Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BitCoin Miner defeats Kaspersky 2013 – Help Please [Solved]

Started by Zenith-1 , Aug 23 2013 12:47 AM

  • This topic is locked This topic is locked

#1
Zenith-1
Posted 23 August 2013 - 12:47 AM

Zenith-1

    Member

  • Member
  • PipPip
  • 16 posts
Hi, I have an error reported by Ccleaner… I did an Internet search for the error & it brought me here to this G to G webpage… The Ccleaner Report was :-

ActiveX/COM Issue InProcServer32\C:\Program Files\Microsoft Office\Office12\msohevi.dll HKCR\CLSID\{42042206-2D85-11D3-8CFF-005004838597}

That may be a minor & unconnected issue, but I think my PC may have some other virus ’legacy’ items still on it… I had a Bitcoin Miner on it recently… one of its files was called ‘color.vbe’ found in folder "C:\Users\USERNAME\AppData\Roaming\Adobe"… I kept a disabled copy (now called color.vbe.trojan) for analysis, but I can’t yet decrypt it to discover its full malicious payload.

I know it shut down my Kaspersky Int. Security 2013 Firewall, Virus Protection scanning etc. & left my machine exposed to the ‘raw’ Internet for 12 hours, before it was realised… It had even disabled Windows 7 Action Centre & stopped it showing any warning in the System Tray.

(VERY disappointed with Kaspersky 2013 (paid retail for), it failed to protect itself & to detect any of this during file download or during the install… In fact it never gave any warning at all… Malwarebytes (free) did, on a manual scan, it picked up 6 Bitcoin Miner files)

It was infected from ‘Call of Duty Black Ops II Update 3’ torrent file… OK, OK.. give my butt a kick :( … OUCH !... I just hope my confession saves other people from the same fate.

I used a combination of Internet research & Detective work, Registry searching, Malwarebytes, SpyBot 2, KIS 2013 & TDSSKiller scans, to manually remove the virus. It had put some nasty files in the USERNAME/Appdata/Local/Temp folder, too… I deleted them & cleared out the Prefetch folder.

In the past year, the PC has had ‘Snap.Do’ & ‘Toggle’ viruses, although I’m fairly sure I got rid of them completely.

But on monitoring my Network traffic, I can’t be sure there is no Backdoor security breach, as the Bitcoin Miner script created two lists of Security Access codes, which it must have sent out on the Internet. I have a text copy of these two Logs, in which they both state ‘An account was successfully logged on’… One seems to be an Anonymous Account & the other, to access the Graphics Card software & Chip (used for Bitcoin mining)… yet I’m the only user of the machine.

The three year installed Win7 PC needs to be fully clean, so I can make a full backup of the C-Drive, for disaster recovery & to be confident the PC is secure.

Can anyone help or advise me further to check & clean the PC, please ?
  • 0

Advertisements

#2
Essexboy
Posted 23 August 2013 - 05:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi first I will need to take a looksee

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Zenith-1
Posted 23 August 2013 - 08:33 AM

Zenith-1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Essexboy, Thank you for helping me.

I'm just doing the scans for a second time... for some reason, the first around it only made the OTL.Txt... a Command window opened up, then closed itself... When OTL finished, the Extras.Txt was not there on the Desktop... Could that be because of one of the extra parameters you ask me to cut & paste into OTL ?

Earlier on this morning when I Registered, I downloaded OTL & did as the Registration page advice said & just ran OTL as it was... It did then produce the two files. I stored them on another H/Drive.

I'm stuck with what to do next to get the info you need ???... I will wait till you advise.

EDIT -
While I was waiting, I thought I would download aswMBR.exe to save some time... It is taking forever !... I could download 4.5gig in less time than this tiny 4.5meg is taking !... my PC has been working well, for the lsat 24 hours... Best if I log off, reboot & start afresh... back in 5 mins.

Edited by Zenith-1, 23 August 2013 - 08:59 AM.

  • 0

#4
Essexboy
Posted 23 August 2013 - 08:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OTL will only produce the extras on the first run, so the original copy will do but post the second scan run please
  • 0

#5
Zenith-1
Posted 23 August 2013 - 09:11 AM

Zenith-1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OK, I'm back & logged in... Will do my best...

I'm on 30meg fibre optic Broadband... Downloaded OTL instantly... very fast... no problem.... but aswMBR.exe is still taking forever :(


I have only 1.6meg of 4.5meg... is there an alternative link ?

Now got 1.9meg Perhaps the Avast server has a virus ? :)


Now I'm running a fresh copy of OTL.......

Update:-
Now have .8meg to go, of aswMBR.exe
OTL is still only producing one file :(


aswMBR.exe is now downloaded & on the Desktop... Do you want me to post the single OTL file ?... and/or the two I did earlier this morning ?

Edited by Zenith-1, 23 August 2013 - 10:15 AM.

  • 0

#6
Essexboy
Posted 23 August 2013 - 09:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There appear to be problems with the Avast server so skip that bit if you have not yet downloaded it
  • 0

#7
Zenith-1
Posted 23 August 2013 - 10:33 AM

Zenith-1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL Extras logfile created on: 22/08/2013 21:29:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clark Kent\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.12 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 64.80% Memory free
7.11 Gb Paging File | 4.50 Gb Available in Paging File | 63.23% Paging File free
Paging file location(s): c:\pagefile.sys 4090 4090 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 649.18 Gb Free Space | 69.69% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 217.03 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 47.73 Gb Free Space | 16.01% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 217.02 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive H: | 186.31 Gb Total Space | 92.36 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
Drive I: | 186.31 Gb Total Space | 72.54 Gb Free Space | 38.93% Space Free | Partition Type: NTFS
Drive O: | 186.31 Gb Total Space | 26.89 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive Q: | 931.51 Gb Total Space | 304.23 Gb Free Space | 32.66% Space Free | Partition Type: NTFS

Computer Name: SATURNPC | User Name: Clark Kent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MatSpoonFileSearch] -- "C:\Program Files\MatSpoon\FileSearch\FileSearch.exe" "%1" (MatSpoon)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [SuperFinder] -- "C:\Program Files\FSL\SuperFinder\SuperFinder.exe" "%1" (FSL)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{054BB96E-86D1-4745-82F6-B3E55CCBEE72}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{07D14425-1589-4157-A073-8845E454040E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{088AD138-5781-4E2B-8185-F89DA10DFAD6}" = rport=137 | protocol=17 | dir=out | app=system |
"{0CE24590-0D0C-452A-A13D-B593B086C84B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{11AB82D1-545F-431F-8E35-A423BC7C4710}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{17563E1B-93C2-43F3-81BE-4EA0123B31A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20C8DA43-2CA0-46E8-877C-840472EB924E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2609659C-868C-4845-9B49-BC5C3D199387}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{329A1AE6-F5C4-4E43-A740-3030BCF1CB79}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{35D5086E-C25A-48A8-99D5-7281E5632E4D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A275759-FD6D-4569-87AB-BCA515E222DF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{409A318F-B2FD-48D6-90D7-65CC10ABA9CE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{44F4E1BC-A713-440B-AC56-303B5A0CF7BA}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F62D517-2E76-4691-9CC2-2BFBD1361F30}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{514DFCDA-E017-4407-A75C-CA09D217BA1C}" = lport=139 | protocol=6 | dir=in | app=system |
"{52666D98-071A-4E0B-BCE1-A3D0AFA819E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{538E5F77-AB80-469B-82E9-BF626C22DD6D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5752B6EA-9C6E-41E5-B426-F98D7722553B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5A5040B0-F229-4361-84B1-1D341545D08A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5D736B1D-CB59-461C-AD81-8E134D09B6AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{658587BD-E30D-473F-81B7-4B0331F2E2E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{664858C4-35CF-4AB5-8417-DDC66482CC21}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7AC53C1D-3A4B-4A1A-992E-2A2B256E5A77}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |
"{7B3746A7-09EB-492F-BFE8-ADD86A2E61EB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B468B6C-184C-4BDA-9CA8-3E0BF2715F6F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{865701B3-F4EE-4F7A-B358-8301E6888722}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8688653E-9F44-48E7-8466-97173F618F1F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8DF9E1B2-7D8A-4180-B13C-584B57A6F78E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{93B30B00-B5F6-48D8-81D2-324B7516A3CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9676F750-4343-4A51-B488-E12FD28CADEA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{996F8AB7-17FD-4A23-938E-B9B45CF22DFA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9AAA03EC-B7AE-461E-9F3E-92F86F7E229B}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EA8E9D4-3407-45D7-A077-C9BBF42C5F0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA38D783-A32E-40B1-A602-F2F8D8E18514}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{ADEBB46D-CDB0-4BB3-8B03-50BB2EB22B99}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B06493C3-A30F-4221-85B2-7D42A513F356}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B6E07164-055F-4E39-B94A-299BFFF767E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B77567AF-A927-4D41-98F1-E7D1A543E9D0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{BF686351-A03E-47DE-B1BD-EE4A23C25C7A}" = lport=138 | protocol=17 | dir=in | app=system |
"{DBC00487-41DB-4F27-8992-B3B080AB94DE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2B88E7E-419A-49E5-81B6-93BE04F27F5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E673DF0E-53C7-4EDE-97CF-88FBA1C87378}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8E841DF-0A9C-4879-B9CB-03F6AE3B688E}" = lport=137 | protocol=17 | dir=in | app=system |
"{EC8B87BD-A713-4DFA-9C00-20162CCE0E8D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ECFEBBF5-4F6A-4D58-BA93-CACC60E9F6B2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F583E84C-3C9F-447F-AD37-C62523880FA8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F88C6600-7CBC-447F-A312-51595305F877}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FEBDEA54-8A35-4DEE-B833-89AB6B906C32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF257755-F6E7-4DC5-A428-5EA5F94523D4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FF52D37E-03A6-45AA-83F3-3F1C460E01B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0061CB3E-FBD1-48A1-9EFA-BC94CDBFCFE0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{04BB00E9-9587-4ED5-A56B-A3291FD57B6E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{07EDBD37-DC13-48E6-9B83-A4A41F052138}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0C38D540-ADA2-499A-9C7E-D660A368BAFC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{112BC917-C424-420D-851C-042A87490518}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1341599F-FA84-4E9E-A90B-8A6B5D14C0ED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{14798962-3AD1-4468-B301-D226B375BD6D}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{14AF3244-685E-4EE9-8DC7-3FDBF964D860}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{14E45CA2-5238-4E01-9809-9682E1E7CC5C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{152CD095-DC93-4599-85B5-E705C7F6DB76}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1C857BC0-47CE-4694-AE73-62DD60945DD2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1EB60819-EE8B-4D1D-94DE-27F1CDFBAFD6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{245BC14D-CA3A-4E42-A6E1-D849F8CEAD6F}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{26A81441-86B9-4FFC-B638-2B5EAC378BA9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{29190C07-C5C7-474F-8AB9-77F50D1C92FD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{2D222F96-E2CA-4023-BF8F-F19726C0D95A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{312A5ED4-7306-43C6-8740-AC75CFA6B021}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12.exe |
"{3435DB3E-4611-4504-BBA8-57130C33E2B3}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12agent.exe |
"{36AB3383-1BFC-49A9-AA93-62E826627E44}" = protocol=17 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe |
"{3AE43459-1B39-42ED-BDA0-FE83C5997D42}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{3BADAE98-34FD-4AB1-B1A9-28AFB06C59FD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3CBE6C9A-B1EB-4BA8-B27A-5DB61D569C7E}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"{3CDA04D9-F247-4520-981D-BB42DB0DAB18}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{41C742CC-7489-4647-9065-86FBECE44705}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41CCE9D5-EF13-403A-99F4-9E7D9A852702}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{49ABE872-F276-4AD4-9475-06639F9B7F3E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{4FB500BB-EBBD-477E-A422-E41FC30F7A9F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{4FBBFEC3-0683-4220-853E-14DD4EE61EEF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{538989F8-D481-4E0A-BD0D-517E23782C74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{543ED353-4151-4197-9438-A0E78B6312F6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{566018CB-B36B-4B52-B2A4-8E98DB136F2D}" = protocol=6 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |
"{56E6C14A-98C7-4C93-ACE4-6633EB7979AA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{57467492-4793-450F-AEEF-7A9633014383}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57CBFF77-14D3-4DBB-B45A-4E2021CBDD9F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5BD17B3F-8FD6-4A59-AFC0-5DB18BE74D6E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{5D8D44AF-B550-47CB-95A7-258F04C3EFB3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{5FDC072A-4531-43A2-9539-F4DD4725D774}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{61302581-B9EB-4151-9A77-C96F95AF01A6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{6310EBA6-F6C7-4647-9727-27AA5E8CD0A6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{66875FFA-2B9B-40A5-AA27-3A79FDE217E7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{6742CAEF-2EAC-4B95-A302-F67BBB7261AD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{68C342CF-D234-49D1-AEC6-1B1AFF4B7632}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{69644231-46B8-4228-89CA-E06D212F4D17}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{6AAA8424-4DA2-4986-9ADF-2C3D1BFBF73B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C87CBA6-2A0F-46A8-A46B-542D8C1087D4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E6FA6CD-EF7B-4950-BE0F-0B8BDA14C5D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{810D356C-A998-4E78-B17F-943FEADA2C64}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{86CB15BE-13D8-4A49-9316-5FE1C9E37057}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{8826A3B9-BD55-4676-9B71-6449B09C88EB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{8AEBB492-4D81-48D0-B01C-F5DAA764727D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8B5B7144-E896-46F7-AD50-9192DD4817F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D2E9772-FF0E-458D-BE05-C5646B2A6E55}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{9472FCAA-5673-49AF-8043-BBD430B6904A}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12agent.exe |
"{96F7529D-48E1-4BB3-B4AE-C7C75BD2F0B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{97AE7603-12FA-4EC1-A87E-4DF6D409D737}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{9846729F-02FA-44AC-8771-ABF47A314A81}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{987AA810-6589-4199-8ECE-ED42C1ED8F94}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe |
"{9E3F2365-137C-4E2A-8357-1D509158420C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{A20BC3D8-4159-41EE-8289-999F5CD0AABF}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12.exe |
"{A3757C9E-B724-4859-93C8-D02752D7ABBE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A47AD978-E384-4B8B-99DD-B5421935783C}" = protocol=58 | dir=in | [email protected],-28545 |
"{A4FD5250-98B8-45EE-8AFB-4A074B6073A1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC347088-3F01-4257-A398-C0CA09B6C46D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ADF14AAA-6192-4159-BF22-1E24C853242E}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{AE5B7347-0FAD-4D61-94AD-633073E7C399}" = protocol=6 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe |
"{AEBC792F-31F5-45F8-A8F7-277C0A5EB7F2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{B920D982-7E3B-45C8-BCB6-E357C985B149}" = dir=in | app=c:\program files\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{BA1EDB72-A1DC-41ED-96AB-625BC776E269}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BAB05816-4133-4686-B949-E858FAD0B029}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BCBEAC80-E2B6-448B-92A5-B114C3C39936}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{C1C60AB7-1BB8-475D-9953-61FC64940796}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C2074918-6B07-45F4-94D5-18AA07BAB00C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"{C2B61FC4-D078-4168-BA7A-BAE289F26A3D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC593E7C-6938-4C8A-B4AD-5A605F6D4F00}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{CCDA8A46-7DE9-4038-9D52-DFAA8062A786}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe |
"{D138DB98-9461-4825-9569-FD8C67F42FEB}" = protocol=58 | dir=out | [email protected],-28546 |
"{D15C99EC-38D8-451C-9D4D-B4839705349C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{D2DBE9FC-DFAD-432D-B220-07CB8A20C0C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5ADE477-DA9C-417B-8062-5235E3B2B26D}" = protocol=1 | dir=out | [email protected],-28544 |
"{D60BD0F5-0584-4C82-B5B6-1CDB2B146199}" = protocol=1 | dir=in | [email protected],-28543 |
"{D612F845-7902-4A71-9B37-D39255F129A2}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12ml.exe |
"{D641B6AE-9D7C-41AE-B035-41619486A113}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D76CA3AC-A2DA-4140-A858-B318306E4AD8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{D94F0001-76B1-4E7C-AF19-AF25BDBFC5D3}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{DA25CFAF-5425-47BD-87E0-4ED4E131091D}" = protocol=17 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |
"{E1211F67-5680-41E2-BDD0-FDF4E788D8D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E42628DC-DB7D-466F-BFC7-063E4DA5FBA6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{EDC9A765-E058-4C77-89AD-3C7C20F829F2}" = dir=in | app=c:\program files\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{EEDF2BC7-A135-4DA5-B7B7-64EE62BD3626}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{F181B4C8-4BC3-4547-8BC5-4AF8C80D78AD}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12ml.exe |
"{F3901D8E-EE14-45A0-8C78-8A54EF7E8F8F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F41835DB-B705-4BB3-B1DC-B38A1236A129}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FF42D385-C74A-40D2-9AEE-1EFEA3BCD837}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"TCP Query User{50AA5B0E-A4F8-417A-9B95-D9920FF38E53}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=6 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |
"TCP Query User{760CB9AC-D549-47F1-8D61-A13B9911FF29}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{DAEB053A-CD71-4268-A5C3-AA9CDD39288B}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=6 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |
"TCP Query User{DC04C850-6CE4-4AFE-B30B-59AF0EB8B8E6}C:\program files\cobian backup 11\cbremotemanager.exe" = protocol=6 | dir=in | app=c:\program files\cobian backup 11\cbremotemanager.exe |
"TCP Query User{FA5B4B03-B26D-498E-A002-74FED0A43110}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{37F4CD54-2AD0-4DC9-B396-08F2096465DB}C:\program files\cobian backup 11\cbremotemanager.exe" = protocol=17 | dir=in | app=c:\program files\cobian backup 11\cbremotemanager.exe |
"UDP Query User{48FB84BD-750E-4DC7-9633-950B62E5A283}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=17 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |
"UDP Query User{77D24A0B-CE2A-41AD-A635-928CCAB55592}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{8C04F85B-5690-4D06-B414-53AE23C8483A}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{FC13C6FB-2544-4ECF-9E08-1329D4E7DDE9}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=17 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{016A5847-9535-481D-8278-ECAFFDF959FF}_is1" = PPM Mini Version 1.42
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{092D4427-C1D9-43C0-B1BB-C8BCFE67D5C0}" = Windows Tweaker
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}" = FreeUndelete 2.1.36867.1
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{179324FF-7B16-4BA8-9836-055CAAEE4F08}" = SDFormatter
"{1E104AF0-EA49-11DE-AC07-005056C00008}" = Paragon Hard Disk Manager™ 2010 Professional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25CA5429-86C2-4FA3-B48A-74B0272280A1}" = Hoyle Friday Night Poker
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1" = Greenfish Icon Editor Pro 2.1
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer
"{303878F2-BECB-46EF-B2B0-81088001B794}" = Sprite Explorer
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}" = ASUS DH Remote
"{3569CD36-8751-4879-8E02-7D683BD44384}_is1" = Audio Test 1.25
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B2A7E23-AC7E-46BB-B725-65C555F8FFC5}" = Oracle VM VirtualBox 4.2.16
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{3DD823AB-145A-4522-B9F6-A9566121F837}_is1" = ShellFolderFix 1.1.4
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars®
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars® Patch
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{4843A9B1-335C-4a13-8CFC-9B986AEBE1E2}_is1" = :spam: Video Converter 6.1.32
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4F5CE00D-82D7-4BDB-868E-F5FA2D2740E5}" = Intel Processor Diagnostic Tool
"{52291FC0-33D3-4A18-9587-5115225545D8}_is1" = Path Scanner 1.1.0.20
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5D26BF7B-BEF6-477D-8FC1-0C1C159B6364}_is1" = Quicksys RegDefrag 2.9
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{6567E404-A019-4D0C-BD18-10564126A579}_is1" = Artweaver Free 4
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
"{870798AB-E734-4019-B4F4-8D9EE51281E5}}_is1" = PPM Twin Version 1.51
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BBE3369-3C93-4D00-9558-D35E08F99A12}" = Easy RoboCopy 1.0.13
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{ABC5404F-F0F3-4221-8DB9-5D34DD866E50}" = Sprite Backup
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BDC3B433-099B-4082-B55A-909CC008CDF5}" = Application Suite
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C662F6A6-D4FD-4846-B5D2-C707D00805DB}" = Application Suite
"{C6F34AE0-0576-11d4-82FE-4491FCC00000}" = IconViewer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D78FAC90-5F66-4067-BAD5-C76F3422A807}_is1" = PPM ME12 Version 1.56
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E11BBF69-C686-45B3-9267-CE44603B47AE}" = Scrabble3D
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE8B9C76-1E07-4C26-8587-8184024FA345}" = Hoyle Card Games 2005
"{EF6E933E-760B-40EA-8E00-E6DE3482F472}_is1" = 7stacks 1.5 beta 2
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1100000-0009-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17B8386-A74A-4E4E-A7DD-435372991E14}" = Microsoft Visual Basic PowerPacks 2.0
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F67EF53C-11BF-4EC8-B025-EC85CABA50B5}" = HDD Guardian 0.4.1.0
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FCBBFDD6-643B-4D3E-AD2C-5CBAA4C2C7FC}_is1" = PPM Quad Version 1.22
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Agent Ransack_is1" = Agent Ransack 2010
"Allway Sync_is1" = Allway Sync version 11.4.0
"Anti-Twin 2011-12-20 17.19.32" = Anti-Twin (Installation 20/12/2011)
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.7
"AnyToISO_is1" = AnyToISO
"Anywhere PE Viewer_is1" = Anywhere PE Viewer 0.1.7
"Atmosphere Lite_is1" = Atmosphere Lite v6.0
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AutoHotkey" = AutoHotkey 1.1.05.03
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"AviSynth" = AviSynth 2.5
"AVS DVD Copy_is1" = AVS DVD Copy 4.1.2.283
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BackUp Maker_is1" = BackUp Maker v6.4
"BioShock Infinite_is1" = BioShock Infinite
"BitTorrent" = BitTorrent
"Call of Duty Black Ops II Update 3 3.0.1" = Call of Duty Black Ops II Update 3 3.0.1
"CCleaner" = CCleaner
"Clock Mechanism Screensaver_is1" = Clock Mechanism Screensaver 1.0
"ClocX" = ClocX (1.6.0)
"CobBackup11" = Cobian Backup 11 Gravity
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Crysis WARHEAD®" = Crysis WARHEAD®
"Crysis Wars®" = Crysis Wars®
"Crysis Wars® Patch" = Crysis Wars® Patch
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1a
"Desktop iCalendar Lite_is1" = Desktop iCalendar Lite
"Digital Level Meter_is1" = Digital Level Meter Version 1.5
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy Macro Recorder_is1" = Easy Macro Recorder 4.21
"Effective File Search" = Effective File Search 6.0
"EPSON Scanner" = EPSON Scan
"Everything" = Everything 1.2.1.371
"FastStone Capture" = FastStone Capture 7.3
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FileMenu Tools_is1" = FileMenu Tools
"FileSearchEX" = FileSearchEX
"GIMP-2_is1" = GIMP 2.8.6
"Glary Utilities 3" = Glary Utilities 3.7
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HD Tune_is1" = HD Tune 2.55
"Hoyle Card Games 2011" = Hoyle Card Games 2011 (remove only)
"Hoyle Puzzle and Board Games 2011" = Hoyle Puzzle and Board Games 2011 (remove only)
"IcoFX_is1" = IcoFX 1.6.4
"iColorFolder" = iColorFolder
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"JDiskReport 1.3.2" = JGoodies JDiskReport 1.3.2
"Lightspeed!" = Lightspeed Screensaver (Remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"MatSpoon - FileSearch" = MatSpoon FileSearch 0.3.1
"MemInfo" = MemInfo (remove only)
"MetaProducts StartUp Organizer" = MetaProducts StartUp Organizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 22.0 (x86 en-GB)" = Mozilla Firefox 22.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewFolderEx" = NewFolderEx (remove only)
"NirSoft ShellExView" = NirSoft ShellExView
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Paltalk Messenger" = Paltalk Messenger 10.2
"Peak Level Meter_is1" = Peak Level Meter Version 1.76
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"qbittorrent" = qBittorrent 3.0.11
"R-Drive Image 4.7NSIS" = R-Drive Image 4.7
"Recuva" = Recuva
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"Revo Uninstaller" = Revo Uninstaller 1.95
"Sandboxie" = Sandboxie 3.50
"Scrolling Countdown ScreenSaver_is1" = Scrolling Countdown ScreenSaver 2.2
"Secure Eraser_is1" = Secure Eraser v4.0
"SmoothDraw_is1" = SmoothDraw version 4.0.1
"sp6" = Logitech SetPoint 6.61
"SPB Backup" = SPB Backup
"SPB Backup_is1" = SPB Backup 2.1.0
"SpeedFan" = SpeedFan (remove only)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 235780" = MINERVA: Metastasis
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 620" = Portal 2
"Steam App 63380" = Sniper Elite V2
"Stellarium_is1" = Stellarium 0.11.0
"Super Finder XT_is1" = Super Finder XT 1.6.3.2
"SyncBack_is1" = SyncBack
"TeamTalk4_is1" = TeamTalk 4
"TeamViewer 7" = TeamViewer 7
"TreeSize Professional_is1" = TreeSize Professional V5.4.3
"TrueCrypt" = TrueCrypt
"Unlocker" = Unlocker 1.9.0
"USB Safely Remove_is1" = USB Safely Remove 5.2
"ViceVersa FREE_is1" = ViceVersa Free 1.0.5
"ViceVersa Pro 2.5_is1" = ViceVersa Pro 2.5 (Build 2501)
"VLC media player" = VLC media player 2.0.7
"WinMount_is1" = WinMount V3.5.0913
"WinPcapInst" = WinPcap 4.1.3
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"Wireshark" = Wireshark 1.10.1 (32-bit)
"XLCalendar_is1" = XLCalendar 1.7
"XNote Stopwatch" = XNote Stopwatch
"xplorer2p" = xplorer² professional 32 bit

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Google Chrome" = Google Chrome
"MyPaint" = MyPaint 1.0.0
"Password Generator" = Password Generator (remove only)
"WinDirStat" = WinDirStat 1.1.2
"WinStack V0.8" = WinStack V0.8
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22/08/2013 05:46:34 | Computer Name = SaturnPC | Source = System Restore | ID = 8210
Description =

Error - 22/08/2013 05:57:30 | Computer Name = SaturnPC | Source = System Restore | ID = 8210
Description =

Error - 22/08/2013 06:04:53 | Computer Name = SaturnPC | Source = System Restore | ID = 8210
Description =

Error - 22/08/2013 06:48:10 | Computer Name = SaturnPC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time
stamp: 0x4ce792c4 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00052d94 Faulting process
id: 0x1730 Faulting application start time: 0x01ce9f250797ea17 Faulting application
path: C:\Windows\system32\MsiExec.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 55de0759-0b18-11e3-a91c-001bfce73199

Error - 22/08/2013 06:49:51 | Computer Name = SaturnPC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time
stamp: 0x4ce792c4 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00052d94 Faulting process
id: 0x14bc Faulting application start time: 0x01ce9f254cc2c4ac Faulting application
path: C:\Windows\system32\MsiExec.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 918ebfb8-0b18-11e3-a91c-001bfce73199

Error - 22/08/2013 06:52:54 | Computer Name = SaturnPC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time
stamp: 0x4ce792c4 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00052d94 Faulting process
id: 0x1744 Faulting application start time: 0x01ce9f25b9bc0637 Faulting application
path: C:\Windows\system32\MsiExec.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: fed86c61-0b18-11e3-a91c-001bfce73199

Error - 22/08/2013 07:05:52 | Computer Name = SaturnPC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time
stamp: 0x4ce792c4 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00052d94 Faulting process
id: 0x814 Faulting application start time: 0x01ce9f278bf57835 Faulting application
path: C:\Windows\system32\MsiExec.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: ce8891ed-0b1a-11e3-a91c-001bfce73199

Error - 22/08/2013 08:13:10 | Computer Name = SaturnPC | Source = MsiInstaller | ID = 11919
Description =

Error - 22/08/2013 08:18:33 | Computer Name = SaturnPC | Source = MsiInstaller | ID = 11919
Description =

Error - 22/08/2013 08:18:35 | Computer Name = SaturnPC | Source = MsiInstaller | ID = 11919
Description =

[ System Events ]
Error - 22/08/2013 05:48:08 | Computer Name = SaturnPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 22/08/2013 05:48:08 | Computer Name = SaturnPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 22/08/2013 05:59:06 | Computer Name = SaturnPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 22/08/2013 05:59:06 | Computer Name = SaturnPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 22/08/2013 06:06:32 | Computer Name = SaturnPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 22/08/2013 06:06:32 | Computer Name = SaturnPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 22/08/2013 08:42:55 | Computer Name = SaturnPC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 22/08/2013 08:42:55 | Computer Name = SaturnPC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 22/08/2013 10:31:07 | Computer Name = SaturnPC | Source = bowser | ID = 8003
Description =

Error - 22/08/2013 13:33:28 | Computer Name = SaturnPC | Source = bowser | ID = 8003
Description =


< End of report >
  • 0

#8
Zenith-1
Posted 23 August 2013 - 10:35 AM

Zenith-1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 23/08/2013 16:39:16 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clark Kent\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.12 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 50.80% Memory free
7.11 Gb Paging File | 4.71 Gb Available in Paging File | 66.14% Paging File free
Paging file location(s): c:\pagefile.sys 4090 4090 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 655.60 Gb Free Space | 70.38% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 217.03 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 47.73 Gb Free Space | 16.01% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 217.02 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive H: | 186.31 Gb Total Space | 92.36 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
Drive I: | 186.31 Gb Total Space | 72.54 Gb Free Space | 38.93% Space Free | Partition Type: NTFS
Drive O: | 186.31 Gb Total Space | 26.89 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive Q: | 931.51 Gb Total Space | 304.23 Gb Free Space | 32.66% Space Free | Partition Type: NTFS

Computer Name: SATURNPC | User Name: Clark Kent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/23 16:12:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clark Kent\Desktop\OTL.exe
PRC - [2013/07/31 21:30:36 | 002,296,600 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2013/07/31 21:30:24 | 000,363,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
PRC - [2013/07/28 20:44:38 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/07/25 20:48:40 | 002,012,088 | ---- | M] (MetaProducts corp.) -- C:\Program Files\StartUp Organizer\so.exe
PRC - [2013/07/05 18:19:48 | 001,439,824 | ---- | M] (Dexpot GbR) -- C:\Program Files\Dexpot\dexpot.exe
PRC - [2013/07/05 18:19:48 | 000,183,888 | ---- | M] (Dexpot GbR) -- C:\Program Files\Dexpot\plugins\DexControl.exe
PRC - [2013/07/05 18:19:48 | 000,155,728 | ---- | M] (Dexpot GbR) -- C:\Program Files\Dexpot\plugins\SevenDex.exe
PRC - [2013/07/04 13:16:26 | 005,900,288 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
PRC - [2013/06/13 20:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/13 22:56:20 | 001,035,576 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2013/01/18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/01/14 16:48:34 | 002,090,496 | ---- | M] (BonSoft) -- C:\Program Files\ClocX\ClocX.exe
PRC - [2012/12/26 18:05:24 | 001,017,856 | ---- | M] (Carthago Software) -- C:\Program Files\MemInfo\meminfo.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/07/31 12:12:32 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe
PRC - [2011/03/10 17:04:37 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/01 20:53:26 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/10/17 23:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/09/28 18:52:46 | 001,819,648 | ---- | M] () -- C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2010/03/22 10:17:22 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2010/03/22 10:17:20 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/18 15:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/04/02 13:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2006/11/09 22:29:14 | 003,165,696 | ---- | M] () -- C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
PRC - [2006/11/09 19:44:32 | 000,221,184 | ---- | M] (T-wins) -- C:\Program Files\ASUS\ASUS DH Remote\AsDHRemote.exe
PRC - [2004/09/22 13:58:54 | 000,292,864 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\DriveLED\oodled.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/16 04:21:41 | 000,410,576 | ---- | M] () -- C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppgooglenaclpluginchrome.dll
MOD - [2013/08/16 04:21:39 | 004,053,456 | ---- | M] () -- C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll
MOD - [2013/08/16 04:20:49 | 000,709,584 | ---- | M] () -- C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\libglesv2.dll
MOD - [2013/08/16 04:20:48 | 000,099,792 | ---- | M] () -- C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\libegl.dll
MOD - [2013/08/16 04:20:46 | 001,604,560 | ---- | M] () -- C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2010/09/28 18:52:46 | 001,819,648 | ---- | M] () -- C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
MOD - [2010/09/28 18:52:34 | 000,086,528 | ---- | M] () -- C:\Program Files\ShellFolderFix\ShellFolderFix.dll
MOD - [2006/11/09 22:29:14 | 003,165,696 | ---- | M] () -- C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
MOD - [2006/11/09 19:18:38 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\ASUS DH Remote\AiNap.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/07/28 20:44:38 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/07/26 23:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/20 05:41:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 20:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/13 22:56:20 | 001,035,576 | ---- | M] (Crystal Rich Ltd) [Auto | Running] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2013/03/01 02:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/24 12:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/31 12:12:32 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/03/14 14:35:28 | 000,296,232 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/03/14 14:35:24 | 000,087,336 | ---- | M] (CyberLink Corp.) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012/03/14 14:35:24 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011/03/10 17:04:37 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/02/01 20:53:26 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/23 23:33:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/17 23:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/03/22 10:17:22 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/18 15:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/04/02 13:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Clark Kent\AppData\Local\Temp\tmpC89B.tmp -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV - [2013/07/28 20:48:11 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/07/28 20:48:11 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013/07/28 20:48:11 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/07/28 20:48:11 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/07/28 20:48:11 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/07/22 08:34:52 | 000,011,552 | ---- | M] (Glarysoft Ltd) [Kernel | On_Demand | Stopped] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - [2013/07/04 16:38:20 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2013/07/04 16:37:08 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/07/04 16:37:08 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/07/04 16:37:08 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2013/07/04 16:37:08 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2013/05/23 07:12:34 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013/05/23 07:12:32 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/05/23 07:12:30 | 000,042,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2013/05/23 07:12:30 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2013/03/01 02:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/07 11:36:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012/05/15 18:45:27 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/02/16 20:46:34 | 000,087,536 | ---- | M] (CyberLink Corp.) [2012/04/29 10:04:11] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/11/28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2011/10/27 07:18:45 | 000,120,432 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys -- (ntk_PowerDVD12)
DRV - [2011/05/26 10:29:24 | 000,317,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2011/05/19 16:55:28 | 000,103,512 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2011/03/14 13:23:39 | 000,065,856 | ---- | M] (WinMount International Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\WMDrive.sys -- (WMDrive)
DRV - [2011/03/11 15:42:53 | 000,011,936 | ---- | M] (Highresolution Enterprises [www.highrez.co.uk]) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\inpout32.sys -- (inpout32)
DRV - [2011/03/10 17:04:39 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/03/10 17:04:10 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2011/03/10 17:03:53 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/03/10 17:02:33 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010/12/18 12:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/17 23:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/10/12 20:32:22 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/10/12 20:32:20 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2010/10/12 20:32:20 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/12 14:42:30 | 000,127,790 | ---- | M] (R-TT Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\R-Drive Image\R-ImageDisk.sys -- (R-ImageDisk)
DRV - [2010/06/07 17:02:28 | 001,579,144 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2010/05/31 21:51:14 | 000,102,848 | ---- | M] (R-TT Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\R-Drive Image\DrvSnSht.sys -- (DrvSnSht)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/01/07 04:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009/09/23 02:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/23 02:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/15 15:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/04 11:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/16 12:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/02/29 11:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/06 17:29:08 | 010,342,784 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2004/09/22 13:57:14 | 000,015,488 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled)
DRV - [2004/05/21 09:05:22 | 000,175,104 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GigNIC.sys -- (GigNIC)
DRV - [2002/05/10 14:31:48 | 000,633,220 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Intels51.sys -- (Intels51)
DRV - [2002/03/01 01:35:00 | 000,280,644 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCWBT8XX.sys -- (HCWBT8xx)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...hp?hl=en&tab=ww
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E A6 F7 65 F2 14 CE 01 [binary data]
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\..\SearchScopes,DefaultScope = {DFE1F85F-7B90-421E-AE5F-67AE55C1F56E}
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\..\SearchScopes\{DFE1F85F-7B90-421E-AE5F-67AE55C1F56E}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: faviconizetab%40espion.just-size.jp:1.0.6
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2
FF - prefs.js..extensions.enabledAddons: LDSI_plashcor%40gmail.com:0.8.7
FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.1.7
FF - prefs.js..extensions.enabledAddons: tinyurl.addon%40fast-chat.co.uk:2.6.1
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.6
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.5
FF - prefs.js..extensions.enabledAddons: %7B28FAD68E-4001-48d5-B994-68069F7CFB1D%7D:0.4.9
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B7EE8902C-75BE-4286-A6CE-0C483607A322%7D:2.0.0
FF - prefs.js..extensions.enabledAddons: %7B89506680-e3f4-484c-a2c0-ed711d481eda%7D:0.9.5.9
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.6
FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:20.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120515
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.3.55472
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.3.23
FF - prefs.js..extensions.enabledItems: {7EE8902C-75BE-4286-A6CE-0C483607A322}:0.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.4.48
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.6
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Clark Kent\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Clark Kent\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/08/14 09:43:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/20 05:41:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/20 05:41:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{df340737-4d2d-473e-a376-cc713ef560ba}: C:\Program Files\Copernic Desktop Search - Home\Firefox70Connector [2012/03/02 11:30:33 | 000,000,000 | ---D | M]

[2010/11/25 22:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Extensions
[2010/11/25 22:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/08/05 20:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions
[2012/12/25 18:16:25 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/11/24 15:27:50 | 000,000,000 | ---D | M] ("Tab Preview") -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}
[2011/06/10 07:48:30 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2010/11/24 15:27:51 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/07/17 15:52:56 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/07/20 05:55:02 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013/01/30 19:17:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/01/12 12:05:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/22 10:50:08 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/11/03 18:24:22 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/07/06 11:43:46 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/02/17 11:13:11 | 000,000,000 | ---D | M] (BarTab) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2013/02/17 14:33:53 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2011/10/01 11:40:00 | 000,000,000 | ---D | M] (Hide GUI Bars) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/02/17 11:03:00 | 000,000,000 | ---D | M] (Load Tabs Progressively) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2011/12/17 21:50:45 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/03/23 03:12:05 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2011/07/28 11:02:50 | 000,000,000 | ---D | M] (Restore Control) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/06/14 18:03:16 | 000,010,259 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2013/01/16 07:47:47 | 000,097,651 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2013/07/20 05:46:45 | 000,159,634 | R--- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/07/24 15:44:57 | 000,057,698 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/11/12 21:14:39 | 000,090,868 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2013/02/08 05:47:36 | 000,517,127 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013/01/30 19:17:12 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/06/14 18:03:17 | 000,010,884 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{7EE8902C-75BE-4286-A6CE-0C483607A322}.xpi
[2012/10/09 06:43:30 | 000,211,935 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}.xpi
[2013/02/09 14:01:40 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/07/20 05:55:04 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/20 05:46:45 | 001,194,356 | R--- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
[2013/01/06 16:59:19 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/01/16 07:47:49 | 000,118,969 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2011/11/15 20:29:45 | 000,002,253 | ---- | M] () -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\searchplugins\duckduckgo-ssl.xml
[2013/07/20 05:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/20 05:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/20 05:41:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://duckduckgo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Clark Kent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: TooManyTabs for Chrome = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\2.0.0_0\
CHR - Extension: WOT = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0\
CHR - Extension: YouTube = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.8_0\
CHR - Extension: Adblock Plus = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: Google Search = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Logitech Smooth Scrolling = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.60.170_0\
CHR - Extension: Tabs Outliner = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl\0.4.73_0\
CHR - Extension: FlashBlock = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: Do Not Track = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgaaifcfojgbncceneicipolopapchl\1.8_0\
CHR - Extension: Safe Money = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Session Manager = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.5_0\
CHR - Extension: Google Wallet Service = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Gmail = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/08/21 00:34:52 | 001,000,880 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.tgrmn.com
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl
O1 - Hosts: 31704 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {87E90E67-8655-4548-B037-03BA1158A487} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe (BonSoft)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartUp Organizer] C:\Program Files\StartUp Organizer\so.exe (MetaProducts corp.)
O4 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000..\Run: [Desktop iCalendar Lite.exe] File not found
O4 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000..\Run: [Dexpot] C:\Program Files\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk = C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1354689785-967205033-2114762968-1000\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2737B247-DBFD-47AE-A116-EC1E1AB1A8D8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52325FEB-85F8-4C4C-A6B7-BB246B52615F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Users\Clark Kent\Menus\Customising\Customise Folders info\AveFolderBG for Windows7 32Bit by LeeWhittington\AveFolderBGW732Bit\VistaFolderBackground.dll (Andreas Verhoeven)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/01/26 23:01:29 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{686ba9e6-211d-11e1-9f44-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{686ba9e6-211d-11e1-9f44-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE /AUTORUN
O33 - MountPoints2\D\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\D\Shell\install\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/23 16:12:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Clark Kent\Desktop\OTL.exe
[2013/08/22 13:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/08/18 08:20:43 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\qBittorrent
[2013/08/18 08:19:57 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\qBittorrent
[2013/08/18 08:18:59 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
[2013/08/18 08:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\qBittorrent
[2013/08/17 14:03:34 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\BANANA
[2013/08/17 13:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmoothDraw
[2013/08/17 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\mypaint
[2013/08/17 13:42:49 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint
[2013/08/17 13:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPaint
[2013/08/17 13:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\MyPaint
[2013/08/15 20:30:46 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Artweaver Free
[2013/08/15 20:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artweaver Free
[2013/08/15 20:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Artweaver Free 4
[2013/08/15 20:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Artweaver Free
[2013/08/15 20:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/08/15 20:22:45 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\Paint.NET
[2013/08/15 20:16:09 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\webkit
[2013/08/15 19:52:34 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\gtk-2.0
[2013/08/15 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\.thumbnails
[2013/08/15 19:44:00 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\gegl-0.2
[2013/08/15 19:44:00 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\.gimp-2.8
[2013/08/15 19:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/08/14 13:05:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/14 13:05:17 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/14 13:05:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/14 13:05:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/14 13:05:17 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/14 13:05:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/14 13:05:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/14 13:05:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/14 12:54:10 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/14 12:54:10 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/14 12:54:06 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/14 12:53:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/14 12:52:59 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013/08/14 09:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/08/14 09:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/08/06 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\Desktop 6
[2013/08/06 20:11:55 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\Desktop 5
[2013/08/06 18:21:44 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Dexpot
[2013/08/06 18:20:49 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dexpot
[2013/08/06 18:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dexpot
[2013/08/05 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\ultracopier
[2013/08/05 16:54:52 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\UpWay2Late
[2013/08/05 16:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\UpWay2Late.com Software
[2013/08/05 16:23:47 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy RoboCopy
[2013/08/05 16:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Easy RoboCopy
[2013/08/04 18:32:40 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Wireshark
[2013/08/04 17:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/08/04 17:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013/08/04 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/07/30 12:55:37 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/30 12:55:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/30 12:55:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/30 12:55:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/30 12:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/07/30 00:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack
[2013/07/30 00:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mythicsoft
[2013/07/29 01:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/07/28 20:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/07/28 20:38:47 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/28 20:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/07/28 20:38:34 | 000,594,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013/07/28 20:38:34 | 000,074,848 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/23 16:12:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clark Kent\Desktop\OTL.exe
[2013/08/23 16:11:25 | 000,013,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 16:11:25 | 000,013,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 16:10:16 | 000,676,626 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/23 16:10:16 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/23 16:04:11 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/08/23 16:03:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/23 16:03:47 | 2515,886,080 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/23 15:55:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354689785-967205033-2114762968-1000UA.job
[2013/08/23 11:21:08 | 000,007,644 | ---- | M] () -- C:\Users\Clark Kent\AppData\Local\Resmon.ResmonCfg
[2013/08/23 08:55:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354689785-967205033-2114762968-1000Core.job
[2013/08/22 13:40:20 | 000,381,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/22 13:18:36 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/08/21 00:34:52 | 001,000,880 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/21 00:20:58 | 000,002,315 | ---- | M] () -- C:\Users\Clark Kent\AppData\Roaming\SAS7_000.DAT
[2013/08/18 10:27:09 | 000,000,014 | ---- | M] () -- C:\Windows\System32\sysvm600ul.dll
[2013/08/17 14:29:00 | 000,004,023 | ---- | M] () -- C:\Users\Clark Kent\AppData\Local\recently-used.xbel
[2013/08/15 20:30:26 | 000,001,059 | ---- | M] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Artweaver Free 4.lnk
[2013/08/15 19:43:21 | 000,001,066 | ---- | M] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2013/08/15 18:43:57 | 000,003,244 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013/08/15 18:43:51 | 000,000,088 | RHS- | M] () -- C:\ProgramData\78B0018922.sys
[2013/08/14 09:43:37 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2013/08/07 04:48:15 | 001,000,880 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130821-003452.backup
[2013/08/07 04:48:15 | 001,000,880 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts - My Copy (with Spybot additions)
[2013/08/07 04:47:19 | 001,000,880 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130807-044815.backup
[2013/08/07 04:43:59 | 000,625,200 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130807-044719.backup
[2013/08/06 17:17:01 | 000,000,467 | ---- | M] () -- C:\Users\Clark Kent\Desktop\SAM-2T-P1 (E) (2).lnk
[2013/08/04 17:03:39 | 000,001,718 | ---- | M] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/07/30 12:55:28 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/07/30 12:55:28 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/07/30 12:55:28 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/30 12:55:28 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/30 12:55:28 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/30 12:55:28 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/29 15:02:58 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/29 15:02:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/28 20:48:11 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013/07/28 20:48:11 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kneps.sys
[2013/07/28 20:48:11 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2013/07/28 20:48:11 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys
[2013/07/28 20:48:11 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys
[2013/07/28 20:48:11 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys
[2013/07/25 20:48:40 | 000,073,728 | ---- | M] () -- C:\Windows\System32\SUO.cpl
[2013/07/25 15:05:45 | 000,000,442 | ---- | M] () -- C:\Windows\WININIT.INI
[2013/07/25 14:01:22 | 000,002,472 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/07/25 09:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/25 03:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/25 03:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/25 03:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/25 03:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/25 03:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/25 03:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/25 03:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/25 03:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/22 13:33:37 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2013/08/22 13:30:28 | 000,002,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/08/18 10:27:09 | 000,000,014 | ---- | C] () -- C:\Windows\System32\sysvm600ul.dll
[2013/08/17 14:29:00 | 000,004,023 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\recently-used.xbel
[2013/08/17 13:54:55 | 000,001,033 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmoothDraw 4.lnk
[2013/08/15 20:30:26 | 000,001,059 | ---- | C] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Artweaver Free 4.lnk
[2013/08/15 20:24:02 | 000,001,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/08/15 19:43:21 | 000,001,066 | ---- | C] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2013/08/15 19:43:21 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/08/15 18:43:48 | 000,000,088 | RHS- | C] () -- C:\ProgramData\78B0018922.sys
[2013/08/06 17:17:01 | 000,000,467 | ---- | C] () -- C:\Users\Clark Kent\Desktop\SAM-2T-P1 (E) (2).lnk
[2013/08/04 17:03:39 | 000,001,718 | ---- | C] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/08/04 17:03:39 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2013/07/16 08:45:30 | 000,019,744 | ---- | C] () -- C:\Windows\System32\RegBootDefrag.exe
[2013/07/15 17:07:23 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw54.bin
[2013/06/24 12:35:16 | 000,000,624 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/06/24 12:21:42 | 000,000,294 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/06/24 12:03:54 | 000,000,839 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\Drives Meter_Settings.ini
[2013/05/06 17:02:53 | 000,200,697 | ---- | C] () -- C:\Windows\System32\poclbm121016GeForce 8800 GTv1w256l4.bin
[2013/03/01 02:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012/10/11 14:14:15 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/10/11 13:44:21 | 000,000,097 | RHS- | C] () -- C:\ProgramData\1.12.5.lic
[2012/09/01 16:11:44 | 000,000,098 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\fusioncache.dat
[2012/09/01 13:00:25 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/09/01 13:00:25 | 000,022,328 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\PnkBstrK.sys
[2012/09/01 13:00:10 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/09/01 13:00:09 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/09/01 13:00:09 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/04/11 16:48:31 | 000,002,315 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\SAS7_000.DAT
[2012/03/09 13:15:14 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C926C72D90.sys
[2011/12/27 19:37:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/24 19:27:02 | 000,033,019 | ---- | C] () -- C:\Windows\System32\CoreAAC-uninstall.exe
[2011/12/07 20:43:10 | 000,000,491 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/11/25 19:19:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/09 21:02:48 | 000,000,543 | ---- | C] () -- C:\Windows\Lightspeed!.ini
[2011/10/09 16:43:43 | 000,000,119 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini
[2011/10/09 16:43:40 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2011/05/13 15:09:58 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8A52417C53.sys
[2011/03/16 10:37:25 | 000,000,079 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\CrystalDiskMark30.ini
[2011/02/25 21:29:58 | 000,000,632 | RHS- | C] () -- C:\Users\Clark Kent\ntuser.pol
[2011/01/10 16:42:57 | 000,148,195 | ---- | C] () -- C:\Program Files\Common Files\BookViewer.xap
[2011/01/10 16:40:19 | 000,003,584 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/10 16:04:47 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E622C8710D.sys
[2011/01/10 16:04:46 | 000,003,244 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/24 05:06:02 | 000,007,644 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/04 19:13:47 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\7stacks
[2013/07/16 09:41:44 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Absolute Uninstaller
[2011/03/13 15:28:18 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Acronis
[2012/04/24 11:09:41 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\AnvSoft
[2013/08/15 20:30:46 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Artweaver Free
[2012/10/13 11:16:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\ASCOMP Software
[2011/09/02 01:25:16 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Audacity
[2012/01/27 21:59:56 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\avidemux
[2011/11/18 08:47:21 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\BearWare.dk
[2011/12/03 23:16:00 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Bioshock2
[2013/07/23 04:22:38 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\BitTorrent
[2013/01/30 13:37:19 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Carthago
[2012/03/02 11:28:05 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Copernic
[2013/07/22 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\desksware
[2013/08/23 16:01:28 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Dexpot
[2011/12/04 19:38:39 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Easy Macro Recorder
[2010/12/09 20:38:29 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\EPSON
[2011/10/27 13:22:27 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\FileZilla
[2013/07/16 08:40:12 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Glarysoft
[2012/09/09 12:49:43 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\gsmartcontrol
[2012/09/06 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\hdd_guardian
[2013/06/13 14:13:15 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Hoyle
[2013/05/30 18:37:10 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Hoyle FaceCreator
[2013/06/15 19:09:30 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/10/08 08:51:38 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\IcoFX
[2010/12/07 16:44:33 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\JAM Software
[2011/01/10 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Jasc
[2011/09/27 14:00:30 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\JGoodies
[2011/01/19 14:11:59 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Leadertech
[2011/10/06 20:00:31 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\LibrariIcon
[2010/12/26 13:41:40 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\LockHunter
[2012/11/03 20:01:32 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\MatSpoon
[2011/01/28 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\MetaProducts
[2013/01/31 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Mobipocket
[2012/04/11 16:17:24 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Nuance
[2011/09/30 20:05:55 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\OfficeRecovery
[2013/04/08 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Opera
[2012/09/01 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Origin
[2011/02/12 19:11:17 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Paltalk
[2013/08/18 08:19:57 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\qBittorrent
[2011/09/15 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\ShellFolderFix
[2012/05/13 21:08:26 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\SoftFuse
[2013/02/08 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Sprite PC Agent
[2013/02/08 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Sprite Setup Wizard
[2013/02/08 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Sprite Software
[2013/07/02 14:33:51 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\SteelBytes
[2011/10/26 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Stellarium
[2011/10/27 10:36:27 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Sync App Settings
[2013/02/17 14:39:05 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\TeamViewer
[2012/11/06 14:47:09 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Thinstall
[2012/10/27 17:03:19 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\TrueCrypt
[2013/08/23 16:04:20 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\USBSafelyRemove
[2013/03/28 16:56:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\WinMount
[2013/08/04 18:32:40 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Wireshark
[2012/04/24 00:17:26 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/04/23 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Xilisoft
[2011/01/31 01:55:51 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\XNote Stopwatch

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 13:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 13:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 17:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 11:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 13:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 13:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 13:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 05:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 13:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 13:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 13:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 13:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 13:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 13:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 13:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: SERVICES >
[2013/07/26 20:06:46 | 002,871,412 | ---- | M] () MD5=5D59A5599087D1C839A7B85038644024 -- C:\Program Files\Wireshark\services
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2013/05/10 08:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.MSC.LNK >
[2013/05/07 09:51:25 | 000,000,846 | ---- | M] () MD5=DAE572BB1A9AADE40ACEE0892DA577D7 -- C:\Users\Clark Kent\Menus\Toolbox\BOOTUP CONTROL\services.msc.lnk

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is SGT-1T P1
Volume Serial Number is 3057-10EF
Directory of C:\
14/07/2009 05:53 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 05:53 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 05:53 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Clark Kent
18/11/2010 18:44 <JUNCTION> Application Data [C:\Users\Clark Kent\AppData\Roaming]
18/11/2010 18:44 <JUNCTION> Cookies [C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Cookies]
18/11/2010 18:44 <JUNCTION> Local Settings [C:\Users\Clark Kent\AppData\Local]
18/11/2010 18:44 <JUNCTION> My Documents [C:\Users\Clark Kent\Documents]
18/11/2010 18:44 <JUNCTION> NetHood [C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18/11/2010 18:44 <JUNCTION> PrintHood [C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18/11/2010 18:44 <JUNCTION> Recent [C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Recent]
18/11/2010 18:44 <JUNCTION> SendTo [C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\SendTo]
18/11/2010 18:44 <JUNCTION> Start Menu [C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu]
18/11/2010 18:44 <JUNCTION> Templates [C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Clark Kent\AppData\Local
18/11/2010 18:44 <JUNCTION> Application Data [C:\Users\Clark Kent\AppData\Local]
18/11/2010 18:44 <JUNCTION> History [C:\Users\Clark Kent\AppData\Local\Microsoft\Windows\History]
18/11/2010 18:44 <JUNCTION> Temporary Internet Files [C:\Users\Clark Kent\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Clark Kent\Documents
18/11/2010 18:44 <JUNCTION> My Music [C:\Users\Clark Kent\Music]
18/11/2010 18:44 <JUNCTION> My Pictures [C:\Users\Clark Kent\Pictures]
18/11/2010 18:44 <JUNCTION> My Videos [C:\Users\Clark Kent\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 05:53 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 05:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 05:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 05:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 05:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 05:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 05:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 05:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 05:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 05:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 05:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 05:53 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 05:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 05:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 05:53 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 05:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 05:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
22/12/2012 17:02 <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
22/12/2012 17:02 <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
22/12/2012 17:02 <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
22/12/2012 17:02 <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
22/12/2012 17:02 <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
22/12/2012 17:02 <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/12/2012 17:02 <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
22/12/2012 17:02 <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
22/12/2012 17:02 <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
22/12/2012 17:02 <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
22/12/2012 17:02 <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
22/12/2012 17:02 <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
22/12/2012 17:02 <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
22/12/2012 17:02 <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
22/12/2012 17:02 <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
22/12/2012 17:02 <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
11/01/2011 11:11 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
11/01/2011 11:11 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
11/01/2011 11:11 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
11/01/2011 11:11 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
30/03/2012 09:54 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/03/2012 09:54 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/03/2012 09:54 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
30/03/2012 09:54 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
30/03/2012 09:54 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
30/03/2012 09:54 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
11/01/2011 11:11 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
11/01/2011 11:11 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
11/01/2011 11:11 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
30/03/2012 09:54 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
30/03/2012 09:54 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
30/03/2012 09:54 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 702,780,981,248 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:F8710CB2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 108 bytes -> C:\Windows:

< End of report >
  • 0

#9
Zenith-1
Posted 23 August 2013 - 11:20 AM

Zenith-1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
There were two files created by the Avast scanner, the first one was labelled MBR & contains :-

3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤PhËû¹ ½¾€~ | …ƒÅâñ͈V UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`€~ t&fh fÿvh h |h h ´BŠV ‹ôÍŸƒÄžë¸» |ŠV ŠvŠNŠnÍfasþNu €~ €„Š ²€ë„U2äŠV Í]ëž>þ}Uªunÿv è uú°Ñædèƒ °ßæ`è| °ÿædèu û¸ »Íf#Àu;fûTCPAu2ùr,fh» fh  fh fSfSfUfh fh | fah ÍZ2öê | Í ·ë ¶ë µ2ä ‹ð¬< t » ´Íëòôëý+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system c{šûƒ›öö€ þÿÿ? ‚Ypt Uª


The second one was labelled aswMBR & contains :-

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-23 17:45:15
-----------------------------
17:45:15.699 OS Version: Windows 6.1.7601 Service Pack 1
17:45:15.700 Number of processors: 2 586 0xF0B
17:45:15.701 ComputerName: SATURNPC UserName:
17:45:26.359 Initialize success
17:47:06.309 AVAST engine defs: 13082300
17:47:49.516 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0
17:47:49.519 Disk 0 Vendor: ________ DA41 Size: 953869MB BusType: 8
17:47:49.523 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port0Path0Target1Lun0
17:47:49.526 Disk 1 Vendor: WDC_____ 800. Size: 190781MB BusType: 8
17:47:49.529 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\JRAID1Port0Path0Target2Lun0
17:47:49.532 Disk 2 Vendor: WDC_____ 800. Size: 190782MB BusType: 8
17:47:49.535 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP2T0L0-2
17:47:49.538 Disk 3 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3
17:47:49.542 Disk 4 (boot) \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP2T1L0-4
17:47:49.570 Disk 4 Vendor: ST31000333AS CC3H Size: 953869MB BusType: 3
17:47:49.575 Disk 5 \Device\Harddisk5\DR5 -> \Device\Ide\IdeDeviceP3T0L0-3
17:47:49.580 Disk 5 Vendor: ST32000542AS CC38 Size: 1907729MB BusType: 3
17:47:49.585 Disk 6 \Device\Harddisk6\DR6 -> \Device\Ide\IdeDeviceP3T1L0-5
17:47:49.590 Disk 6 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
17:47:49.595 Disk 7 \Device\Harddisk7\DR7 -> \Device\Ide\IdeDeviceP0T0L0-0
17:47:49.600 Disk 7 Vendor: WDC_WD2000JB-00GVA0 08.02D08 Size: 190782MB BusType: 3
17:47:49.670 Disk 4 MBR read successfully
17:47:49.675 Disk 4 MBR scan
17:47:49.682 Disk 4 Windows 7 default MBR code
17:47:49.687 Disk 4 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63
17:47:49.709 Disk 4 scanning sectors +1953520065
17:47:49.778 Disk 4 scanning C:\Windows\system32\drivers
17:48:02.262 Service scanning
17:48:10.546 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
17:48:10.688 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
17:48:10.719 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
17:48:10.749 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
17:48:10.784 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
17:48:10.821 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
17:48:25.977 Modules scanning
17:48:32.140 Disk 4 trace - called modules:
17:48:32.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys intelppm.sys
17:48:32.157 1 nt!IofCallDriver -> \Device\Harddisk4\DR4[0x86aac260]
17:48:32.161 3 CLASSPNP.SYS[8d65959e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-4[0x864ac030]
17:48:33.589 AVAST engine scan C:\Windows
17:48:36.928 AVAST engine scan C:\Windows\system32
17:51:57.552 AVAST engine scan C:\Windows\system32\drivers
17:52:25.918 AVAST engine scan C:\Users\Clark Kent
17:58:25.940 AVAST engine scan C:\ProgramData
18:04:20.536 Scan finished successfully
18:04:56.625 Disk 4 MBR has been saved successfully to "C:\Users\Clark Kent\Desktop\MBR.dat"
18:04:56.630 The log file has been saved successfully to "C:\Users\Clark Kent\Desktop\aswMBR.txt"
  • 0

#10
Essexboy
Posted 23 August 2013 - 11:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the MBAM log that found the bitcoin miner please as I need to know whether it was in the iswizard folder

The first aswmbr file was a raw dump of the MBR code

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Clark Kent\AppData\Local\Temp\tmpC89B.tmp -- (WinRing0_1_2_0)
O3 - HKLM\..\Toolbar: (no name) - {87E90E67-8655-4548-B037-03BA1158A487} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
@Alternate Data Stream - 108 bytes -> C:\Windows:

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#11
Zenith-1
Posted 23 August 2013 - 11:38 AM

Zenith-1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OK, trying to get the MBAM logs for you.....
  • 0

#12
Zenith-1
Posted 23 August 2013 - 11:57 AM

Zenith-1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I found two MBAM Logs... During my own exploratory tests, I remember that I copied one suspect file to the Desktop to run some scan tests on it (a bit like putting an insect under a microscope). That may explain the two differing Logs, as follows :-


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.06.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Clark Kent :: SATURNPC [administrator]

06/05/2013 17:24:48
mbam-log-2013-05-06 (17-24-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244109
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Clark Kent\AppData\Local\Temp\svchost.exe (PUP.BitCoinMiner) -> No action taken.
C:\Users\Clark Kent\AppData\Local\Temp\Temporary Internet Files\Content.IE5\VA4DSX1O\svchost[1].exe (PUP.BitCoinMiner) -> No action taken.
C:\Users\Clark Kent\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot.

(end)

------------------------------------------------------------------

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.06.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Clark Kent :: SATURNPC [administrator]

06/05/2013 18:08:31
mbam-log-2013-05-06 (18-08-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246130
Time elapsed: 7 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Clark Kent\AppData\Local\Temp\svchost.exe (PUP.BitCoinMiner) -> Delete on reboot.
C:\Users\Clark Kent\Desktop\svchost.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Clark Kent\AppData\Local\Temp\Temporary Internet Files\Content.IE5\VA4DSX1O\svchost[1].exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Clark Kent\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Users\Clark Kent\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
  • 0

#13
Zenith-1
Posted 23 August 2013 - 12:37 PM

Zenith-1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Essexboy, Scan done as you you requested, 'All Users' was NOT checked (like your image above):-

OTL logfile created on: 23/08/2013 19:23:16 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clark Kent\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.12 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 64.73% Memory free
7.11 Gb Paging File | 5.70 Gb Available in Paging File | 80.19% Paging File free
Paging file location(s): c:\pagefile.sys 4090 4090 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 653.63 Gb Free Space | 70.17% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 217.03 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 47.73 Gb Free Space | 16.01% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 217.02 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive H: | 186.31 Gb Total Space | 92.36 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
Drive I: | 186.31 Gb Total Space | 72.54 Gb Free Space | 38.93% Space Free | Partition Type: NTFS
Drive O: | 186.31 Gb Total Space | 26.89 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive Q: | 931.51 Gb Total Space | 304.23 Gb Free Space | 32.66% Space Free | Partition Type: NTFS

Computer Name: SATURNPC | User Name: Clark Kent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/23 16:12:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clark Kent\Desktop\OTL.exe
PRC - [2013/07/31 21:30:36 | 002,296,600 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2013/07/28 20:44:38 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/07/25 20:48:40 | 002,012,088 | ---- | M] (MetaProducts corp.) -- C:\Program Files\StartUp Organizer\so.exe
PRC - [2013/07/05 18:19:48 | 001,439,824 | ---- | M] (Dexpot GbR) -- C:\Program Files\Dexpot\dexpot.exe
PRC - [2013/07/05 18:19:48 | 000,183,888 | ---- | M] (Dexpot GbR) -- C:\Program Files\Dexpot\plugins\DexControl.exe
PRC - [2013/07/05 18:19:48 | 000,155,728 | ---- | M] (Dexpot GbR) -- C:\Program Files\Dexpot\plugins\SevenDex.exe
PRC - [2013/07/04 13:16:26 | 005,900,288 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
PRC - [2013/06/13 20:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/13 22:56:20 | 001,035,576 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2013/01/18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/01/14 16:48:34 | 002,090,496 | ---- | M] (BonSoft) -- C:\Program Files\ClocX\ClocX.exe
PRC - [2013/01/12 17:04:42 | 000,119,008 | ---- | M] (AddGadgets) -- C:\Users\Clark Kent\Menus\Toolbox\Gadgets\PCMeter (used by CPU & GPUMeter 'Gadgets')\PCMeter (used by CPU & GPUMeter 'Gadgets')\PCMeterV0.3.exe
PRC - [2012/12/26 18:05:24 | 001,017,856 | ---- | M] (Carthago Software) -- C:\Program Files\MemInfo\meminfo.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/07/31 12:12:32 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe
PRC - [2011/03/10 17:04:37 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/01 20:53:26 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/10/17 23:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/09/28 18:52:46 | 001,819,648 | ---- | M] () -- C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2010/03/22 10:17:22 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2010/03/22 10:17:20 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/18 15:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/04/02 13:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2006/11/09 22:29:14 | 003,165,696 | ---- | M] () -- C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
PRC - [2006/11/09 19:44:32 | 000,221,184 | ---- | M] (T-wins) -- C:\Program Files\ASUS\ASUS DH Remote\AsDHRemote.exe
PRC - [2004/09/22 13:58:54 | 000,292,864 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\DriveLED\oodled.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/14 13:03:21 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/14 13:00:12 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\3bcb445cac3c184e836364cd265ccf53\System.Configuration.Install.ni.dll
MOD - [2013/08/14 12:59:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/14 12:59:21 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 12:57:16 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 12:57:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 12:07:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/09/07 17:57:26 | 000,452,592 | ---- | M] () -- C:\Program Files\ASCOMP Software\Secure Eraser\SecEraser32.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/09/28 18:52:46 | 001,819,648 | ---- | M] () -- C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
MOD - [2010/09/28 18:52:34 | 000,086,528 | ---- | M] () -- C:\Program Files\ShellFolderFix\ShellFolderFix.dll
MOD - [2010/07/28 03:24:30 | 000,117,904 | ---- | M] () -- c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2010/07/04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2006/11/09 22:29:14 | 003,165,696 | ---- | M] () -- C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
MOD - [2006/11/09 19:18:38 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\ASUS DH Remote\AiNap.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/07/28 20:44:38 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/07/26 23:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/20 05:41:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 20:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/13 22:56:20 | 001,035,576 | ---- | M] (Crystal Rich Ltd) [Auto | Running] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2013/03/01 02:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/24 12:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/31 12:12:32 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/03/14 14:35:28 | 000,296,232 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/03/14 14:35:24 | 000,087,336 | ---- | M] (CyberLink Corp.) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012/03/14 14:35:24 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011/03/10 17:04:37 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/02/01 20:53:26 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/23 23:33:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/17 23:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/03/22 10:17:22 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/18 15:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/04/02 13:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Clark Kent\AppData\Local\Temp\tmpA2C3.tmp -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV - [2013/07/28 20:48:11 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/07/28 20:48:11 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013/07/28 20:48:11 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/07/28 20:48:11 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/07/28 20:48:11 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/07/22 08:34:52 | 000,011,552 | ---- | M] (Glarysoft Ltd) [Kernel | On_Demand | Stopped] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - [2013/07/04 16:38:20 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2013/07/04 16:37:08 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/07/04 16:37:08 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/07/04 16:37:08 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2013/07/04 16:37:08 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2013/05/23 07:12:34 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013/05/23 07:12:32 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/05/23 07:12:30 | 000,042,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2013/05/23 07:12:30 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2013/03/01 02:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/07 11:36:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012/05/15 18:45:27 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/02/16 20:46:34 | 000,087,536 | ---- | M] (CyberLink Corp.) [2012/04/29 10:04:11] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/11/28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2011/10/27 07:18:45 | 000,120,432 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys -- (ntk_PowerDVD12)
DRV - [2011/05/26 10:29:24 | 000,317,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2011/05/19 16:55:28 | 000,103,512 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2011/03/14 13:23:39 | 000,065,856 | ---- | M] (WinMount International Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\WMDrive.sys -- (WMDrive)
DRV - [2011/03/11 15:42:53 | 000,011,936 | ---- | M] (Highresolution Enterprises [www.highrez.co.uk]) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\inpout32.sys -- (inpout32)
DRV - [2011/03/10 17:04:39 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/03/10 17:04:10 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2011/03/10 17:03:53 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/03/10 17:02:33 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010/12/18 12:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/17 23:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/10/12 20:32:22 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/10/12 20:32:20 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2010/10/12 20:32:20 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/12 14:42:30 | 000,127,790 | ---- | M] (R-TT Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\R-Drive Image\R-ImageDisk.sys -- (R-ImageDisk)
DRV - [2010/06/07 17:02:28 | 001,579,144 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2010/05/31 21:51:14 | 000,102,848 | ---- | M] (R-TT Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\R-Drive Image\DrvSnSht.sys -- (DrvSnSht)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/01/07 04:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009/09/23 02:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/23 02:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/15 15:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/04 11:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/16 12:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/02/29 11:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/06 17:29:08 | 010,342,784 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2004/09/22 13:57:14 | 000,015,488 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled)
DRV - [2004/05/21 09:05:22 | 000,175,104 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GigNIC.sys -- (GigNIC)
DRV - [2002/05/10 14:31:48 | 000,633,220 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Intels51.sys -- (Intels51)
DRV - [2002/03/01 01:35:00 | 000,280,644 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCWBT8XX.sys -- (HCWBT8xx)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...hp?hl=en&tab=ww
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E A6 F7 65 F2 14 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {DFE1F85F-7B90-421E-AE5F-67AE55C1F56E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DFE1F85F-7B90-421E-AE5F-67AE55C1F56E}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: faviconizetab%40espion.just-size.jp:1.0.6
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2
FF - prefs.js..extensions.enabledAddons: LDSI_plashcor%40gmail.com:0.8.7
FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.1.7
FF - prefs.js..extensions.enabledAddons: tinyurl.addon%40fast-chat.co.uk:2.6.1
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.6
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.5
FF - prefs.js..extensions.enabledAddons: %7B28FAD68E-4001-48d5-B994-68069F7CFB1D%7D:0.4.9
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B7EE8902C-75BE-4286-A6CE-0C483607A322%7D:2.0.0
FF - prefs.js..extensions.enabledAddons: %7B89506680-e3f4-484c-a2c0-ed711d481eda%7D:0.9.5.9
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.6
FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:20.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120515
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.3.55472
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.3.23
FF - prefs.js..extensions.enabledItems: {7EE8902C-75BE-4286-A6CE-0C483607A322}:0.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.4.48
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.6
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Clark Kent\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Clark Kent\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/28 20:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/08/14 09:43:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/20 05:41:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/20 05:41:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{df340737-4d2d-473e-a376-cc713ef560ba}: C:\Program Files\Copernic Desktop Search - Home\Firefox70Connector [2012/03/02 11:30:33 | 000,000,000 | ---D | M]

[2010/11/25 22:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Extensions
[2010/11/25 22:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/08/05 20:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions
[2012/12/25 18:16:25 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/11/24 15:27:50 | 000,000,000 | ---D | M] ("Tab Preview") -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}
[2011/06/10 07:48:30 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2010/11/24 15:27:51 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/07/17 15:52:56 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/07/20 05:55:02 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013/01/30 19:17:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/01/12 12:05:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/22 10:50:08 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/11/03 18:24:22 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/07/06 11:43:46 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/02/17 11:13:11 | 000,000,000 | ---D | M] (BarTab) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2013/02/17 14:33:53 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2011/10/01 11:40:00 | 000,000,000 | ---D | M] (Hide GUI Bars) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/02/17 11:03:00 | 000,000,000 | ---D | M] (Load Tabs Progressively) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2011/12/17 21:50:45 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/03/23 03:12:05 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2011/07/28 11:02:50 | 000,000,000 | ---D | M] (Restore Control) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/06/14 18:03:16 | 000,010,259 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2013/01/16 07:47:47 | 000,097,651 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2013/07/20 05:46:45 | 000,159,634 | R--- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/07/24 15:44:57 | 000,057,698 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2012/11/12 21:14:39 | 000,090,868 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\[email protected]
[2013/02/08 05:47:36 | 000,517,127 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013/01/30 19:17:12 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/06/14 18:03:17 | 000,010,884 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{7EE8902C-75BE-4286-A6CE-0C483607A322}.xpi
[2012/10/09 06:43:30 | 000,211,935 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}.xpi
[2013/02/09 14:01:40 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/07/20 05:55:04 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/20 05:46:45 | 001,194,356 | R--- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
[2013/01/06 16:59:19 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/01/16 07:47:49 | 000,118,969 | ---- | M] () (No name found) -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2011/11/15 20:29:45 | 000,002,253 | ---- | M] () -- C:\Users\Clark Kent\AppData\Roaming\Mozilla\Firefox\Profiles\jywmixqx.default\searchplugins\duckduckgo-ssl.xml
[2013/07/20 05:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/20 05:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/20 05:41:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://duckduckgo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Clark Kent\AppData\Local\Google\Chrome\Application\29.0.1547.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Clark Kent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: TooManyTabs for Chrome = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\2.0.0_0\
CHR - Extension: WOT = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0\
CHR - Extension: YouTube = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.8_0\
CHR - Extension: Adblock Plus = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: Google Search = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Logitech Smooth Scrolling = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.60.170_0\
CHR - Extension: Tabs Outliner = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl\0.4.73_0\
CHR - Extension: FlashBlock = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: Do Not Track = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgaaifcfojgbncceneicipolopapchl\1.8_0\
CHR - Extension: Safe Money = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Session Manager = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.5_0\
CHR - Extension: Google Wallet Service = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Gmail = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Clark Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/08/23 19:10:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe (BonSoft)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartUp Organizer] C:\Program Files\StartUp Organizer\so.exe (MetaProducts corp.)
O4 - HKCU..\Run: [Desktop iCalendar Lite.exe] File not found
O4 - HKCU..\Run: [Dexpot] C:\Program Files\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O4 - Startup: C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk = C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2737B247-DBFD-47AE-A116-EC1E1AB1A8D8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52325FEB-85F8-4C4C-A6B7-BB246B52615F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Users\Clark Kent\Menus\Customising\Customise Folders info\AveFolderBG for Windows7 32Bit by LeeWhittington\AveFolderBGW732Bit\VistaFolderBackground.dll (Andreas Verhoeven)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/01/26 23:01:29 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{686ba9e6-211d-11e1-9f44-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{686ba9e6-211d-11e1-9f44-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE /AUTORUN
O33 - MountPoints2\D\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\D\Shell\install\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/23 19:21:51 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\Desktop\_OTL - copy
[2013/08/23 19:10:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/23 18:38:52 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\Desktop\New folder
[2013/08/23 16:27:13 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Clark Kent\Desktop\aswMBR.exe
[2013/08/23 16:12:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Clark Kent\Desktop\OTL.exe
[2013/08/22 13:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/08/18 08:20:43 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\qBittorrent
[2013/08/18 08:19:57 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\qBittorrent
[2013/08/18 08:18:59 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
[2013/08/18 08:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\qBittorrent
[2013/08/17 14:03:34 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\BANANA
[2013/08/17 13:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmoothDraw
[2013/08/17 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\mypaint
[2013/08/17 13:42:49 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint
[2013/08/17 13:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPaint
[2013/08/17 13:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\MyPaint
[2013/08/15 20:30:46 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Artweaver Free
[2013/08/15 20:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artweaver Free
[2013/08/15 20:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Artweaver Free 4
[2013/08/15 20:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Artweaver Free
[2013/08/15 20:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/08/15 20:22:45 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\Paint.NET
[2013/08/15 20:16:09 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\webkit
[2013/08/15 19:52:34 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\gtk-2.0
[2013/08/15 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\.thumbnails
[2013/08/15 19:44:00 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\gegl-0.2
[2013/08/15 19:44:00 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\.gimp-2.8
[2013/08/15 19:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/08/14 09:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/08/14 09:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/08/06 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\Desktop 6
[2013/08/06 20:11:55 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\Desktop 5
[2013/08/06 18:21:44 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Dexpot
[2013/08/06 18:20:49 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dexpot
[2013/08/06 18:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dexpot
[2013/08/05 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\ultracopier
[2013/08/05 16:54:52 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Local\UpWay2Late
[2013/08/05 16:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\UpWay2Late.com Software
[2013/08/05 16:23:47 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy RoboCopy
[2013/08/05 16:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Easy RoboCopy
[2013/08/04 18:32:40 | 000,000,000 | ---D | C] -- C:\Users\Clark Kent\AppData\Roaming\Wireshark
[2013/08/04 17:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/08/04 17:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013/08/04 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/07/30 12:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/07/30 00:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack
[2013/07/30 00:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mythicsoft
[2013/07/29 01:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/07/28 20:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/07/28 20:38:47 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/28 20:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/07/28 20:38:34 | 000,594,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013/07/28 20:38:34 | 000,074,848 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys

========== Files - Modified Within 30 Days ==========

[2013/08/23 19:21:25 | 000,013,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 19:21:25 | 000,013,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 19:20:11 | 000,676,626 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/23 19:20:11 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/23 19:14:14 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/08/23 19:13:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/23 19:13:54 | 2515,886,080 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/23 19:10:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/08/23 18:55:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354689785-967205033-2114762968-1000UA.job
[2013/08/23 18:04:56 | 000,000,512 | ---- | M] () -- C:\Users\Clark Kent\Desktop\MBR.dat
[2013/08/23 17:13:28 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Clark Kent\Desktop\aswMBR.exe
[2013/08/23 16:12:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clark Kent\Desktop\OTL.exe
[2013/08/23 11:21:08 | 000,007,644 | ---- | M] () -- C:\Users\Clark Kent\AppData\Local\Resmon.ResmonCfg
[2013/08/23 08:55:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354689785-967205033-2114762968-1000Core.job
[2013/08/22 13:40:20 | 000,381,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/22 13:18:36 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/08/21 00:20:58 | 000,002,315 | ---- | M] () -- C:\Users\Clark Kent\AppData\Roaming\SAS7_000.DAT
[2013/08/18 10:27:09 | 000,000,014 | ---- | M] () -- C:\Windows\System32\sysvm600ul.dll
[2013/08/17 14:29:00 | 000,004,023 | ---- | M] () -- C:\Users\Clark Kent\AppData\Local\recently-used.xbel
[2013/08/15 20:30:26 | 000,001,059 | ---- | M] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Artweaver Free 4.lnk
[2013/08/15 19:43:21 | 000,001,066 | ---- | M] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2013/08/15 18:43:57 | 000,003,244 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013/08/15 18:43:51 | 000,000,088 | RHS- | M] () -- C:\ProgramData\78B0018922.sys
[2013/08/07 04:48:15 | 001,000,880 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130821-003452.backup
[2013/08/07 04:48:15 | 001,000,880 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts - My Copy (with Spybot additions)
[2013/08/07 04:47:19 | 001,000,880 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130807-044815.backup
[2013/08/07 04:43:59 | 000,625,200 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130807-044719.backup
[2013/08/06 17:17:01 | 000,000,467 | ---- | M] () -- C:\Users\Clark Kent\Desktop\SAM-2T-P1 (E) (2).lnk
[2013/08/04 17:03:39 | 000,001,718 | ---- | M] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/07/28 20:48:11 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013/07/28 20:48:11 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kneps.sys
[2013/07/28 20:48:11 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2013/07/28 20:48:11 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys
[2013/07/28 20:48:11 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys
[2013/07/28 20:48:11 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys
[2013/07/25 20:48:40 | 000,073,728 | ---- | M] () -- C:\Windows\System32\SUO.cpl
[2013/07/25 15:05:45 | 000,000,442 | ---- | M] () -- C:\Windows\WININIT.INI
[2013/07/25 14:01:22 | 000,002,472 | ---- | M] () -- C:\Windows\Sandboxie.ini

========== Files Created - No Company Name ==========

[2013/08/23 18:04:56 | 000,000,512 | ---- | C] () -- C:\Users\Clark Kent\Desktop\MBR.dat
[2013/08/22 13:33:37 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2013/08/22 13:30:28 | 000,002,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/08/18 10:27:09 | 000,000,014 | ---- | C] () -- C:\Windows\System32\sysvm600ul.dll
[2013/08/17 14:29:00 | 000,004,023 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\recently-used.xbel
[2013/08/17 13:54:55 | 000,001,033 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmoothDraw 4.lnk
[2013/08/15 20:30:26 | 000,001,059 | ---- | C] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Artweaver Free 4.lnk
[2013/08/15 20:24:02 | 000,001,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/08/15 19:43:21 | 000,001,066 | ---- | C] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2013/08/15 19:43:21 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/08/15 18:43:48 | 000,000,088 | RHS- | C] () -- C:\ProgramData\78B0018922.sys
[2013/08/06 17:17:01 | 000,000,467 | ---- | C] () -- C:\Users\Clark Kent\Desktop\SAM-2T-P1 (E) (2).lnk
[2013/08/04 17:03:39 | 000,001,718 | ---- | C] () -- C:\Users\Clark Kent\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/08/04 17:03:39 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2013/07/16 08:45:30 | 000,019,744 | ---- | C] () -- C:\Windows\System32\RegBootDefrag.exe
[2013/07/15 17:07:23 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw54.bin
[2013/06/24 12:35:16 | 000,000,624 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/06/24 12:21:42 | 000,000,294 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/06/24 12:03:54 | 000,000,839 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\Drives Meter_Settings.ini
[2013/05/06 17:02:53 | 000,200,697 | ---- | C] () -- C:\Windows\System32\poclbm121016GeForce 8800 GTv1w256l4.bin
[2013/03/01 02:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012/10/11 14:14:15 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/10/11 13:44:21 | 000,000,097 | RHS- | C] () -- C:\ProgramData\1.12.5.lic
[2012/09/01 16:11:44 | 000,000,098 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\fusioncache.dat
[2012/09/01 13:00:25 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/09/01 13:00:25 | 000,022,328 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\PnkBstrK.sys
[2012/09/01 13:00:10 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/09/01 13:00:09 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/09/01 13:00:09 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/04/11 16:48:31 | 000,002,315 | ---- | C] () -- C:\Users\Clark Kent\AppData\Roaming\SAS7_000.DAT
[2012/03/09 13:15:14 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C926C72D90.sys
[2011/12/27 19:37:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/24 19:27:02 | 000,033,019 | ---- | C] () -- C:\Windows\System32\CoreAAC-uninstall.exe
[2011/12/07 20:43:10 | 000,000,491 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/11/25 19:19:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/09 21:02:48 | 000,000,543 | ---- | C] () -- C:\Windows\Lightspeed!.ini
[2011/10/09 16:43:43 | 000,000,119 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini
[2011/10/09 16:43:40 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2011/05/13 15:09:58 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8A52417C53.sys
[2011/03/16 10:37:25 | 000,000,079 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\CrystalDiskMark30.ini
[2011/02/25 21:29:58 | 000,000,632 | RHS- | C] () -- C:\Users\Clark Kent\ntuser.pol
[2011/01/10 16:42:57 | 000,148,195 | ---- | C] () -- C:\Program Files\Common Files\BookViewer.xap
[2011/01/10 16:40:19 | 000,003,584 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/10 16:04:47 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E622C8710D.sys
[2011/01/10 16:04:46 | 000,003,244 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/24 05:06:02 | 000,007,644 | ---- | C] () -- C:\Users\Clark Kent\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/04 19:13:47 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\7stacks
[2013/07/16 09:41:44 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Absolute Uninstaller
[2011/03/13 15:28:18 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Acronis
[2012/04/24 11:09:41 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\AnvSoft
[2013/08/15 20:30:46 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Artweaver Free
[2012/10/13 11:16:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\ASCOMP Software
[2011/09/02 01:25:16 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Audacity
[2012/01/27 21:59:56 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\avidemux
[2011/11/18 08:47:21 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\BearWare.dk
[2011/12/03 23:16:00 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Bioshock2
[2013/07/23 04:22:38 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\BitTorrent
[2013/01/30 13:37:19 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Carthago
[2012/03/02 11:28:05 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Copernic
[2013/07/22 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\desksware
[2013/08/23 16:01:28 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Dexpot
[2011/12/04 19:38:39 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Easy Macro Recorder
[2010/12/09 20:38:29 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\EPSON
[2011/10/27 13:22:27 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\FileZilla
[2013/07/16 08:40:12 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Glarysoft
[2012/09/09 12:49:43 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\gsmartcontrol
[2012/09/06 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\hdd_guardian
[2013/06/13 14:13:15 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Hoyle
[2013/05/30 18:37:10 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Hoyle FaceCreator
[2013/06/15 19:09:30 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/10/08 08:51:38 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\IcoFX
[2010/12/07 16:44:33 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\JAM Software
[2011/01/10 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Jasc
[2011/09/27 14:00:30 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\JGoodies
[2011/01/19 14:11:59 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Leadertech
[2011/10/06 20:00:31 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\LibrariIcon
[2010/12/26 13:41:40 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\LockHunter
[2012/11/03 20:01:32 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\MatSpoon
[2011/01/28 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\MetaProducts
[2013/01/31 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Mobipocket
[2012/04/11 16:17:24 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Nuance
[2011/09/30 20:05:55 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\OfficeRecovery
[2013/04/08 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Opera
[2012/09/01 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Origin
[2011/02/12 19:11:17 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Paltalk
[2013/08/18 08:19:57 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\qBittorrent
[2011/09/15 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\ShellFolderFix
[2012/05/13 21:08:26 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\SoftFuse
[2013/02/08 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Sprite PC Agent
[2013/02/08 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Sprite Setup Wizard
[2013/02/08 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Sprite Software
[2013/07/02 14:33:51 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\SteelBytes
[2011/10/26 15:13:51 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Stellarium
[2011/10/27 10:36:27 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Sync App Settings
[2013/02/17 14:39:05 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\TeamViewer
[2012/11/06 14:47:09 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Thinstall
[2012/10/27 17:03:19 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\TrueCrypt
[2013/08/23 19:14:48 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\USBSafelyRemove
[2013/03/28 16:56:13 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\WinMount
[2013/08/04 18:32:40 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Wireshark
[2012/04/24 00:17:26 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/04/23 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\Xilisoft
[2011/01/31 01:55:51 | 000,000,000 | ---D | M] -- C:\Users\Clark Kent\AppData\Roaming\XNote Stopwatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:F8710CB2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 108 bytes -> C:\Windows:

< End of report >
  • 0

#14
Zenith-1
Posted 23 August 2013 - 01:05 PM

Zenith-1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
That 'Hosts' file OTL just took out, albeit 978kb, was an amalgam of three parts... Win 7 install, original Hosts file (1kb)... Adblocker Filters (610kb)... SpyBot2 SD added its own filters (367kb) to it.

That Hosts file blocked just about every advertising co. & its cookies, from accessing my PC... It stopped annoying programs on my PC from accessing the internet & causing pop-up pages... It also blocked Adverts on Paltalk & actually made Paltalk usable... SpyBot had it own uses for its filters.

No problem, I have a copy of it.

Edited by Zenith-1, 23 August 2013 - 01:09 PM.

  • 0

#15
Essexboy
Posted 23 August 2013 - 01:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Phew, not often I see a custom Host file. How is the computer behaving now ? All the bad files were in the temporary folders which OTL has now cleaned
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP