Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Websites Very Slow or Won't Load At All ~ OTL Posted


  • Please log in to reply

#1
Quartz

Quartz

    Member

  • Member
  • PipPipPip
  • 122 posts
A few days ago my computer quit loading webpages instantly. Now it takes about 2-5 minutes for most to load, or they never load at all.

OTL logfile created on: 7/12/2013 5:14:26 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.49 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 75.18% Memory free
14.98 Gb Paging File | 12.84 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 477.80 Gb Total Space | 423.92 Gb Free Space | 88.72% Space Free | Partition Type: NTFS
Drive D: | 453.61 Gb Total Space | 252.79 Gb Free Space | 55.73% Space Free | Partition Type: NTFS

Computer Name: CINDY-GAME-PC | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Buddy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ToolwizCareFree\ToolwizTools.exe (Toolwiz.com)
PRC - C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe (Toolwiz)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Glary Utilities 3\Integrator.exe (Glarysoft Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Glary Utilities 3\zlib1.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxdnCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV - (lxdn_device) -- C:\Windows\SysWOW64\lxdncoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KSafeDISK) -- C:\Windows\SysNative\drivers\KSafeDISK.sys (Toolwiz.com)
DRV:64bit: - (BTOWSVF) -- C:\Windows\SysNative\drivers\BTOWSVF.sys (Toolwiz.com)
DRV:64bit: - (BTOWSFF) -- C:\Windows\SysNative\drivers\BTOWSFF.sys (Toolwiz.com)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbGps) -- C:\Windows\SysNative\drivers\lgx64gps.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (MSILiveVirtualCamera) -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera.sys (MSI Corporation)
DRV - (AODDriver4.01) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbuhci) -- C:\Windows\SysWOW64\drivers\usbuhci.sys (Microsoft Corporation)
DRV - (usbehci) -- C:\Windows\SysWOW64\drivers\usbehci.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 52 22 01 3D 7E CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/18 02:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:40 | 000,000,000 | ---D | M]

[2011/10/22 09:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Extensions
[2013/01/25 03:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Firefox\Profiles\2etiq55c.default\extensions
[1625/12/17 20:32:29 | 000,002,081 | ---- | M] () (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\firefox\profiles\2etiq55c.default\extensions\[email protected]
[2013/07/12 00:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Change Font Family Style = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabledekpjmoghdjnpnhfkfpmjifklpb\2.6_0\
CHR - Extension: Sudoku = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0\
CHR - Extension: Google Docs = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Last.fm free music player = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.692_0\
CHR - Extension: YouTube = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Google Theme Bright = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjpllkkkfobicnffejagpfbnkmgpggb\1.0.0_0\
CHR - Extension: Autocomplete = on = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Logitech SetPoint = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Clock for Google Chrome\u2122 = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\2.1.0.4_0\
CHR - Extension: AdBlock = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Mailto: = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf\1.24.0_0\
CHR - Extension: Safe Money = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Change Colors = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\
CHR - Extension: Hover Zoom = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: My Chrome Theme = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/07/11 23:34:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [5594FD411AC9B3706D4A562F490DF74B5FA5DA40._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A9D0C9-6710-4E56-82CE-64037C9D205F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9928683F-52F7-44E0-8BD2-B1DDCA2C5BB3}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/12 00:22:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/11 23:50:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/11 23:19:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/11 23:19:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/11 23:19:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/11 23:19:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/11 23:17:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/11 23:17:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/11 22:22:04 | 000,559,306 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Buddy\Desktop\JRT.exe
[2013/07/11 06:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[2013/07/11 06:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/11 06:08:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/11 06:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\Innovative Solutions
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013/07/11 02:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2013/07/11 02:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2013/07/11 02:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/07/11 02:35:25 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/11 02:34:35 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/07/11 02:34:09 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/11 02:34:09 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/11 01:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D
[2013/07/11 00:22:48 | 000,052,992 | ---- | C] (Toolwiz.com) -- C:\Windows\SysNative\drivers\KSafeDISK.sys
[2013/07/11 00:22:48 | 000,052,480 | ---- | C] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSVF.sys
[2013/07/11 00:22:48 | 000,033,024 | ---- | C] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSFF.sys
[2013/07/11 00:22:48 | 000,000,000 | R--D | C] -- C:\TOOLWIZ
[2013/07/11 00:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree
[2013/07/11 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ToolwizCareFree
[2013/07/11 00:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToolwizCareFree
[2013/07/10 23:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/07/10 23:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3
[2013/07/10 23:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3
[2013/07/10 23:22:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 11:18:05 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\InstallShield
[2013/07/05 09:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2013/07/05 09:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2013/07/05 09:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/07/05 09:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/07/05 09:34:37 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2013/07/05 09:34:37 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/07/05 09:17:29 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/07/05 09:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/06/25 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Documents\MY HABIT
[2013/06/21 17:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/06/21 16:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/20 08:08:46 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/06/20 07:54:18 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\ChemTable Software
[2013/06/20 07:53:53 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ChemTable Software
[2013/06/19 18:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/05/21 18:11:05 | 000,104,960 | ---- | C] (CANON INC.) -- C:\Users\Buddy\cnmss Canon MG3100 series Printer (Local).dll
[2013/01/24 20:43:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Buddy\AppData\Roaming\pcouffin.sys
[2013/01/09 15:26:06 | 000,571,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/12 00:29:01 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 00:29:01 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 00:26:07 | 000,801,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/12 00:26:07 | 000,720,346 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/12 00:26:07 | 000,083,876 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/12 00:23:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/07/12 00:21:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/11 23:34:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/11 22:23:09 | 000,559,306 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Buddy\Desktop\JRT.exe
[2013/07/11 08:49:54 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 06:37:49 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 03:49:17 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/11 02:45:12 | 000,002,345 | ---- | M] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | M] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:35:25 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/11 00:27:33 | 000,007,639 | ---- | M] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2013/07/11 00:22:48 | 000,052,992 | ---- | M] (Toolwiz.com) -- C:\Windows\SysNative\drivers\KSafeDISK.sys
[2013/07/11 00:22:48 | 000,052,480 | ---- | M] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSVF.sys
[2013/07/11 00:22:48 | 000,033,024 | ---- | M] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSFF.sys
[2013/07/11 00:22:41 | 000,001,083 | ---- | M] () -- C:\Users\Buddy\Desktop\Toolwiz Care.lnk
[2013/07/10 23:29:05 | 000,001,109 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/07/10 23:29:05 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/07/10 22:17:55 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/07/10 20:48:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/10 14:57:22 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/10 14:57:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/10 11:09:10 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/10 01:08:31 | 000,012,642 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:06:58 | 000,000,537 | ---- | M] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:36:13 | 000,817,858 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/05 09:34:34 | 000,000,862 | ---- | M] () -- C:\Windows\SysNative\termcap
[2013/06/28 04:39:40 | 004,858,005 | ---- | M] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | M] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/25 12:45:52 | 000,039,632 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of HauteLook Order 6 2 2013.wbk
[2013/06/24 16:02:23 | 000,174,292 | ---- | M] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/21 19:41:25 | 000,000,961 | ---- | M] () -- C:\Users\Buddy\Desktop\Install Toolwiz Care.lnk
[2013/06/20 21:45:34 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/20 08:33:00 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:31 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:07:16 | 005,768,120 | ---- | M] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | M] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | M] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | M] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/19 23:54:13 | 000,001,442 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/11 23:19:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/11 23:19:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/11 23:19:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/11 23:19:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/11 23:19:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/11 06:37:50 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 06:37:49 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 02:45:12 | 000,002,345 | ---- | C] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | C] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:26 | 000,002,324 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:21 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2013/07/11 02:35:40 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/11 00:22:41 | 000,001,083 | ---- | C] () -- C:\Users\Buddy\Desktop\Toolwiz Care.lnk
[2013/07/10 23:29:05 | 000,001,109 | ---- | C] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/07/10 23:29:05 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/07/10 23:29:04 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/07/10 23:29:02 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk
[2013/07/10 00:12:42 | 000,012,642 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:05:32 | 000,000,537 | ---- | C] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:34:37 | 000,000,862 | ---- | C] () -- C:\Windows\SysNative\termcap
[2013/07/05 09:17:20 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/07/05 09:17:14 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/07/05 09:17:00 | 000,001,463 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/07/05 09:16:53 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/06/28 04:39:39 | 004,858,005 | ---- | C] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | C] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/24 16:02:23 | 000,174,292 | ---- | C] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/21 01:46:40 | 000,000,961 | ---- | C] () -- C:\Users\Buddy\Desktop\Install Toolwiz Care.lnk
[2013/06/20 08:32:59 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:30 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:07:10 | 005,768,120 | ---- | C] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | C] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | C] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | C] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/19 23:54:12 | 000,001,454 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/27 18:02:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2013/05/27 18:02:51 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2013/05/27 18:02:51 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2013/05/27 18:02:51 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2013/05/27 18:02:50 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2013/05/27 18:02:50 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2013/05/27 18:02:50 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2013/05/27 18:02:50 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2013/05/27 18:02:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2013/05/27 18:02:49 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2013/05/27 18:02:49 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2013/05/27 18:02:49 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2013/05/27 18:02:49 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2013/05/27 18:02:49 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2013/05/27 18:02:48 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2013/03/09 19:45:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/24 20:43:55 | 000,007,859 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.cat
[2013/01/24 20:43:55 | 000,001,167 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.inf
[2013/01/24 20:05:11 | 000,003,584 | ---- | C] () -- C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/24 13:06:15 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CINDY-GAME-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/01/09 08:58:09 | 000,002,127 | ---- | C] () -- C:\Users\Buddy\wxDownloadFast.ini
[2013/01/09 08:10:53 | 000,001,491 | ---- | C] () -- C:\Users\Buddy\AppData\Local\recently-used.xbel
[2012/12/27 07:27:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/20 11:48:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/11/20 11:48:14 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/10/16 15:04:34 | 000,019,108 | ---- | C] () -- C:\Windows\hpqins13.dat
[2012/08/21 19:14:36 | 000,817,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/14 20:52:53 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2012/08/14 20:52:53 | 000,192,512 | R--- | C] () -- C:\Windows\SysWow64\AegisI5.exe
[2012/08/14 20:52:53 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/16 20:56:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/04 20:37:20 | 000,007,639 | ---- | C] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2011/10/24 20:46:39 | 000,870,128 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\mcs.rma
[2011/10/07 09:00:52 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2011/09/22 20:49:56 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/11 03:20:28 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Auslogics
[2013/01/17 06:10:06 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\BSplayer Pro
[2013/05/21 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Canon
[2013/06/20 07:54:18 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\ChemTable Software
[2013/02/23 03:52:11 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/27 03:02:31 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Easeware
[2011/12/04 20:27:40 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\eSobi
[2011/11/04 11:26:12 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\GameFly
[2013/07/10 23:29:03 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\GlarySoft
[2013/01/22 00:34:41 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\KeePass
[2013/01/07 10:52:05 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\KLS Soft
[2012/09/02 12:32:17 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Leadertech
[2012/11/15 14:23:26 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\MAGIX
[2012/08/21 23:31:22 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\MSI
[2012/10/17 15:23:36 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\OfficeSuiteX
[2013/01/24 16:27:56 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\OpenOffice.org
[2013/01/03 22:59:19 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\QuickScan
[2013/01/24 20:49:34 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Samsung
[2013/01/11 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Star Watermark
[2011/12/22 20:44:52 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Temp
[2012/09/02 06:11:51 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\TuneUp Software
[2011/11/24 22:20:08 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Ubisoft
[2013/01/24 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Vso
[2013/01/05 07:45:57 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\WinZip

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Appears that you have 3 browsers: IE, Firefox and Chrome. Is it the same in all 3?

You are running two anti-viruses. They fight each other. You need to uninstall Microsoft Security Essentials. Also uninstall ToolWizCareFree, Glary Utilities 3 and the Google Toolbar. Live Update 5 has been reported to leave a system unbootable so I think you should uninstall it too. If you still have Speccy installed please uninstall it. Is there a reason you are running IIS? If not turn it off:


Close all applications that are currently running on your computer.

In Control Panel, click Programs and Features.

In the left pane, click Turn Windows Features On or Off. The Windows Components Wizard will launch.

Uncheck Internet Information Services, and then click Next.





There is something funny in Firefox:

[1625/12/17 20:32:29 | 000,002,081 | ---- | M] () (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\firefox\profiles\2etiq55c.default\extensions\[email protected]

You will note the date is just 5 years after the pilgrims came to America. We can use OTL to remove it:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
[1625/12/17 20:32:29 | 000,002,081 | ---- | M] () (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\firefox\profiles\2etiq55c.default\extensions\[email protected]
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\07122013-some number.log so look there if you don't see it.






Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.





Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.




Reboot.




1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.




Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

DO NOT CHECK:
[]Reset IE Proxy Settings

[]Reset FF Proxy Settings


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v


Ron
  • 0

#3
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Here is the log from OTL. I had to download OTL again b/c I couldn't find it on the computer. Microsoft Security Essentials does not show in Add/Remove Programs. According to Microsoft, I must have Spyware/Virus if it isn't showing there. So true. LOL I bought this computer used. It was built as a gaming computer, which I don't use it for. I do not use Firefox & can't find it anywhere on the computer. I will now follow the rest of your instructions. THANKS!!!!

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\Buddy\AppData\Roaming\mozilla\firefox\profiles\2etiq55c.default\extensions\[email protected] moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC deleted successfully.
c:\Program Files\Microsoft Security Client\msseces.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Buddy
->Flash cache emptied: 506 bytes

User: Buddy_2

User: Classic .NET AppPool

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Buddy
->Java cache emptied: 4841631 bytes

User: Buddy_2

User: Classic .NET AppPool

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07122013_150859
  • 0

#4
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
# AdwCleaner v2.305 - Logfile created 07/12/2013 at 15:23:44
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Buddy - CINDY-GAME-PC
# Boot Mode : Normal
# Running from : C:\Users\Buddy\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [664 octets] - [12/07/2013 15:23:44]

########## EOF - C:\AdwCleaner[S2].txt - [723 octets] ##########
  • 0

#5
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/07/2013 4:55:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/07/2013 8:46:57 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/07/2013 4:58:38 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/07/2013 8:49:26 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 12/07/2013 8:47:57 PM
Type: Error Category: 1
Event: 32041 Source: Microsoft Fax
Fax Service failed to initialize because of an internal error

Win32 Error Code: 0.
This error code indicates the cause of the error.

Log: 'Application' Date/Time: 12/07/2013 8:47:57 PM
Type: Error Category: 1
Event: 32104 Source: Microsoft Fax
Faxes cannot be submitted or sent because the Fax service cannot access the folder specified for the fax queue. The location of the fax queue can be modified with a registry key. For more information, see Troubleshooting in Fax Service Manager help.
Win32 Error Code: 2
This error code indicates the cause of the error.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/07/2013 8:46:55 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-758597317-3980469559-3765783759-1000_Classes:
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000_CLASSES


Log: 'Application' Date/Time: 12/07/2013 8:46:55 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 12 user registry handles leaked from \Registry\User\S-1-5-21-758597317-3980469559-3765783759-1000:
Process 1860 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000\Software
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000\Software\Policies
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000\Software\Microsoft\Internet Explorer\Main
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5524 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-758597317-3980469559-3765783759-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
  • 0

#6
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
OTL logfile created on: 7/12/2013 5:03:12 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.49 Gb Total Physical Memory | 5.49 Gb Available Physical Memory | 73.30% Memory free
14.98 Gb Paging File | 12.85 Gb Available in Paging File | 85.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 477.80 Gb Total Space | 422.84 Gb Free Space | 88.50% Space Free | Partition Type: NTFS
Drive D: | 453.61 Gb Total Space | 252.79 Gb Free Space | 55.73% Space Free | Partition Type: NTFS

Computer Name: CINDY-GAME-PC | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Buddy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxdnCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV - (lxdn_device) -- C:\Windows\SysWOW64\lxdncoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbGps) -- C:\Windows\SysNative\drivers\lgx64gps.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (MSILiveVirtualCamera) -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera.sys (MSI Corporation)
DRV - (AODDriver4.01) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbuhci) -- C:\Windows\SysWOW64\drivers\usbuhci.sys (Microsoft Corporation)
DRV - (usbehci) -- C:\Windows\SysWOW64\drivers\usbehci.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 52 22 01 3D 7E CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/18 02:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:40 | 000,000,000 | ---D | M]

[2011/10/22 09:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Extensions
[2013/07/12 15:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Firefox\Profiles\2etiq55c.default\extensions
[2013/07/12 00:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Change Font Family Style = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabledekpjmoghdjnpnhfkfpmjifklpb\2.6_0\
CHR - Extension: Sudoku = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0\
CHR - Extension: Google Docs = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Last.fm free music player = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.692_0\
CHR - Extension: YouTube = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Google Theme Bright = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjpllkkkfobicnffejagpfbnkmgpggb\1.0.0_0\
CHR - Extension: Autocomplete = on = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Logitech SetPoint = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Clock for Google Chrome\u2122 = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\2.1.0.4_0\
CHR - Extension: AdBlock = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Mailto: = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf\1.24.0_0\
CHR - Extension: Safe Money = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Change Colors = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\
CHR - Extension: Hover Zoom = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: My Chrome Theme = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/07/11 23:34:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [5594FD411AC9B3706D4A562F490DF74B5FA5DA40._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A9D0C9-6710-4E56-82CE-64037C9D205F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9928683F-52F7-44E0-8BD2-B1DDCA2C5BB3}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111T Smart Wizard.lnk - C:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe - (NETGEAR)
MsConfig:64bit - StartUpFolder: C:^Users^Buddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MG3100 series Printer.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= - C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
MsConfig:64bit - StartUpReg: Glary Memory Optimizer - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Live Update 5 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: lxdnmon.exe - hkey= - key= - C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
MsConfig:64bit - StartUpReg: NortonOnlineBackup - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PC Pitstop Optimize Reminder - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PMBVolumeWatcher - hkey= - key= - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
MsConfig:64bit - StartUpReg: Q-Face agent - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig:64bit - StartUpReg: ZyngaGamesAgent - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\system32\ieudinit.exe
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX:64bit: >{b63c7a19-a26b-486c-b579-cc4b88723314} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: AutorunsDisabled -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled -

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/12 15:08:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/12 14:36:51 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ElevatedDiagnostics
[2013/07/12 00:22:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/11 23:50:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/11 23:19:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/11 23:19:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/11 23:19:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/11 23:19:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/11 23:17:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/11 23:17:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/11 22:22:04 | 000,559,306 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Buddy\Desktop\JRT.exe
[2013/07/11 06:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[2013/07/11 06:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/11 06:08:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/11 06:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\Innovative Solutions
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013/07/11 02:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2013/07/11 02:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2013/07/11 02:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/07/11 02:35:25 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/11 02:34:35 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/07/11 02:34:09 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/11 02:34:09 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/11 01:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D
[2013/07/11 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ToolwizCareFree
[2013/07/10 23:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/07/10 23:22:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 23:22:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/10 23:22:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/10 23:22:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 23:22:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 23:22:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/10 23:22:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/10 23:22:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/10 23:22:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/10 23:22:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 23:22:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/10 23:22:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/10 23:22:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 23:22:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 23:22:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/10 23:22:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 22:40:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 22:34:18 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 22:34:18 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 22:29:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/07/10 22:29:54 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/07/10 22:29:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/07/10 22:29:53 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/07/10 22:29:53 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/07/10 22:29:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/07/10 22:29:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/07/10 22:29:53 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/07/10 22:29:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/07/10 22:29:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/07/10 22:29:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/07/10 22:29:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/07/10 22:28:10 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 22:28:09 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 11:18:05 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\InstallShield
[2013/07/05 09:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2013/07/05 09:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2013/07/05 09:34:37 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/07/05 09:17:29 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/07/05 09:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/06/25 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Documents\MY HABIT
[2013/06/21 17:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/06/21 16:08:38 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/21 16:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/20 07:54:18 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\ChemTable Software
[2013/06/20 07:53:53 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ChemTable Software
[2013/06/19 18:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/05/21 18:11:05 | 000,104,960 | ---- | C] (CANON INC.) -- C:\Users\Buddy\cnmss Canon MG3100 series Printer (Local).dll
[2013/01/24 20:43:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Buddy\AppData\Roaming\pcouffin.sys
[2013/01/09 15:26:06 | 000,571,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/12 16:55:01 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 16:55:01 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 16:54:15 | 000,757,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/12 16:54:15 | 000,687,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/12 16:54:15 | 000,074,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/12 16:52:11 | 000,061,440 | ---- | M] ( ) -- C:\Users\Buddy\Desktop\VEW.exe
[2013/07/12 16:47:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/12 16:39:32 | 000,066,231 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Geeks to Go Instructions.wbk
[2013/07/12 14:23:00 | 000,333,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 23:34:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/11 22:23:09 | 000,559,306 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Buddy\Desktop\JRT.exe
[2013/07/11 08:49:54 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 06:37:49 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 03:49:17 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/11 02:45:12 | 000,002,345 | ---- | M] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | M] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:35:25 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/11 00:27:33 | 000,007,639 | ---- | M] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2013/07/10 20:48:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/10 15:39:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/10 15:39:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/10 14:57:22 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/10 14:57:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/10 11:09:10 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/10 01:08:31 | 000,012,642 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:06:58 | 000,000,537 | ---- | M] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:36:13 | 000,817,858 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/05 09:34:34 | 000,000,862 | ---- | M] () -- C:\Windows\SysNative\termcap
[2013/06/28 04:39:40 | 004,858,005 | ---- | M] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | M] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/25 12:45:52 | 000,039,632 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of HauteLook Order 6 2 2013.wbk
[2013/06/24 16:02:23 | 000,174,292 | ---- | M] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/20 21:45:34 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/20 08:33:00 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:31 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:07:16 | 005,768,120 | ---- | M] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | M] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | M] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | M] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/19 23:54:13 | 000,001,442 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/12 21:47:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/12 19:03:40 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/12 16:52:11 | 000,061,440 | ---- | C] ( ) -- C:\Users\Buddy\Desktop\VEW.exe
[2013/07/12 16:39:31 | 000,066,231 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Geeks to Go Instructions.wbk
[2013/07/12 14:22:17 | 000,333,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 23:19:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/11 23:19:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/11 23:19:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/11 23:19:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/11 23:19:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/11 06:37:50 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 06:37:49 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 02:45:12 | 000,002,345 | ---- | C] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | C] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:26 | 000,002,324 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:21 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2013/07/11 02:35:40 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/10 00:12:42 | 000,012,642 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:05:32 | 000,000,537 | ---- | C] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:34:37 | 000,000,862 | ---- | C] () -- C:\Windows\SysNative\termcap
[2013/07/05 09:17:20 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/07/05 09:17:14 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/07/05 09:17:00 | 000,001,463 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/07/05 09:16:53 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/06/28 04:39:39 | 004,858,005 | ---- | C] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | C] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/24 16:02:23 | 000,174,292 | ---- | C] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/20 08:32:59 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:30 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:07:10 | 005,768,120 | ---- | C] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | C] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | C] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | C] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/19 23:54:12 | 000,001,454 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/27 18:02:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2013/05/27 18:02:51 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2013/05/27 18:02:51 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2013/05/27 18:02:51 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2013/05/27 18:02:50 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2013/05/27 18:02:50 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2013/05/27 18:02:50 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2013/05/27 18:02:50 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2013/05/27 18:02:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2013/05/27 18:02:49 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2013/05/27 18:02:49 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2013/05/27 18:02:49 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2013/05/27 18:02:49 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2013/05/27 18:02:49 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2013/05/27 18:02:48 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2013/03/09 19:45:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/24 20:43:55 | 000,007,859 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.cat
[2013/01/24 20:43:55 | 000,001,167 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.inf
[2013/01/24 20:05:11 | 000,003,584 | ---- | C] () -- C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/24 13:06:15 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CINDY-GAME-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/01/09 08:58:09 | 000,002,127 | ---- | C] () -- C:\Users\Buddy\wxDownloadFast.ini
[2013/01/09 08:10:53 | 000,001,491 | ---- | C] () -- C:\Users\Buddy\AppData\Local\recently-used.xbel
[2012/12/27 07:27:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/20 11:48:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/11/20 11:48:14 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/10/16 15:04:34 | 000,019,108 | ---- | C] () -- C:\Windows\hpqins13.dat
[2012/08/21 19:14:36 | 000,817,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/14 20:52:53 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2012/08/14 20:52:53 | 000,192,512 | R--- | C] () -- C:\Windows\SysWow64\AegisI5.exe
[2012/08/14 20:52:53 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/16 20:56:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/04 20:37:20 | 000,007,639 | ---- | C] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2011/10/24 20:46:39 | 000,870,128 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\mcs.rma
[2011/10/07 09:00:52 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2011/09/22 20:49:56 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST310005 24AS SATA Disk Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: USB2.0 CardReader CF USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: USB2.0 CardReader SM XD USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: USB2.0 CardReader MS USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: USB2.0 CardReader SD USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 478.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 454.00GB
Starting Offset: 513142685696
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/11/05 21:14:32 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Adobe
[2012/01/15 19:40:50 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\ArcSoft
[2011/09/22 19:10:42 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\ATI
[2013/07/11 03:20:28 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Auslogics
[2013/01/17 06:10:06 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\BSplayer Pro
[2013/05/21 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Canon
[2013/06/20 07:54:18 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\ChemTable Software
[2013/02/23 03:52:11 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/23 08:54:59 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\CyberLink
[2011/10/23 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\DivX
[2012/12/27 03:02:31 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Easeware
[2011/12/04 20:27:40 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\eSobi
[2011/11/04 11:26:12 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\GameFly
[2013/07/12 13:39:54 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\GlarySoft
[2012/08/11 13:44:27 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Google
[2012/08/21 18:51:06 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\HP
[2013/01/17 06:10:06 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\HpUpdate
[2011/09/22 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Identities
[2013/07/10 11:18:05 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\InstallShield
[2013/01/22 00:34:41 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\KeePass
[2013/01/07 10:52:05 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\KLS Soft
[2012/09/02 12:32:17 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Leadertech
[2013/02/03 00:31:11 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Logishrd
[2012/09/02 12:36:26 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Logitech
[2013/06/21 23:58:37 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Macromedia
[2012/11/15 14:23:26 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\MAGIX
[2013/07/11 06:08:32 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Malwarebytes
[2011/04/12 04:28:03 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Media Center Programs
[2013/03/13 09:05:41 | 000,000,000 | --SD | M] -- C:\Users\Buddy\AppData\Roaming\Microsoft
[2012/01/15 19:35:42 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Mozilla
[2012/08/21 23:31:22 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\MSI
[2012/10/17 15:23:36 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\OfficeSuiteX
[2013/01/24 16:27:56 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\OpenOffice.org
[2013/01/03 22:59:19 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\QuickScan
[2011/10/24 20:43:32 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Real
[2013/01/24 20:49:34 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Samsung
[2012/08/21 14:04:47 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Sony Corporation
[2013/01/11 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Star Watermark
[2011/12/22 20:44:52 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Temp
[2012/09/02 06:11:51 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\TuneUp Software
[2011/11/24 22:20:08 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Ubisoft
[2013/01/24 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Vso
[2013/01/05 07:34:30 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\WinRAR
[2013/01/05 07:45:57 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\WinZip
[2013/01/09 10:17:01 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 23:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
[2010/11/20 23:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 23:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 23:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
[2010/11/20 23:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 23:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 23:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 12:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 23:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2012/10/03 13:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/22 22:10:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/22 22:10:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/22 22:10:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/05/28 22:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2013/05/28 22:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/09/22 22:10:42 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/09/22 22:10:42 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/09/22 22:10:42 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/05/28 22:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2013/05/28 22:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[2011/09/22 22:10:43 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011/09/22 22:10:43 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2013/05/28 21:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2011/09/22 22:10:43 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >




OTL Extras logfile created on: 7/12/2013 5:03:12 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.49 Gb Total Physical Memory | 5.49 Gb Available Physical Memory | 73.30% Memory free
14.98 Gb Paging File | 12.85 Gb Available in Paging File | 85.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 477.80 Gb Total Space | 422.84 Gb Free Space | 88.50% Space Free | Partition Type: NTFS
Drive D: | 453.61 Gb Total Space | 252.79 Gb Free Space | 55.73% Space Free | Partition Type: NTFS

Computer Name: CINDY-GAME-PC | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08520B79-83E7-42B8-81D9-2642E713D371}" = lport=445 | protocol=6 | dir=in | app=system |
"{15B05BB7-C855-4432-A5FA-C4F9B0F6B1D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29800CD1-2180-41C0-9CE4-5469D0DED8F9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{32704867-F685-4FCC-BBD4-BFA4774193C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4B5F197B-DFC4-4C46-AF81-E9928F9AD95C}" = lport=139 | protocol=6 | dir=in | app=system |
"{60968B59-C183-46DD-96A5-99114114ADC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B7A973F-3EB6-46D9-9D68-93659FB17E76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7081F0B0-7C1C-4D14-ADC0-3F20A46691DF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7B9ECA11-DC33-4B71-A989-8E465C2DB8C9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{80346D81-E1A8-4AF5-8E2B-91D72513A90F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{803A9CB5-2E50-4062-A66D-D38C2D5F3339}" = rport=139 | protocol=6 | dir=out | app=system |
"{887267B8-EB94-427D-B865-A62883F218E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB523190-DB1D-4CB2-81E5-0E588C66CB2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF550787-166F-4F74-916E-579F6EB433D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C00EB9A3-0F16-499A-B8B6-918F0108281A}" = rport=445 | protocol=6 | dir=out | app=system |
"{D2D40EEC-A132-4F6E-BD4C-A1F8AB2875E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6CC872E-5F81-4F09-90FD-24BB67139CD9}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC394C70-CDA8-4C6F-B116-99963B811170}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E380B13C-CA51-487C-BC8B-6A1FDD68DD5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E43A906E-0F2F-4AF5-8C5E-74B2DDCA7C69}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E666FE8B-ABDB-4787-BE7D-F9577AD7C494}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC00E0C4-F8B3-436D-84EB-EEA9D9F86CDC}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED892F26-7367-4C77-9DAE-4869C29EDA8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6B941F0-BA18-4103-A7ED-80621B4CD08E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C495F2A-DF09-4D9E-B7CC-A9470AA57E5C}" = dir=in | app=c:\windows\system32\lxdncoms.exe |
"{129C71F4-6A84-4F31-B084-394C7B70AC51}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{1C08CADA-3A3A-42E4-98DB-83A3925680CC}" = dir=in | app=c:\users\buddy\appdata\local\microsoft\skydrive\skydrive.exe |
"{29F06BC0-2052-45D7-BF5D-11654A87E192}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{30087503-B165-4888-91D6-84A0051C229B}" = dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{38637199-EACB-475C-A76A-BE527377D6FB}" = protocol=1 | dir=out | [email protected],-28544 |
"{6A5F93A3-3089-459D-884B-FB0865B92AD5}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{6FBBD792-3681-4371-8C1F-0AE11F28DF9F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{714D990F-621D-4174-93A4-362211BEA784}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{729E6520-7A99-4A59-A459-7C088B8BE6B4}" = protocol=58 | dir=out | [email protected],-28546 |
"{8D942528-BE9D-4548-9D59-461947813138}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{9279F2F7-1777-476A-BD0C-4BD85DED5B2E}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{989DC283-A4FF-4CC0-8A10-DD254EE03481}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{9BD51192-D8AF-48CF-8B5E-DF0ABECB2DB8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{A2386869-A552-4481-BF8A-838022C62D0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AD0932E0-EEE9-484D-BBBC-0F0E6BB5FD34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C2C08E7F-8409-4800-B7CC-250BF2523FD1}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{C5233D00-086C-4CE2-843B-D6F4322E686B}" = protocol=58 | dir=in | [email protected],-28545 |
"{C5CAA122-7AD6-4B6A-AFB5-7F0A0EF66A44}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{CD60AD0B-73EA-482C-ABE3-1BD5310C4167}" = protocol=1 | dir=in | [email protected],-28543 |
"{D8EFA557-0C34-42F7-ACB3-AC42424A7D7C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{E29A396C-CD2C-42E5-A668-7CBC4F0966B4}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{E6B64AB2-8BBF-45C4-8ACD-8C650907646F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FF8204C6-0EE4-4531-BDD6-64DF8333E85B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{D0592000-4959-4F0B-942A-7CAB268D42B3}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"UDP Query User{89E0062E-AC27-4431-80D6-9C034C7DF9B2}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{669D2C56-157D-508E-CC6D-5F4A8A9EAC9C}" = AMD Catalyst Install Manager
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BBBD8A4E-BE4B-3371-19DC-CB8AB29D350B}" = AMD Fuel
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D2D5EB8B-8855-98E4-4786-12A8D521B3C0}" = ccc-utility64
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"DriverEasy_is1" = DriverEasy 4.5.2
"Lexmark 2600 Series" = Lexmark 2600 Series
"Logitech Unifying" = Logitech Unifying Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.52

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}" = PlayMemories Home
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1154E720-5D61-B720-2BC6-8BE86063861F}" = CCC Help Spanish
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4301FE90-2ED7-7384-46DD-0A41FE0F067D}" = CCC Help Korean
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD8793A-9DDD-92BF-B281-E0DB3A9D50B8}" = CCC Help Russian
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5F7308C0-56FF-415A-B34C-44A90A892A95}" = Catalyst Control Center - Branding
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{698B7D8B-0F43-4A19-8B9B-47F1EFEB858F}_is1" = ControlCenter
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{87543F2C-6EB2-4A20-B424-45A487DF2A50}" = Catalyst Control Center Localization All
"{87F4E233-EE83-F0EC-1687-D8571D7B0B15}" = CCC Help Japanese
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88603FC0-6B3C-442D-981E-E3D49F083548}_is1" = NovaBench 3.0.4
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90157C5D-D791-4D36-8C2B-7553DC01D601}" = ASUS VGA Driver
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9EEEBF01-660B-9E02-75B9-EF3445CB9635}" = CCC Help German
"{A0510572-97B7-8696-A812-C279B211CB08}" = CCC Help French
"{A2DDE452-4542-D7EB-758C-A3DAA35AAA9E}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BCBABA-26B7-6037-76B9-E8A38DB14DDD}" = AMD VISION Engine Control Center
"{A642884D-2199-EEE1-6BE8-FA0DBC611670}" = CCC Help Chinese Traditional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ADBF45DB-4765-04EF-DCF2-4560C088CBE9}" = CCC Help Italian
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CB95130D-118F-9C20-16A9-05F5990E3EBB}" = CCC Help English
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DAD5AC93-8518-4F46-A5FE-E63FEE791B6F}" = AMD OverDrive
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F9F92105-D25D-E4AF-CF87-11C06C92B296}" = CCC Help Chinese Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"Canon MG3100 series User Registration" = Canon MG3100 series User Registration
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MailStore Home_universal1" = MailStore Home 8.0.2.8361
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"OverclockingCenter_is1" = OverclockingCenter
"PokerStars.net" = PokerStars.net
"Super-Charger_is1" = Super-Charger
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"UltraDefrag" = Ultra Defragmenter
"WinLiveSuite" = Windows Live Essentials
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2013 4:47:57 PM | Computer Name = Cindy-Game-PC | Source = Microsoft Fax | ID = 32104
Description = Faxes cannot be submitted or sent because the Fax service cannot access
the folder specified for the fax queue. The location of the fax queue can be modified
with a registry key. For more information, see Troubleshooting in Fax Service Manager
help. Win32 Error Code: 2 This error code indicates the cause of the error.

Error - 7/12/2013 4:47:57 PM | Computer Name = Cindy-Game-PC | Source = Microsoft Fax | ID = 32041
Description = Fax Service failed to initialize because of an internal error Win32
Error Code: 0. This error code indicates the cause of the error.

Error - 7/12/2013 4:49:26 PM | Computer Name = Cindy-Game-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 5/29/2013 5:14:55 AM | Computer Name = Cindy-Game-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 264313
seconds with 3240 seconds of active time. This session ended with a crash.


< End of report >
  • 0

#7
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Farbar Service Scanner Version: 10-07-2013 01
Ran by Buddy (administrator) on 12-07-2013 at 17:17:05
Running from "C:\Users\Buddy\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#8
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 85.84 0 K 24 K
avp.exe 1196 4.36 327,160 K 162,560 K Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
procexp (1)64.exe 884 2.32 27,520 K 46,324 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts n/a 0.28 0 K 0 K Hardware Interrupts and DPCs
System 4 0.43 184 K 3,328 K
dwm.exe 3996 0.26 33,608 K 35,016 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 784 0.15 2,916 K 7,540 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
avp.exe 2708 0.10 46,216 K 7,592 K Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
MsMpEng.exe 444 2.15 74,356 K 85,144 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
explorer.exe 4020 0.05 55,884 K 67,456 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
sidebar.exe 3376 0.03 56,440 K 65,660 K Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 3828 0.01 64,060 K 73,112 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 2320 0.01 68,764 K 103,912 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 4652 0.01 9,764 K 9,704 K Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1144 < 0.01 11,308 K 20,232 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe 808 < 0.01 5,612 K 9,492 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 4072 < 0.01 17,704 K 32,096 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1080 25,228 K 20,048 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 940 < 0.01 4,916 K 9,496 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1168 < 0.01 22,288 K 36,840 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2604 < 0.01 8,328 K 8,488 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe 3848 < 0.01 3,536 K 8,480 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
svchost.exe 1412 < 0.01 31,336 K 33,624 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 2824 < 0.01 7,836 K 14,876 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
csrss.exe 656 < 0.01 2,636 K 5,036 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1112 < 0.01 139,440 K 145,892 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 408 < 0.01 4,356 K 7,960 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1660 < 0.01 10,436 K 17,216 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 3056 1,512 K 3,488 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WUDFHost.exe 2980 2,328 K 6,260 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2644 2,956 K 6,208 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1012 3,120 K 7,456 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 740 1,920 K 4,800 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
VSSVC.exe 200 2,168 K 6,276 K Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
TCPSVCS.EXE 2568 2,092 K 4,608 K TCP/IP Services Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 3836 0.02 7,032 K 12,236 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1300 2,476 K 5,460 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2096 < 0.01 1,564 K 3,864 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2060 < 0.01 6,484 K 11,780 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2664 1,092 K 2,740 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1688 8,404 K 11,800 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4824 1,688 K 4,216 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2120 1,424 K 3,504 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2544 2,104 K 5,472 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1912 5,040 K 9,332 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 4724 5,060 K 11,128 K Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 388 528 K 1,204 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 4888 3,740 K 10,120 K Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
procexp (1).exe 4544 2,668 K 6,980 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
OSE.EXE 4708 2,216 K 5,888 K Office Source Engine Microsoft Corporation (Verified) Microsoft Corporation
NisSrv.exe 3132 10,976 K 6,392 K Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
mqsvc.exe 2276 5,284 K 8,748 K Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
mbamservice.exe 2256 < 0.01 122,992 K 4,420 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 2200 2,452 K 6,164 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 840 0.01 2,752 K 4,348 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 832 0.08 5,328 K 12,028 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
FXSSVC.exe 2908 2,020 K 4,972 K Fax Service Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 3736 8,952 K 16,036 K Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 4252 18,160 K 18,012 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
  • 0

#9
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
MiniToolBox by Farbar Version: 16-06-2013
Ran by Buddy (administrator) on 12-07-2013 at 17:34:13
Running from "C:\Users\Buddy\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.46 metric=1 publish=Yes


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Cindy-Game-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 8C-89-A5-2F-96-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:5b0:2129:9c10:d9b5:7843:f489:23ea(Preferred)
IPv6 Address. . . . . . . . . . . : fd0d:edc3:e12a:0:d9b5:7843:f489:23ea(Preferred)
Temporary IPv6 Address. . . . . . : 2001:5b0:2129:9c10:21a1:5387:8bf4:20e9(Preferred)
Temporary IPv6 Address. . . . . . : fd0d:edc3:e12a:0:21a1:5387:8bf4:20e9(Preferred)
Link-local IPv6 Address . . . . . : fe80::d9b5:7843:f489:23ea%11(Preferred)
IPv4 Address. . . . . . . . . . . : 100.84.206.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Lease Obtained. . . . . . . . . . : Friday, July 12, 2013 4:47:43 PM
Lease Expires . . . . . . . . . . : Friday, July 12, 2013 5:35:42 PM
Default Gateway . . . . . . . . . : fe80::280:aeff:fe3b:63cf%11
100.84.206.9
DHCP Server . . . . . . . . . . . : 100.84.206.9
DHCPv6 IAID . . . . . . . . . . . : 244091301
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-0D-79-71-8C-89-A5-2F-96-B0
DNS Servers . . . . . . . . . . . : fd0d:edc3:e12a::1
208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 37:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3EC15635-A9E0-42DF-92AC-8B68299BBA06}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fd0d:edc3:e12a::1

Name: google.com
Addresses: 2607:f8b0:4005:800::100e
74.125.239.104
74.125.239.105
74.125.239.110
74.125.239.96
74.125.239.97
74.125.239.98
74.125.239.99
74.125.239.100
74.125.239.101
74.125.239.102
74.125.239.103


Pinging google.com [2607:f8b0:4005:800::100e] with 32 bytes of data:
Reply from 2607:f8b0:4005:800::100e: time=692ms
Reply from 2607:f8b0:4005:800::100e: time=890ms

Ping statistics for 2607:f8b0:4005:800::100e:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 692ms, Maximum = 890ms, Average = 791ms
Server: UnKnown
Address: fd0d:edc3:e12a::1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=724ms TTL=44
Reply from 98.138.253.109: bytes=32 time=738ms TTL=43

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 724ms, Maximum = 738ms, Average = 731ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...8c 89 a5 2f 96 b0 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
55...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
60...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 100.84.206.9 100.84.206.10 20
100.84.206.8 255.255.255.248 On-link 100.84.206.10 276
100.84.206.10 255.255.255.255 On-link 100.84.206.10 276
100.84.206.15 255.255.255.255 On-link 100.84.206.10 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 100.84.206.10 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 100.84.206.10 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.1.46 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 276 ::/0 fe80::280:aeff:fe3b:63cf
1 306 ::1/128 On-link
11 28 2001:5b0:2129:9c10::/64 On-link
11 276 2001:5b0:2129:9c10:21a1:5387:8bf4:20e9/128
On-link
11 276 2001:5b0:2129:9c10:d9b5:7843:f489:23ea/128
On-link
11 28 fd0d:edc3:e12a::/64 On-link
11 276 fd0d:edc3:e12a:0:21a1:5387:8bf4:20e9/128
On-link
11 276 fd0d:edc3:e12a:0:d9b5:7843:f489:23ea/128
On-link
11 276 fe80::/64 On-link
11 276 fe80::d9b5:7843:f489:23ea/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/12/2013 04:49:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 04:47:57 PM) (Source: Microsoft Fax) (User: )
Description: Fax Service failed to initialize because of an internal error

Win32 Error Code: 0.
This error code indicates the cause of the error.

Error: (07/12/2013 04:47:57 PM) (Source: Microsoft Fax) (User: )
Description: Faxes cannot be submitted or sent because the Fax service cannot access the folder specified for the fax queue. The location of the fax queue can be modified with a registry key. For more information, see Troubleshooting in Fax Service Manager help.
Win32 Error Code: 2
This error code indicates the cause of the error.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/29/2013 05:14:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 264313 seconds with 3240 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2013-07-11 23:26:54.256
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 23:26:54.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-11 22:32:01.110
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-11 22:32:01.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-11 22:32:01.108
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-11 22:20:48.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-11 22:20:48.213
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-11 22:20:48.211
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-11 02:36:00.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-11 02:36:00.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 3.5.0.1060)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Advanced Uninstaller PRO - Version 11 (Version: 11)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1124.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0214.1719.31049)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD OverDrive (Version: 4.0.4.0506)
AMD Steady Video Plug-In (Version: 2.06.0000)
AMD VISION Engine Control Center (Version: 2013.0214.1719.31049)
ASUS VGA Driver (Version: 3.0.0.1)
Bing Maps 3D (Version: 4.0.903.16005)
Canon MG3100 series MP Drivers
Canon MG3100 series User Registration
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center InstallProxy (Version: 2013.0214.1719.31049)
Catalyst Control Center Localization All (Version: 2013.0214.1719.31049)
CCC Help Chinese Standard (Version: 2013.0214.1718.31049)
CCC Help Chinese Traditional (Version: 2013.0214.1718.31049)
CCC Help English (Version: 2013.0214.1718.31049)
CCC Help French (Version: 2013.0214.1718.31049)
CCC Help German (Version: 2013.0214.1718.31049)
CCC Help Italian (Version: 2013.0214.1718.31049)
CCC Help Japanese (Version: 2013.0214.1718.31049)
CCC Help Korean (Version: 2013.0214.1718.31049)
CCC Help Russian (Version: 2013.0214.1718.31049)
CCC Help Spanish (Version: 2013.0214.1718.31049)
ccc-utility64 (Version: 2013.0214.1719.31049)
CCleaner (Version: 4.03)
ControlCenter (Version: 2.2.012)
D3DX10 (Version: 15.4.2368.0902)
DriverEasy 4.5.2 (Version: 4.5.2.0)
EasyViewer (Version: 1.3.0.9)
eReg (Version: 1.20.138.34)
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.149)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 16.4.3508.0205)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
Lexmark 2600 Series
LG USB Modem driver
Logitech SetPoint 6.52 (Version: 6.52.74)
Logitech Unifying Software 2.10 (Version: 2.10.37)
MailStore Home 8.0.2.8361 (Version: 8.0.2.8361)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3508.0205)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NovaBench 3.0.4
OverclockingCenter
Photo Gallery (Version: 16.4.3508.0205)
PlayMemories Home (Version: 7.0.03.04240)
PokerStars.net
Realtek Ethernet Controller Driver (Version: 7.67.1226.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6804)
Super-Charger
Tweaking.com - Registry Backup (Version: 1.5.1)
Ultra Defragmenter (Version: 6.0.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility (Version: 1.00.0002)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live Messenger (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
XviD MPEG-4 Video Codec

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 7669.4 MB
Available physical RAM: 5678.05 MB
Total Pagefile: 15336.98 MB
Available Pagefile: 13005.19 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.56 MB

========================= Partitions: =====================================

1 Drive c: (Drive C) (Fixed) (Total:477.8 GB) (Free:422.36 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:453.61 GB) (Free:252.79 GB) NTFS

========================= Users: ========================================

User accounts for \\CINDY-GAME-PC

Administrator Buddy Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

#10
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Posted Image
  • 0

Advertisements


#11
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Ron,

I think I got it all done and posted.

Thanks! Cindy
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box:


/md5start
dxtmsft.dll
dxtrans.dll
ieframe.dll
iepeers.dl
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get one log. Please copy and paste it.


You can also:

In the search box, type in
services.msc
and wait until it finds it. Then right click on services.msc and Run As Admin. This will bring up the services menu. Find Microsoft Fax, Windows Fax or just plain Fax and right click on it and select Properties. Change the Startup Type: to Disabled and then OK. Close the services menu.


Both Office and Kaspersky are holding the registry open. Usually means they need to be upgraded.

However none of the above is causing the slowdown. I think you need to read your contract with Hughes very carefully. When you use more than the contracted bytes in a month (Data Allowance) they go into throttle down mode where you essentially are limited to just a bit faster than dialup type speeds which with the extra delay caused by the satellite link will make webpages take forever to load. If you look at the speed test results and compare with what you contracted for I think you will see it is a lot less. You can check with Hughes but I expect they will tell you the same thing. I'm not sure exactly when it will jump back up but they should be able to tell you that.
  • 0

#13
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Kaspersky is a 30 day trial download. I will check on upgrading Microsoft Office, but I think all upgrades come with Windows Update files.

What about the files that start with CHR - Extension: ? When I posted on the wrong forum, someone said that these files are malware. I think they are actually my extensions in Chrome.

I just went online, and you are right about Hughes Net. There was a warning that my download speed has been greatly reduced. Wow...didn't know they did that! I just switched from Verizon in May.



OTL logfile created on: 7/12/2013 10:04:40 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.49 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 74.49% Memory free
14.98 Gb Paging File | 12.71 Gb Available in Paging File | 84.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 477.80 Gb Total Space | 422.33 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Drive D: | 453.61 Gb Total Space | 252.79 Gb Free Space | 55.73% Space Free | Partition Type: NTFS

Computer Name: CINDY-GAME-PC | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Buddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxdnCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV - (lxdn_device) -- C:\Windows\SysWOW64\lxdncoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbGps) -- C:\Windows\SysNative\drivers\lgx64gps.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (MSILiveVirtualCamera) -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera.sys (MSI Corporation)
DRV - (AODDriver4.01) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbuhci) -- C:\Windows\SysWOW64\drivers\usbuhci.sys (Microsoft Corporation)
DRV - (usbehci) -- C:\Windows\SysWOW64\drivers\usbehci.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 52 22 01 3D 7E CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/18 02:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:40 | 000,000,000 | ---D | M]

[2011/10/22 09:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Extensions
[2013/07/12 15:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Firefox\Profiles\2etiq55c.default\extensions
[2013/07/12 00:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Change Font Family Style = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabledekpjmoghdjnpnhfkfpmjifklpb\2.6_0\
CHR - Extension: Sudoku = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0\
CHR - Extension: Google Docs = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Last.fm free music player = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.692_0\
CHR - Extension: YouTube = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Google Theme Bright = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjpllkkkfobicnffejagpfbnkmgpggb\1.0.0_0\
CHR - Extension: Autocomplete = on = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Logitech SetPoint = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Clock for Google Chrome\u2122 = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\2.1.0.4_0\
CHR - Extension: AdBlock = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Mailto: = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf\1.24.0_0\
CHR - Extension: Safe Money = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Change Colors = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\
CHR - Extension: Hover Zoom = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: My Chrome Theme = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/07/11 23:34:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [5594FD411AC9B3706D4A562F490DF74B5FA5DA40._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A9D0C9-6710-4E56-82CE-64037C9D205F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9928683F-52F7-44E0-8BD2-B1DDCA2C5BB3}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/12 17:31:39 | 000,760,775 | ---- | C] (Farbar) -- C:\Users\Buddy\Desktop\MiniToolBox.exe
[2013/07/12 17:20:57 | 002,756,800 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Buddy\Desktop\procexp (1).exe
[2013/07/12 15:08:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/12 14:36:51 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ElevatedDiagnostics
[2013/07/12 05:10:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
[2013/07/12 00:22:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/11 23:50:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/11 23:19:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/11 23:19:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/11 23:19:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/11 23:19:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/11 23:17:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/11 23:17:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/11 22:22:04 | 000,559,306 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Buddy\Desktop\JRT.exe
[2013/07/11 06:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[2013/07/11 06:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/11 06:08:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/11 06:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\Innovative Solutions
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013/07/11 02:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2013/07/11 02:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2013/07/11 02:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/07/11 02:35:25 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/11 02:34:35 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/07/11 02:34:09 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/11 02:34:09 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/11 01:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D
[2013/07/11 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ToolwizCareFree
[2013/07/10 23:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/07/10 23:22:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 23:22:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/10 23:22:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/10 23:22:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 23:22:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 23:22:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/10 23:22:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/10 23:22:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/10 23:22:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/10 23:22:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 23:22:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/10 23:22:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/10 23:22:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 23:22:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 23:22:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/10 23:22:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 22:40:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 22:34:18 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 22:34:18 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 22:29:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/07/10 22:29:54 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/07/10 22:29:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/07/10 22:29:53 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/07/10 22:29:53 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/07/10 22:29:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/07/10 22:29:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/07/10 22:29:53 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/07/10 22:29:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/07/10 22:29:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/07/10 22:29:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/07/10 22:29:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/07/10 22:28:10 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 22:28:09 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 11:18:05 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\InstallShield
[2013/07/05 09:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2013/07/05 09:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2013/07/05 09:34:37 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/07/05 09:17:29 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/07/05 09:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/06/25 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Documents\MY HABIT
[2013/06/21 17:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/06/21 16:08:38 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/21 16:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/20 07:54:18 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\ChemTable Software
[2013/06/20 07:53:53 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ChemTable Software
[2013/06/19 18:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/05/21 18:11:05 | 000,104,960 | ---- | C] (CANON INC.) -- C:\Users\Buddy\cnmss Canon MG3100 series Printer (Local).dll
[2013/01/24 20:43:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Buddy\AppData\Roaming\pcouffin.sys
[2013/01/09 15:26:06 | 000,571,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/12 21:51:52 | 000,069,364 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Geeks to Go Instructions.wbk
[2013/07/12 17:32:20 | 000,760,775 | ---- | M] (Farbar) -- C:\Users\Buddy\Desktop\MiniToolBox.exe
[2013/07/12 17:22:25 | 002,756,800 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Buddy\Desktop\procexp (1).exe
[2013/07/12 16:55:01 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 16:55:01 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 16:54:15 | 000,757,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/12 16:54:15 | 000,687,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/12 16:54:15 | 000,074,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/12 16:52:11 | 000,061,440 | ---- | M] ( ) -- C:\Users\Buddy\Desktop\VEW.exe
[2013/07/12 16:47:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/12 14:23:00 | 000,333,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/12 05:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
[2013/07/11 23:34:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/11 22:23:09 | 000,559,306 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Buddy\Desktop\JRT.exe
[2013/07/11 08:49:54 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 06:37:49 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 03:49:17 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/11 02:45:12 | 000,002,345 | ---- | M] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | M] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:35:25 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/11 00:27:33 | 000,007,639 | ---- | M] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2013/07/10 20:48:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/10 15:39:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/10 15:39:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/10 14:57:22 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/10 14:57:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/10 11:09:10 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/10 01:08:31 | 000,012,642 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:06:58 | 000,000,537 | ---- | M] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:36:13 | 000,817,858 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/05 09:34:34 | 000,000,862 | ---- | M] () -- C:\Windows\SysNative\termcap
[2013/06/28 04:39:40 | 004,858,005 | ---- | M] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | M] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/25 12:45:52 | 000,039,632 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of HauteLook Order 6 2 2013.wbk
[2013/06/24 16:02:23 | 000,174,292 | ---- | M] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/20 21:45:34 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/20 08:33:00 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:31 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:07:16 | 005,768,120 | ---- | M] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | M] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | M] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | M] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/19 23:54:13 | 000,001,442 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/12 16:52:11 | 000,061,440 | ---- | C] ( ) -- C:\Users\Buddy\Desktop\VEW.exe
[2013/07/12 16:39:31 | 000,069,364 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Geeks to Go Instructions.wbk
[2013/07/12 14:22:17 | 000,333,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 23:19:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/11 23:19:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/11 23:19:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/11 23:19:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/11 23:19:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/11 06:37:50 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 06:37:49 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 02:45:12 | 000,002,345 | ---- | C] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | C] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:26 | 000,002,324 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:21 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2013/07/11 02:35:40 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/10 00:12:42 | 000,012,642 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:05:32 | 000,000,537 | ---- | C] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:34:37 | 000,000,862 | ---- | C] () -- C:\Windows\SysNative\termcap
[2013/07/05 09:17:20 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/07/05 09:17:14 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/07/05 09:17:00 | 000,001,463 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/07/05 09:16:53 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/06/28 04:39:39 | 004,858,005 | ---- | C] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | C] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/24 16:02:23 | 000,174,292 | ---- | C] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/20 08:32:59 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:30 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:07:10 | 005,768,120 | ---- | C] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | C] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | C] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | C] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/19 23:54:12 | 000,001,454 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/27 18:02:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2013/05/27 18:02:51 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2013/05/27 18:02:51 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2013/05/27 18:02:51 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2013/05/27 18:02:50 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2013/05/27 18:02:50 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2013/05/27 18:02:50 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2013/05/27 18:02:50 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2013/05/27 18:02:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2013/05/27 18:02:49 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2013/05/27 18:02:49 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2013/05/27 18:02:49 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2013/05/27 18:02:49 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2013/05/27 18:02:49 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2013/05/27 18:02:48 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2013/03/09 19:45:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/24 20:43:55 | 000,007,859 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.cat
[2013/01/24 20:43:55 | 000,001,167 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.inf
[2013/01/24 20:05:11 | 000,003,584 | ---- | C] () -- C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/24 13:06:15 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CINDY-GAME-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/01/09 08:58:09 | 000,002,127 | ---- | C] () -- C:\Users\Buddy\wxDownloadFast.ini
[2013/01/09 08:10:53 | 000,001,491 | ---- | C] () -- C:\Users\Buddy\AppData\Local\recently-used.xbel
[2012/12/27 07:27:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/20 11:48:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/11/20 11:48:14 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/10/16 15:04:34 | 000,019,108 | ---- | C] () -- C:\Windows\hpqins13.dat
[2012/08/21 19:14:36 | 000,817,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/14 20:52:53 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2012/08/14 20:52:53 | 000,192,512 | R--- | C] () -- C:\Windows\SysWow64\AegisI5.exe
[2012/08/14 20:52:53 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/16 20:56:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/04 20:37:20 | 000,007,639 | ---- | C] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2011/10/24 20:46:39 | 000,870,128 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\mcs.rma
[2011/10/07 09:00:52 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2011/09/22 20:49:56 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: DXTMSFT.DLL >
[2009/07/13 21:40:35 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=05F15349D9576B9443C13AFE10E1E249 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.7600.16385_none_0e7587ee1257118b\dxtmsft.dll
[2011/09/22 22:10:43 | 000,353,792 | ---- | M] (Microsoft Corporation) MD5=4312DEBDACBE338F0B90E7F08E7672BE -- C:\Windows\SysWOW64\dxtmsft.dll
[2011/09/22 22:10:43 | 000,353,792 | ---- | M] (Microsoft Corporation) MD5=4312DEBDACBE338F0B90E7F08E7672BE -- C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_16b937a388a8970d\dxtmsft.dll
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) MD5=55A97EC5956A72D3B7060560F785FF32 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.7600.16385_none_18ca324046b7d386\dxtmsft.dll
[2011/09/22 22:10:42 | 000,452,608 | ---- | M] (Microsoft Corporation) MD5=D6A99F26E31C9F15D8D8CC42FFE6D16B -- C:\Windows\SysNative\dxtmsft.dll
[2011/09/22 22:10:42 | 000,452,608 | ---- | M] (Microsoft Corporation) MD5=D6A99F26E31C9F15D8D8CC42FFE6D16B -- C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_0c648d515447d512\dxtmsft.dll

< MD5 for: DXTRANS.DLL >
[2011/09/22 22:10:43 | 000,282,112 | ---- | M] (Microsoft Corporation) MD5=A3287F8EB6182FB060C818524C7D6A63 -- C:\Windows\SysNative\dxtrans.dll
[2011/09/22 22:10:43 | 000,282,112 | ---- | M] (Microsoft Corporation) MD5=A3287F8EB6182FB060C818524C7D6A63 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_0c648d515447d512\dxtrans.dll
[2009/07/13 21:40:35 | 000,315,904 | ---- | M] (Microsoft Corporation) MD5=A658CDE3B23B01BE98347504566F2A46 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.7600.16385_none_0e7587ee1257118b\dxtrans.dll
[2011/09/22 22:10:43 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=CA493A92DA9880B6F1A89C3DBD54BA5B -- C:\Windows\SysWOW64\dxtrans.dll
[2011/09/22 22:10:43 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=CA493A92DA9880B6F1A89C3DBD54BA5B -- C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_16b937a388a8970d\dxtrans.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) MD5=D96AF6FAF24D5653D558FB5861BD8F29 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.7600.16385_none_18ca324046b7d386\dxtrans.dll

< MD5 for: IEFRAME.DLL >
[2011/11/03 21:59:34 | 010,886,656 | ---- | M] (Microsoft Corporation) MD5=05E06226631B43AE05237B4A4D6386AF -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16440_none_d92a0abf80d3ea7f\ieframe.dll
[2012/08/24 03:03:49 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=0BA3F31E2B4D8D99DF8DD19E81155374 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16450_none_e373e525b53cc86b\ieframe.dll
[2013/01/08 18:09:18 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=0E816EA3C5DCE94C95099E8B38E75E67 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16464_none_e36d1661b54149b8\ieframe.dll
[2012/08/24 03:21:00 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=17A486639E94D52C7CA7443D0BB82F5D -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20557_none_e40483f6ce541996\ieframe.dll
[2012/10/08 07:42:37 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=180A7380320AF73CCF7F7D8880CA2193 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16455_none_d9243c4580d78523\ieframe.dll
[2013/05/28 23:14:23 | 009,739,264 | ---- | M] (Microsoft Corporation) MD5=1B312636E6E76FAF6F9EC9A117228DCD -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20606_none_e439952ece2c71b1\ieframe.dll
[2011/11/03 22:32:55 | 010,886,656 | ---- | M] (Microsoft Corporation) MD5=20FCB5DF99F613832402FCAEE1166D0F -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20544_none_d9b7a8b299edefa5\ieframe.dll
[2012/10/08 03:49:01 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=2E54A9D2083FB04CD93072DDA6EE51B6 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20562_none_e3f4b298ce60b6d4\ieframe.dll
[2013/05/29 01:50:31 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=32000C4CD5F176077E2CF96AA28B72EB -- C:\Windows\SysNative\ieframe.dll
[2013/05/29 01:50:31 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=32000C4CD5F176077E2CF96AA28B72EB -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16496_none_d8f9fcdf80f70e3e\ieframe.dll
[2012/06/28 20:27:10 | 009,737,728 | ---- | M] (Microsoft Corporation) MD5=32E15ECF5854F5610BC895490BC3246A -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16448_none_e386b761b52d7732\ieframe.dll
[2012/08/24 06:06:53 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=32F39B9294F5F7108FA4F9BAA48D41A6 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20557_none_d9afd9a499f3579b\ieframe.dll
[2013/01/08 21:22:26 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=35126DDDE8241C4C4A5F15F6CDDF4434 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16464_none_d9186c0f80e087bd\ieframe.dll
[2012/10/08 06:24:55 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=35DB6F9310DCFEAE7BAE84D28A081726 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20562_none_d9a0084699fff4d9\ieframe.dll
[2012/06/28 19:04:26 | 009,737,728 | ---- | M] (Microsoft Corporation) MD5=41AA18FEF587CC374615A1D370C30DF1 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20554_none_e4018318ce56cd91\ieframe.dll
[2010/11/20 23:25:08 | 010,990,080 | ---- | M] (Microsoft Corporation) MD5=4619E14B2DF4137907CD988ACA4B30A5 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17514_none_e7d7639870214e02\ieframe.dll
[2011/12/13 23:10:13 | 009,705,472 | ---- | M] (Microsoft Corporation) MD5=490FC0D07F7C0468E232AB8E8E956719 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16441_none_e37fb55bb533c5d1\ieframe.dll
[2012/08/24 06:39:42 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=4ECE12D296ED94CA2C7DD6C383A5AB66 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16450_none_d91f3ad380dc0670\ieframe.dll
[2012/11/13 22:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=5466DCAEF5A648E04D1B6580F2C901B5 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16457_none_e37ae72bb53679cc\ieframe.dll
[2013/05/16 17:51:43 | 009,739,264 | ---- | M] (Microsoft Corporation) MD5=58CD77C65473D579F00A4C88D511D42A -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20600_none_e4339372ce31d9a7\ieframe.dll
[2013/05/16 23:27:25 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=64A3B1E55FBB7E36AE856FD1A8A4E00C -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16490_none_d8f3fb2380fc7634\ieframe.dll
[2011/06/21 01:25:59 | 010,991,104 | ---- | M] (Microsoft Corporation) MD5=68A0B37A2833C07B59DE1FEE8F6396D9 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17638_none_e7c5c6ce702de867\ieframe.dll
[2011/11/03 18:46:47 | 009,705,472 | ---- | M] (Microsoft Corporation) MD5=691E93028B8723E05B4A637BE77380DD -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16440_none_e37eb511b534ac7a\ieframe.dll
[2012/02/27 21:04:16 | 009,705,984 | ---- | M] (Microsoft Corporation) MD5=7335F34A46261B62DC5B648A9069A029 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20548_none_e410542cce4b16fc\ieframe.dll
[2011/06/21 02:44:38 | 010,991,104 | ---- | M] (Microsoft Corporation) MD5=759B4FC877C0E7BA071BA10DA2D55D07 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.21754_none_e835c299895f5ab7\ieframe.dll
[2012/06/28 22:03:10 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=8159304897E9AC5C1C67F054368CA6E2 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20554_none_d9acd8c699f60b96\ieframe.dll
[2012/06/02 04:43:51 | 009,737,728 | ---- | M] (Microsoft Corporation) MD5=8DCDD0B5939043A1EC98C6F168A56B16 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16447_none_e385b717b52e5ddb\ieframe.dll
[2012/11/14 00:15:41 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=8FF22E0610F2D4033455A14D03EADAC1 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20565_none_d9a3092499fd40de\ieframe.dll
[2011/12/14 03:16:39 | 010,887,168 | ---- | M] (Microsoft Corporation) MD5=90614633898F8D44BC984EC7B729DD70 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16441_none_d92b0b0980d303d6\ieframe.dll
[2012/06/29 00:09:35 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=9C6F3CC6A3BB310D70026AF1B4561F65 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16448_none_d9320d0f80ccb537\ieframe.dll
[2013/01/08 20:10:24 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=9CAFACD14E4F9D2D952CBB0D09860A8D -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20573_none_d99638a49a072a21\ieframe.dll
[2011/06/21 02:18:39 | 012,262,400 | ---- | M] (Microsoft Corporation) MD5=A3D32EE395ED39BFD50AF0B06B693579 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17638_none_dd711c7c3bcd266c\ieframe.dll
[2012/10/08 04:02:17 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=A6B73FCB9496DB101F3066CAF5A7DA4B -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16455_none_e378e697b538471e\ieframe.dll
[2013/05/29 01:18:02 | 010,926,592 | ---- | M] (Microsoft Corporation) MD5=AF5B192693596EB72828B557D4DFD9E4 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20606_none_d9e4eadc99cbafb6\ieframe.dll
[2012/02/27 21:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) MD5=B23137887833D849EDB4F03ED8124E71 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16443_none_e381b5efb531f87f\ieframe.dll
[2013/01/08 16:50:50 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=B7CF5526A673A7DAEF3054EE79F633AB -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20573_none_e3eae2f6ce67ec1c\ieframe.dll
[2013/05/16 18:49:25 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=B81388E9FE895065FD5CEAF3C11FDC3F -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16490_none_e348a575b55d382f\ieframe.dll
[2011/12/14 02:20:50 | 010,887,168 | ---- | M] (Microsoft Corporation) MD5=B8AAF1E0082BF7B620FA918F7C656018 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20546_none_d9b9a94699ec2253\ieframe.dll
[2011/09/22 22:10:43 | 010,886,144 | ---- | M] (Microsoft Corporation) MD5=C05BA83BED5907C2175C11C709F67665 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16434_none_d938dbd380c833ea\ieframe.dll
[2013/05/16 21:09:10 | 010,926,592 | ---- | M] (Microsoft Corporation) MD5=C6B3030F59D5552654AD74D61EC20205 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20600_none_d9dee92099d117ac\ieframe.dll
[2012/11/14 02:32:33 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=C71E7ABB1A34E56CE73AE117C8DD566F -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16457_none_d9263cd980d5b7d1\ieframe.dll
[2012/02/27 23:22:08 | 010,888,704 | ---- | M] (Microsoft Corporation) MD5=C8804C3FD3A5871E71793466FC0B9BBB -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20548_none_d9bba9da99ea5501\ieframe.dll
[2011/12/13 22:32:22 | 009,705,472 | ---- | M] (Microsoft Corporation) MD5=C9D0F97F2CD8A770ABCDCDC6665E7E48 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20546_none_e40e5398ce4ce44e\ieframe.dll
[2011/06/21 02:12:34 | 012,262,400 | ---- | M] (Microsoft Corporation) MD5=CF69B62451ECC4A43F368FF2485C709B -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.21754_none_dde1184754fe98bc\ieframe.dll
[2011/09/22 22:10:43 | 009,704,448 | ---- | M] (Microsoft Corporation) MD5=D5C9F778D0ED2954EB83E1CF87DC0B65 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16434_none_e38d8625b528f5e5\ieframe.dll
[2012/02/28 03:02:38 | 010,888,704 | ---- | M] (Microsoft Corporation) MD5=DC8C18F595AE36655911326593361F13 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16443_none_d92d0b9d80d13684\ieframe.dll
[2012/06/02 04:24:09 | 009,737,728 | ---- | M] (Microsoft Corporation) MD5=E6EDD7776FE55C1C44A0E290DA3C2EEA -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20553_none_e40082cece57b43a\ieframe.dll
[2012/06/02 07:18:35 | 010,924,032 | ---- | M] (Microsoft Corporation) MD5=E7A6C4D9BAE04788EC6E05F76006CE7E -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20553_none_d9abd87c99f6f23f\ieframe.dll
[2011/11/03 19:16:48 | 009,705,472 | ---- | M] (Microsoft Corporation) MD5=EB5D72D017B36366B7BC6DC785E18EB7 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20544_none_e40c5304ce4eb1a0\ieframe.dll
[2012/11/13 21:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=ED0D40EAE9EE3C0FDBBF437DC9D7BE69 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20565_none_e3f7b376ce5e02d9\ieframe.dll
[2010/11/20 23:24:42 | 012,260,864 | ---- | M] (Microsoft Corporation) MD5=F1115299B9F4C983BC4523B33E3A506C -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17514_none_dd82b9463bc08c07\ieframe.dll
[2013/05/28 21:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=F5860C2D91EA9AF29C7144FD7D94D9AC -- C:\Windows\SysWOW64\ieframe.dll
[2013/05/28 21:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=F5860C2D91EA9AF29C7144FD7D94D9AC -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16496_none_e34ea731b557d039\ieframe.dll
[2012/06/02 08:17:39 | 010,924,032 | ---- | M] (Microsoft Corporation) MD5=FC3A5E13D26C131E6BB39094D9ACD1F6 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16447_none_d9310cc580cd9be0\ieframe.dll

< End of report >
  • 0

#14
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Kaspersky is a 30 day trial download. I will check on upgrading Microsoft Office, but I think all upgrades come with Windows Update files.

What about the files that start with CHR - Extension: ? When I posted on the wrong forum, someone said that these files are malware. I think they are actually my extensions in Chrome.

I just went online, and you are right about Hughes Net. There was a warning that my download speed has been greatly reduced. Wow...didn't know they did that! I just switched from Verizon in May.



OTL logfile created on: 7/12/2013 10:04:40 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.49 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 74.49% Memory free
14.98 Gb Paging File | 12.71 Gb Available in Paging File | 84.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 477.80 Gb Total Space | 422.33 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Drive D: | 453.61 Gb Total Space | 252.79 Gb Free Space | 55.73% Space Free | Partition Type: NTFS

Computer Name: CINDY-GAME-PC | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Buddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxdnCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV - (lxdn_device) -- C:\Windows\SysWOW64\lxdncoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbGps) -- C:\Windows\SysNative\drivers\lgx64gps.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (MSILiveVirtualCamera) -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera.sys (MSI Corporation)
DRV - (AODDriver4.01) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbuhci) -- C:\Windows\SysWOW64\drivers\usbuhci.sys (Microsoft Corporation)
DRV - (usbehci) -- C:\Windows\SysWOW64\drivers\usbehci.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 52 22 01 3D 7E CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/18 02:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:40 | 000,000,000 | ---D | M]

[2011/10/22 09:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Extensions
[2013/07/12 15:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Firefox\Profiles\2etiq55c.default\extensions
[2013/07/12 00:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Change Font Family Style = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabledekpjmoghdjnpnhfkfpmjifklpb\2.6_0\
CHR - Extension: Sudoku = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0\
CHR - Extension: Google Docs = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Last.fm free music player = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.692_0\
CHR - Extension: YouTube = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Google Theme Bright = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjpllkkkfobicnffejagpfbnkmgpggb\1.0.0_0\
CHR - Extension: Autocomplete = on = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Logitech SetPoint = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Clock for Google Chrome\u2122 = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\2.1.0.4_0\
CHR - Extension: AdBlock = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Mailto: = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf\1.24.0_0\
CHR - Extension: Safe Money = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Change Colors = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\
CHR - Extension: Hover Zoom = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: My Chrome Theme = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/07/11 23:34:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [5594FD411AC9B3706D4A562F490DF74B5FA5DA40._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A9D0C9-6710-4E56-82CE-64037C9D205F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9928683F-52F7-44E0-8BD2-B1DDCA2C5BB3}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/12 17:31:39 | 000,760,775 | ---- | C] (Farbar) -- C:\Users\Buddy\Desktop\MiniToolBox.exe
[2013/07/12 17:20:57 | 002,756,800 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Buddy\Desktop\procexp (1).exe
[2013/07/12 15:08:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/12 14:36:51 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ElevatedDiagnostics
[2013/07/12 05:10:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
[2013/07/12 00:22:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/11 23:50:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/11 23:19:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/11 23:19:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/11 23:19:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/11 23:19:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/11 23:17:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/11 23:17:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/11 22:22:04 | 000,559,306 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Buddy\Desktop\JRT.exe
[2013/07/11 06:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[2013/07/11 06:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/11 06:08:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/11 06:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\Innovative Solutions
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013/07/11 02:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2013/07/11 02:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2013/07/11 02:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/07/11 02:35:25 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/11 02:34:35 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/07/11 02:34:09 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/11 02:34:09 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/11 01:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D
[2013/07/11 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ToolwizCareFree
[2013/07/10 23:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/07/10 23:22:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 23:22:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/10 23:22:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/10 23:22:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 23:22:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 23:22:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/10 23:22:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/10 23:22:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/10 23:22:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/10 23:22:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 23:22:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/10 23:22:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/10 23:22:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 23:22:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 23:22:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/10 23:22:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 22:40:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 22:34:18 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 22:34:18 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 22:29:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/07/10 22:29:54 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/07/10 22:29:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/07/10 22:29:53 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/07/10 22:29:53 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/07/10 22:29:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/07/10 22:29:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/07/10 22:29:53 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/07/10 22:29:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/07/10 22:29:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/07/10 22:29:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/07/10 22:29:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/07/10 22:28:10 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 22:28:09 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 11:18:05 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\InstallShield
[2013/07/05 09:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2013/07/05 09:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2013/07/05 09:34:37 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/07/05 09:17:29 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/07/05 09:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/06/25 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Documents\MY HABIT
[2013/06/21 17:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/06/21 16:08:38 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/21 16:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/20 07:54:18 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\ChemTable Software
[2013/06/20 07:53:53 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ChemTable Software
[2013/06/19 18:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/05/21 18:11:05 | 000,104,960 | ---- | C] (CANON INC.) -- C:\Users\Buddy\cnmss Canon MG3100 series Printer (Local).dll
[2013/01/24 20:43:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Buddy\AppData\Roaming\pcouffin.sys
[2013/01/09 15:26:06 | 000,571,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/12 21:51:52 | 000,069,364 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Geeks to Go Instructions.wbk
[2013/07/12 17:32:20 | 000,760,775 | ---- | M] (Farbar) -- C:\Users\Buddy\Desktop\MiniToolBox.exe
[2013/07/12 17:22:25 | 002,756,800 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Buddy\Desktop\procexp (1).exe
[2013/07/12 16:55:01 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 16:55:01 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 16:54:15 | 000,757,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/12 16:54:15 | 000,687,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/12 16:54:15 | 000,074,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/12 16:52:11 | 000,061,440 | ---- | M] ( ) -- C:\Users\Buddy\Desktop\VEW.exe
[2013/07/12 16:47:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/12 14:23:00 | 000,333,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/12 05:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
[2013/07/11 23:34:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/11 22:23:09 | 000,559,306 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Buddy\Desktop\JRT.exe
[2013/07/11 08:49:54 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 06:37:49 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 03:49:17 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/11 02:45:12 | 000,002,345 | ---- | M] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | M] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:35:25 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/11 00:27:33 | 000,007,639 | ---- | M] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2013/07/10 20:48:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/10 15:39:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/10 15:39:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/10 14:57:22 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/10 14:57:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/10 11:09:10 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/10 01:08:31 | 000,012,642 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:06:58 | 000,000,537 | ---- | M] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:36:13 | 000,817,858 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/05 09:34:34 | 000,000,862 | ---- | M] () -- C:\Windows\SysNative\termcap
[2013/06/28 04:39:40 | 004,858,005 | ---- | M] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | M] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/25 12:45:52 | 000,039,632 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of HauteLook Order 6 2 2013.wbk
[2013/06/24 16:02:23 | 000,174,292 | ---- | M] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/20 21:45:34 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/20 08:33:00 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:31 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:07:16 | 005,768,120 | ---- | M] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | M] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | M] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | M] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/19 23:54:13 | 000,001,442 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/12 16:52:11 | 000,061,440 | ---- | C] ( ) -- C:\Users\Buddy\Desktop\VEW.exe
[2013/07/12 16:39:31 | 000,069,364 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Geeks to Go Instructions.wbk
[2013/07/12 14:22:17 | 000,333,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 23:19:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/11 23:19:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/11 23:19:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/11 23:19:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/11 23:19:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/11 06:37:50 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 06:37:49 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 02:45:12 | 000,002,345 | ---- | C] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | C] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:26 | 000,002,324 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:21 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2013/07/11 02:35:40 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/10 00:12:42 | 000,012,642 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:05:32 | 000,000,537 | ---- | C] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:34:37 | 000,000,862 | ---- | C] () -- C:\Windows\SysNative\termcap
[2013/07/05 09:17:20 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/07/05 09:17:14 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/07/05 09:17:00 | 000,001,463 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/07/05 09:16:53 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/06/28 04:39:39 | 004,858,005 | ---- | C] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | C] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/24 16:02:23 | 000,174,292 | ---- | C] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/20 08:32:59 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:30 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:07:10 | 005,768,120 | ---- | C] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | C] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | C] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | C] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/19 23:54:12 | 000,001,454 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/27 18:02:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2013/05/27 18:02:51 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2013/05/27 18:02:51 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2013/05/27 18:02:51 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2013/05/27 18:02:50 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2013/05/27 18:02:50 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2013/05/27 18:02:50 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2013/05/27 18:02:50 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2013/05/27 18:02:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2013/05/27 18:02:49 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2013/05/27 18:02:49 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2013/05/27 18:02:49 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2013/05/27 18:02:49 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2013/05/27 18:02:49 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2013/05/27 18:02:48 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2013/03/09 19:45:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/24 20:43:55 | 000,007,859 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.cat
[2013/01/24 20:43:55 | 000,001,167 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.inf
[2013/01/24 20:05:11 | 000,003,584 | ---- | C] () -- C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/24 13:06:15 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CINDY-GAME-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/01/09 08:58:09 | 000,002,127 | ---- | C] () -- C:\Users\Buddy\wxDownloadFast.ini
[2013/01/09 08:10:53 | 000,001,491 | ---- | C] () -- C:\Users\Buddy\AppData\Local\recently-used.xbel
[2012/12/27 07:27:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/20 11:48:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/11/20 11:48:14 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/10/16 15:04:34 | 000,019,108 | ---- | C] () -- C:\Windows\hpqins13.dat
[2012/08/21 19:14:36 | 000,817,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/14 20:52:53 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2012/08/14 20:52:53 | 000,192,512 | R--- | C] () -- C:\Windows\SysWow64\AegisI5.exe
[2012/08/14 20:52:53 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/16 20:56:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/04 20:37:20 | 000,007,639 | ---- | C] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2011/10/24 20:46:39 | 000,870,128 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\mcs.rma
[2011/10/07 09:00:52 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2011/09/22 20:49:56 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: DXTMSFT.DLL >
[2009/07/13 21:40:35 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=05F15349D9576B9443C13AFE10E1E249 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.7600.16385_none_0e7587ee1257118b\dxtmsft.dll
[2011/09/22 22:10:43 | 000,353,792 | ---- | M] (Microsoft Corporation) MD5=4312DEBDACBE338F0B90E7F08E7672BE -- C:\Windows\SysWOW64\dxtmsft.dll
[2011/09/22 22:10:43 | 000,353,792 | ---- | M] (Microsoft Corporation) MD5=4312DEBDACBE338F0B90E7F08E7672BE -- C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_16b937a388a8970d\dxtmsft.dll
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) MD5=55A97EC5956A72D3B7060560F785FF32 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.7600.16385_none_18ca324046b7d386\dxtmsft.dll
[2011/09/22 22:10:42 | 000,452,608 | ---- | M] (Microsoft Corporation) MD5=D6A99F26E31C9F15D8D8CC42FFE6D16B -- C:\Windows\SysNative\dxtmsft.dll
[2011/09/22 22:10:42 | 000,452,608 | ---- | M] (Microsoft Corporation) MD5=D6A99F26E31C9F15D8D8CC42FFE6D16B -- C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_0c648d515447d512\dxtmsft.dll

< MD5 for: DXTRANS.DLL >
[2011/09/22 22:10:43 | 000,282,112 | ---- | M] (Microsoft Corporation) MD5=A3287F8EB6182FB060C818524C7D6A63 -- C:\Windows\SysNative\dxtrans.dll
[2011/09/22 22:10:43 | 000,282,112 | ---- | M] (Microsoft Corporation) MD5=A3287F8EB6182FB060C818524C7D6A63 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_0c648d515447d512\dxtrans.dll
[2009/07/13 21:40:35 | 000,315,904 | ---- | M] (Microsoft Corporation) MD5=A658CDE3B23B01BE98347504566F2A46 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.7600.16385_none_0e7587ee1257118b\dxtrans.dll
[2011/09/22 22:10:43 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=CA493A92DA9880B6F1A89C3DBD54BA5B -- C:\Windows\SysWOW64\dxtrans.dll
[2011/09/22 22:10:43 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=CA493A92DA9880B6F1A89C3DBD54BA5B -- C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_16b937a388a8970d\dxtrans.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) MD5=D96AF6FAF24D5653D558FB5861BD8F29 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.7600.16385_none_18ca324046b7d386\dxtrans.dll

< MD5 for: IEFRAME.DLL >
[2011/11/03 21:59:34 | 010,886,656 | ---- | M] (Microsoft Corporation) MD5=05E06226631B43AE05237B4A4D6386AF -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16440_none_d92a0abf80d3ea7f\ieframe.dll
[2012/08/24 03:03:49 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=0BA3F31E2B4D8D99DF8DD19E81155374 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16450_none_e373e525b53cc86b\ieframe.dll
[2013/01/08 18:09:18 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=0E816EA3C5DCE94C95099E8B38E75E67 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16464_none_e36d1661b54149b8\ieframe.dll
[2012/08/24 03:21:00 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=17A486639E94D52C7CA7443D0BB82F5D -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20557_none_e40483f6ce541996\ieframe.dll
[2012/10/08 07:42:37 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=180A7380320AF73CCF7F7D8880CA2193 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16455_none_d9243c4580d78523\ieframe.dll
[2013/05/28 23:14:23 | 009,739,264 | ---- | M] (Microsoft Corporation) MD5=1B312636E6E76FAF6F9EC9A117228DCD -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20606_none_e439952ece2c71b1\ieframe.dll
[2011/11/03 22:32:55 | 010,886,656 | ---- | M] (Microsoft Corporation) MD5=20FCB5DF99F613832402FCAEE1166D0F -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20544_none_d9b7a8b299edefa5\ieframe.dll
[2012/10/08 03:49:01 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=2E54A9D2083FB04CD93072DDA6EE51B6 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20562_none_e3f4b298ce60b6d4\ieframe.dll
[2013/05/29 01:50:31 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=32000C4CD5F176077E2CF96AA28B72EB -- C:\Windows\SysNative\ieframe.dll
[2013/05/29 01:50:31 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=32000C4CD5F176077E2CF96AA28B72EB -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16496_none_d8f9fcdf80f70e3e\ieframe.dll
[2012/06/28 20:27:10 | 009,737,728 | ---- | M] (Microsoft Corporation) MD5=32E15ECF5854F5610BC895490BC3246A -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16448_none_e386b761b52d7732\ieframe.dll
[2012/08/24 06:06:53 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=32F39B9294F5F7108FA4F9BAA48D41A6 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20557_none_d9afd9a499f3579b\ieframe.dll
[2013/01/08 21:22:26 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=35126DDDE8241C4C4A5F15F6CDDF4434 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16464_none_d9186c0f80e087bd\ieframe.dll
[2012/10/08 06:24:55 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=35DB6F9310DCFEAE7BAE84D28A081726 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20562_none_d9a0084699fff4d9\ieframe.dll
[2012/06/28 19:04:26 | 009,737,728 | ---- | M] (Microsoft Corporation) MD5=41AA18FEF587CC374615A1D370C30DF1 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20554_none_e4018318ce56cd91\ieframe.dll
[2010/11/20 23:25:08 | 010,990,080 | ---- | M] (Microsoft Corporation) MD5=4619E14B2DF4137907CD988ACA4B30A5 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17514_none_e7d7639870214e02\ieframe.dll
[2011/12/13 23:10:13 | 009,705,472 | ---- | M] (Microsoft Corporation) MD5=490FC0D07F7C0468E232AB8E8E956719 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16441_none_e37fb55bb533c5d1\ieframe.dll
[2012/08/24 06:39:42 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=4ECE12D296ED94CA2C7DD6C383A5AB66 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16450_none_d91f3ad380dc0670\ieframe.dll
[2012/11/13 22:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=5466DCAEF5A648E04D1B6580F2C901B5 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16457_none_e37ae72bb53679cc\ieframe.dll
[2013/05/16 17:51:43 | 009,739,264 | ---- | M] (Microsoft Corporation) MD5=58CD77C65473D579F00A4C88D511D42A -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20600_none_e4339372ce31d9a7\ieframe.dll
[2013/05/16 23:27:25 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=64A3B1E55FBB7E36AE856FD1A8A4E00C -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16490_none_d8f3fb2380fc7634\ieframe.dll
[2011/06/21 01:25:59 | 010,991,104 | ---- | M] (Microsoft Corporation) MD5=68A0B37A2833C07B59DE1FEE8F6396D9 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17638_none_e7c5c6ce702de867\ieframe.dll
[2011/11/03 18:46:47 | 009,705,472 | ---- | M] (Microsoft Corporation) MD5=691E93028B8723E05B4A637BE77380DD -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16440_none_e37eb511b534ac7a\ieframe.dll
[2012/02/27 21:04:16 | 009,705,984 | ---- | M] (Microsoft Corporation) MD5=7335F34A46261B62DC5B648A9069A029 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20548_none_e410542cce4b16fc\ieframe.dll
[2011/06/21 02:44:38 | 010,991,104 | ---- | M] (Microsoft Corporation) MD5=759B4FC877C0E7BA071BA10DA2D55D07 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.21754_none_e835c299895f5ab7\ieframe.dll
[2012/06/28 22:03:10 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=8159304897E9AC5C1C67F054368CA6E2 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20554_none_d9acd8c699f60b96\ieframe.dll
[2012/06/02 04:43:51 | 009,737,728 | ---- | M] (Microsoft Corporation) MD5=8DCDD0B5939043A1EC98C6F168A56B16 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16447_none_e385b717b52e5ddb\ieframe.dll
[2012/11/14 00:15:41 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=8FF22E0610F2D4033455A14D03EADAC1 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20565_none_d9a3092499fd40de\ieframe.dll
[2011/12/14 03:16:39 | 010,887,168 | ---- | M] (Microsoft Corporation) MD5=90614633898F8D44BC984EC7B729DD70 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16441_none_d92b0b0980d303d6\ieframe.dll
[2012/06/29 00:09:35 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=9C6F3CC6A3BB310D70026AF1B4561F65 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16448_none_d9320d0f80ccb537\ieframe.dll
[2013/01/08 20:10:24 | 010,926,080 | ---- | M] (Microsoft Corporation) MD5=9CAFACD14E4F9D2D952CBB0D09860A8D -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20573_none_d99638a49a072a21\ieframe.dll
[2011/06/21 02:18:39 | 012,262,400 | ---- | M] (Microsoft Corporation) MD5=A3D32EE395ED39BFD50AF0B06B693579 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17638_none_dd711c7c3bcd266c\ieframe.dll
[2012/10/08 04:02:17 | 009,738,240 | ---- | M] (Microsoft Corporation) MD5=A6B73FCB9496DB101F3066CAF5A7DA4B -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16455_none_e378e697b538471e\ieframe.dll
[2013/05/29 01:18:02 | 010,926,592 | ---- | M] (Microsoft Corporation) MD5=AF5B192693596EB72828B557D4DFD9E4 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20606_none_d9e4eadc99cbafb6\ieframe.dll
[2012/02/27 21:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) MD5=B23137887833D849EDB4F03ED8124E71 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16443_none_e381b5efb531f87f\ieframe.dll
[2013/01/08 16:50:50 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=B7CF5526A673A7DAEF3054EE79F633AB -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20573_none_e3eae2f6ce67ec1c\ieframe.dll
[2013/05/16 18:49:25 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=B81388E9FE895065FD5CEAF3C11FDC3F -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16490_none_e348a575b55d382f\ieframe.dll
[2011/12/14 02:20:50 | 010,887,168 | ---- | M] (Microsoft Corporation) MD5=B8AAF1E0082BF7B620FA918F7C656018 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20546_none_d9b9a94699ec2253\ieframe.dll
[2011/09/22 22:10:43 | 010,886,144 | ---- | M] (Microsoft Corporation) MD5=C05BA83BED5907C2175C11C709F67665 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16434_none_d938dbd380c833ea\ieframe.dll
[2013/05/16 21:09:10 | 010,926,592 | ---- | M] (Microsoft Corporation) MD5=C6B3030F59D5552654AD74D61EC20205 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20600_none_d9dee92099d117ac\ieframe.dll
[2012/11/14 02:32:33 | 010,925,568 | ---- | M] (Microsoft Corporation) MD5=C71E7ABB1A34E56CE73AE117C8DD566F -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16457_none_d9263cd980d5b7d1\ieframe.dll
[2012/02/27 23:22:08 | 010,888,704 | ---- | M] (Microsoft Corporation) MD5=C8804C3FD3A5871E71793466FC0B9BBB -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20548_none_d9bba9da99ea5501\ieframe.dll
[2011/12/13 22:32:22 | 009,705,472 | ---- | M] (Microsoft Corporation) MD5=C9D0F97F2CD8A770ABCDCDC6665E7E48 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20546_none_e40e5398ce4ce44e\ieframe.dll
[2011/06/21 02:12:34 | 012,262,400 | ---- | M] (Microsoft Corporation) MD5=CF69B62451ECC4A43F368FF2485C709B -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.21754_none_dde1184754fe98bc\ieframe.dll
[2011/09/22 22:10:43 | 009,704,448 | ---- | M] (Microsoft Corporation) MD5=D5C9F778D0ED2954EB83E1CF87DC0B65 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16434_none_e38d8625b528f5e5\ieframe.dll
[2012/02/28 03:02:38 | 010,888,704 | ---- | M] (Microsoft Corporation) MD5=DC8C18F595AE36655911326593361F13 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16443_none_d92d0b9d80d13684\ieframe.dll
[2012/06/02 04:24:09 | 009,737,728 | ---- | M] (Microsoft Corporation) MD5=E6EDD7776FE55C1C44A0E290DA3C2EEA -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20553_none_e40082cece57b43a\ieframe.dll
[2012/06/02 07:18:35 | 010,924,032 | ---- | M] (Microsoft Corporation) MD5=E7A6C4D9BAE04788EC6E05F76006CE7E -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20553_none_d9abd87c99f6f23f\ieframe.dll
[2011/11/03 19:16:48 | 009,705,472 | ---- | M] (Microsoft Corporation) MD5=EB5D72D017B36366B7BC6DC785E18EB7 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20544_none_e40c5304ce4eb1a0\ieframe.dll
[2012/11/13 21:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=ED0D40EAE9EE3C0FDBBF437DC9D7BE69 -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20565_none_e3f7b376ce5e02d9\ieframe.dll
[2010/11/20 23:24:42 | 012,260,864 | ---- | M] (Microsoft Corporation) MD5=F1115299B9F4C983BC4523B33E3A506C -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7601.17514_none_dd82b9463bc08c07\ieframe.dll
[2013/05/28 21:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=F5860C2D91EA9AF29C7144FD7D94D9AC -- C:\Windows\SysWOW64\ieframe.dll
[2013/05/28 21:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) MD5=F5860C2D91EA9AF29C7144FD7D94D9AC -- C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16496_none_e34ea731b557d039\ieframe.dll
[2012/06/02 08:17:39 | 010,924,032 | ---- | M] (Microsoft Corporation) MD5=FC3A5E13D26C131E6BB39094D9ACD1F6 -- C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16447_none_d9310cc580cd9be0\ieframe.dll

< End of report >
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Nothing wrong that I can see. CHR entries are just those associated with Chrome so nothing to worry about. The files that your first OTL flagged as locked must have been in use by something as they came out normal this time.

Kaspersky is good if you are willing to pay for it. If you are going to keep it I would talk to them about it not releasing the registry. I use the free Avast myself.

I'll give you my standard goodby speech now. We didn't run Combofix but it appears you already had it so I'll give you the removal procedure too. It assume you saved it to your desktop. If not then change the path to reflect the actual location:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system by removing all but the latest Restore Point.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP