01-18 14:57:30 | 000,000,125 | ---- | M] () MD5=37381FEE2BD4A7CE59E03BE3AB773ED6 -- C:\Users\Lebels\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\7DRGA69S\services.powerreviews[1].xml
< MD5 for: SERVICES.PTXML >[2012-07-25 14:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012-07-25 14:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
< MD5 for: SVCHOST.EXE >[2012-07-25 21:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012-07-25 21:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012-09-20 00:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012-09-19 23:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012-09-19 23:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2012-09-20 00:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012-09-20 00:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012-09-19 23:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
< MD5 for: USERINIT.EXE >[2012-07-25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012-07-25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012-07-25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012-07-25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
< MD5 for: WINLOGON.EXE >[2012-09-20 00:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012-09-20 00:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012-07-25 21:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012-10-10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012-10-10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012-10-10 23:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
< End of report >
OTL Extras logfile created on: 2013-02-21 12:45:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lebels\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
5.92 Gb Total Physical Memory | 4.63 Gb Available Physical Memory | 78.29% Memory free
6.85 Gb Paging File | 5.14 Gb Available in Paging File | 75.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.70 Gb Total Space | 854.88 Gb Free Space | 93.66% Space Free | Partition Type: NTFS
Computer Name: LEBEL | User Name: Lebels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.jse[@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe[@ = VBEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs[@ = VBSFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf[@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh[@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{122128E1-EBA2-431C-8B66-C2B1517542B4}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{1812C290-8E8F-4CB2-B09E-039E9E58262E}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{1C22CAFB-42AB-4AB8-8A33-67B7E4FD7A92}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{202DAE20-939D-47EB-AAD4-EDE2B7A49457}" = dir=out | name=ebay |
"{2160EEED-E444-49EF-B25A-798C1E923ACB}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{23FBADFD-90E2-45B9-AC99-66775EC6BAC0}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{26FC39BD-A495-4198-880F-316C2B33B4BB}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{28C8EE5D-9162-40A4-AF01-8B6D6991793E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{30A343B9-2D0A-48C2-A00F-D996ECB9570C}" = dir=out | name=skitch |
"{3BC485AC-FF6A-49F0-9E75-25AB7F3E02EB}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{48C42A47-D0E6-4300-8A22-17947A445A53}" = dir=out | name=amazon for windows |
"{4E134AB0-9C92-4F3B-B9B2-B5728ADD3905}" = dir=out | name=skype |
"{4E971DF5-4C01-4712-A7D8-B878C9002EA6}" = dir=out | name=newsxpresso metro |
"{50176B2E-75EE-42D9-92F8-734B32946A16}" = dir=out | name=merriam-webster dictionary |
"{59A0347D-8011-4F14-9B3A-1D1D1FF1D273}" = dir=out | name=kindle |
"{6092A585-27FB-42DD-B495-22D410394685}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{61068AD8-D9E2-4551-984B-C3AA0B7A574F}" = dir=in | name=ebay |
"{62B380E6-9CBB-46E9-81F6-582EBFD38D3C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{65D125C4-1E63-40FF-A1EF-E2FA1BB958C9}" = dir=in | name=amazon for windows |
"{72C6D18A-9476-4531-A633-1034C3984A64}" = dir=out | name=7digital music store |
"{734F0332-3683-4F23-974B-B7D9740F963B}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{76B768FC-2CFD-413D-AF81-82FB459FD984}" = dir=out | name=windows_ie_ac_001 |
"{77C1F70F-D7BD-45AE-98E5-2D65C00FBBE4}" = dir=out | name=chacha |
"{7A7911AE-0245-4E1B-B7EE-6FBB5EE9A848}" = dir=out | name=cut the rope |
"{7CDD06AB-B967-485D-8EAD-1538F3D8CC23}" = dir=out | name=tunein radio |
"{7FCED387-D6F2-49F1-8A82-9D82AFBD8DB3}" = dir=out | name=acer explorer |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{87662A51-C4D6-4D98-A001-83E6A0A61708}" = dir=out | name=encyclopaedia britannica |
"{8FF2569E-F55C-43BF-957F-2FFF64893021}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{92CC7013-B695-4CD9-BD59-9F9A56AE8E3E}" = dir=out | name=netflix |
"{94CA4613-DD7D-464C-A0E1-9B30D6A4169B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{9C48A620-2869-4087-A79E-B272A40F9113}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{9D53DB02-CC06-45F6-B6A3-9D45F7562095}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{A1BEA179-AEA2-43A3-9569-CFFD66853999}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A4E14EB1-A707-402A-9201-A7163241FC31}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A56EB570-4387-4B0C-A221-28D54ECA1E83}" = dir=out | name=icookbook se |
"{AB5AD959-769F-438D-8B20-B893BE7F09AA}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{BE607A1A-9C0B-43EC-9891-4938D72F8079}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C71A1FD0-F513-4166-A070-E920A6B85056}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{CA9FC81B-C65A-44D1-AFB9-7C56F1E206D7}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{CF258711-3023-44ED-AEEC-8AB4D5A42A33}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D3711306-D35E-4377-8A78-533D1D14D683}" = dir=in | name=skype |
"{D3DA3BFC-544F-48D2-8939-8C81151E3C2C}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{D6074BC0-5005-49C1-A9DB-A21AECF5C543}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{D7748EE9-3BBD-4E6F-99C2-B165F7974ABB}" = dir=out | name=microsoft solitaire collection |
"{D77DF307-81FD-400E-879A-E2B09EFC03AB}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{D836F5BB-9934-477A-A12E-C16911FEB938}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D95E79E4-9B62-4D52-8CA9-703AC7EE7EFE}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{DE4D2FDF-D376-48BC-AD69-D142ED4194DF}" = dir=in | name=evernote |
"{E05B02DC-0BFB-4541-8B79-08BCE1E2D1F8}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{E2088683-D8C4-4119-8C90-0FB08592EA1D}" = dir=out | name=evernote |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8B79D61-E5B9-4B83-BD7B-C08772A49E22}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{E9D53350-9EC6-4185-BCFE-5C3ACE553C44}" = dir=in | name=kindle |
"{ECCCE68F-B6FE-418A-908C-A7969C061450}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F264E518-79D6-432D-B15E-6C103816395B}" = dir=out | name=stumbleupon |
"{F3915281-791D-4823-B628-0F65AFDE9D43}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{FA23F885-A764-441F-8C94-B10888175CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{FAEF3283-622C-4D16-A70E-C39843DFADA5}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{FDCA54BA-4921-44AA-9C3B-EF137F366675}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{FFD2850F-CC65-44D7-960E-1279515817D8}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PROSet" = Intel® Network Connections Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{2794BB36-F0EC-498E-BD81-2C5BA91206C4}" = Panda Antivirus Pro 2013
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D160F1-0E2C-4AC1-9EF9-8ABE1CAF2F8D}" = Sage 50 Accounting 2013
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6A85286D-BA0F-4318-8C30-AD74A33AAD36}" = MySQL Connector/ODBC 3.51
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}" = Nero 12 Essentials OEM.a01
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A6DC88AD-501A-44BC-884D-57435F972E2C}" = Hotkey Utility
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6 - Panda Secure Vault Edition
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2013
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30DD48A-58A2-4B76-81D8-EE0B1B45833F}" = Panda Antivirus Pro 2013
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Free Download Manager_is1" = Free Download Manager 3.9
"HijackThis" = HijackThis 1.99.1
"InstallShield_{52D160F1-0E2C-4AC1-9EF9-8ABE1CAF2F8D}" = Sage 50 Accounting 2013
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Spotify" = Spotify
"TotalRecipeSearch_14bar Uninstall" = TotalRecipeSearch Toolbar
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 2013-01-29 1:38:40 PM | Computer Name = Lebel | Source = COM+ | ID = 135858
Description =
Error - 2013-01-29 1:38:41 PM | Computer Name = Lebel | Source = Application Error | ID = 1000
Description = Faulting application name: Sage50Accounting.exe, version: 20.10.0.1,
time stamp: 0x50c79e21 Faulting module name: PavLspHookWow.DLL, version: 9.2.2.1,
time stamp: 0x4fbb9911 Exception code: 0xc0000005 Fault offset: 0x00001b51 Faulting
process id: 0x1660 Faulting application start time: 0x01cdfe472619c933 Faulting application
path: C:\Program Files (x86)\Sage 50 Pro Accounting 2013\Sage50Accounting.exe Faulting
module path: C:\WINDOWS\SYSTEM32\PavLspHookWow.DLL Report Id: b7df06b7-6a3a-11e2-be8b-eca86baefb98
Faulting
package full name: Faulting package-relative application ID:
Error - 2013-01-29 1:49:38 PM | Computer Name = Lebel | Source = Application Error | ID = 1000
Description = Faulting application name: Sage50Accounting.exe, version: 20.10.0.1,
time stamp: 0x50c79e21 Faulting module name: PavLspHookWow.DLL, version: 9.2.2.1,
time stamp: 0x4fbb9911 Exception code: 0xc000000d Fault offset: 0x00004a81 Faulting
process id: 0x424 Faulting application start time: 0x01cdfe48f075ed9f Faulting application
path: C:\Program Files (x86)\Sage 50 Pro Accounting 2013\Sage50Accounting.exe Faulting
module path: C:\WINDOWS\SYSTEM32\PavLspHookWow.DLL Report Id: 3fbf3b24-6a3c-11e2-be8b-eca86baefb98
Faulting
package full name: Faulting package-relative application ID:
Error - 2013-02-04 1:06:03 PM | Computer Name = Lebel | Source = Application Error | ID = 1000
Description = Faulting application name: Sage50Accounting.exe, version: 20.10.0.1,
time stamp: 0x50c79e21 Faulting module name: ntdll.dll, version: 6.2.9200.16420,
time stamp: 0x505aaa82 Exception code: 0xc0000374 Fault offset: 0x000da94f Faulting
process id: 0x910 Faulting application start time: 0x01ce02f5e74c0290 Faulting application
path: C:\Program Files (x86)\Sage 50 Pro Accounting 2013\Sage50Accounting.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 2754b4a1-6eed-11e2-be8c-eca86baefb98
Faulting
package full name: Faulting package-relative application ID:
Error - 2013-02-05 11:52:17 AM | Computer Name = Lebel | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16453,
time stamp: 0x509b0dfb Faulting module name: ntdll.dll, version: 6.2.9200.16420,
time stamp: 0x505aaa82 Exception code: 0xc000000d Fault offset: 0x000b0dbd Faulting
process id: 0x11b8 Faulting application start time: 0x01ce03b536ef943c Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 03c9ed32-6fac-11e2-be8c-eca86baefb98 Faulting
package full name: Faulting package-relative application ID:
Error - 2013-02-06 4:35:42 PM | Computer Name = Lebel | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16453,
time stamp: 0x509b0dfb Faulting module name: ntdll.dll, version: 6.2.9200.16420,
time stamp: 0x505aaa82 Exception code: 0xc000000d Fault offset: 0x000b0dbd Faulting
process id: 0xd4c Faulting application start time: 0x01ce04a79e41dc03 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: c60a7cde-709c-11e2-be8c-eca86baefb98 Faulting
package full name: Faulting package-relative application ID:
Error - 2013-02-06 4:35:43 PM | Computer Name = Lebel | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16453,
time stamp: 0x509b0dfb Faulting module name: ntdll.dll, version: 6.2.9200.16420,
time stamp: 0x505aaa82 Exception code: 0xc000000d Fault offset: 0x000b0dbd Faulting
process id: 0xd4c Faulting application start time: 0x01ce04a79e41dc03 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: c684166d-709c-11e2-be8c-eca86baefb98 Faulting
package full name: Faulting package-relative application ID:
Error - 2013-02-10 1:23:51 PM | Computer Name = Lebel | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App 4DF9E0F8.Netflix_mcm4njqhnhss8!App did not launch within its allotted
time.
Error - 2013-02-10 1:24:10 PM | Computer Name = Lebel | Source = Application Hang | ID = 1002
Description = The program NetflixMetroApp.exe version 1.0.0.11 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ea0 Start
Time: 01ce07b3597247a3 Termination Time: 4294967295 Application Path: C:\Program
Files\WindowsApps\4DF9E0F8.Netflix_1.0.0.11_x64__mcm4njqhnhss8\NetflixMetroApp.exe
Report
Id: a3465b7e-73a6-11e2-be8c-eca86baefb98 Faulting package full name: 4DF9E0F8.Netflix_1.0.0.11_x64__mcm4njqhnhss8
Faulting
package-relative application ID: App
Error - 2013-02-10 1:24:10 PM | Computer Name = Lebel | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app 4DF9E0F8.Netflix_mcm4njqhnhss8!App failed with error:
-2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
[ System Events ]
Error - 2013-02-04 8:11:18 PM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
Error - 2013-02-04 8:11:18 PM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
Error - 2013-02-04 8:35:39 PM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
Error - 2013-02-04 8:40:53 PM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
Error - 2013-02-05 11:33:08 AM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
Error - 2013-02-05 11:42:08 AM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
Error - 2013-02-05 11:51:08 AM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
Error - 2013-02-06 4:27:54 PM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
Error - 2013-02-06 4:34:13 PM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
Error - 2013-02-10 1:05:53 PM | Computer Name = Lebel | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.
< End of report >
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-21 12:58:36
-----------------------------
12:58:36.566 OS Version: Windows x64 6.2.9200
12:58:36.566 Number of processors: 4 586 0x2A07
12:58:36.566 ComputerName: LEBEL UserName:
12:58:36.598 Initialze error 1
12:58:55.136 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
12:58:55.136 Disk 0 Vendor: ST1000DM003-9YN162 CC4B Size: 953869MB BusType: 11
12:58:55.152 Disk 0 MBR read successfully
12:58:55.152 Disk 0 MBR scan
12:58:55.167 Disk 0 unknown MBR code
12:58:55.167 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
12:58:55.167 Disk 0 scanning C:\Windows\system32\drivers
12:58:55.167 Service scanning
12:58:55.995 Modules scanning
12:58:55.995 Disk 0 trace - called modules:
12:58:55.995 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
12:58:55.995 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007457060]
12:58:55.995 3 CLASSPNP.SYS[fffff880010028aa] -> nt!IofCallDriver -> [0xfffffa8005b2a5b0]
12:58:56.011 5 ACPI.sys[fffff8800115aa91] -> nt!IofCallDriver -> \Device\00000038[0xfffffa8005b22060]
12:58:56.011 Scan finished successfully
12:59:28.013 Disk 0 MBR has been saved successfully to "C:\Users\Lebels\Downloads\MBR.dat"
12:59:28.013 The log file has been saved successfully to "C:\Users\Lebels\Downloads\aswMBR.txt"
This topic is locked
Sign In
Create Account
