Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

For RKinner

Started by zac1 , Sep 02 2013 04:25 PM

  • Please log in to reply

#1
zac1
Posted 02 September 2013 - 04:25 PM

zac1

    Member

  • Member
  • PipPip
  • 59 posts
please can you give me details of OTL and extras logs.Thank you.
  • 0

Advertisements

#2
RKinner
Posted 02 September 2013 - 05:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
I need you to download OTL.exe from
http://www.geekstogo...timers-list-it/

(http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/)
and Save it to your desktop.

Right click on otl.exe and select Run As Administrator. It will ask you if you want to allow the following program OTL.exe to make changes to your system or words to that effect. Tell it Yes. It will open a new window. There will be a button Quickscan. Press it and wait until it finishes (usually in 10 or 15 minutes). You will get two logs since this is the first time you have run it. I want both of them. You will need to Reply to this post and copy and paste the text from each log.
  • 0

#3
zac1
Posted 03 September 2013 - 01:24 AM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Please send me details of OTL and two logs

Regards
zac1
  • 0

#4
zac1
Posted 03 September 2013 - 10:06 AM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hello Ron,
I have got the otl but do not see the two logs.I am sending what came up.
OTL logfile created on: 9/3/2013 4:34:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 4.20 Gb Available Physical Memory | 74.90% Memory free
11.21 Gb Paging File | 9.73 Gb Available in Paging File | 86.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 87.24 Gb Free Space | 58.54% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 39.76 Gb Free Space | 26.75% Space Free | Partition Type: NTFS

Computer Name: ANDREW-TOSH | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 16:32:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Downloads\OTL.exe
PRC - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
PRC - [2013/04/26 14:57:22 | 001,177,224 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Program Files (x86)\Secure Speed Dial\IE\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/31 22:17:38 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/08/12 09:22:07 | 000,596,832 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV:64bit: - [2013/08/12 09:22:04 | 000,684,896 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV:64bit: - [2013/08/12 09:22:04 | 000,243,552 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2013/08/12 09:22:03 | 000,376,160 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV:64bit: - [2013/08/12 09:22:03 | 000,340,320 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2013/08/12 09:22:02 | 000,619,360 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV:64bit: - [2013/08/12 09:22:02 | 000,445,856 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV:64bit: - [2013/08/12 09:18:51 | 000,353,120 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/01 10:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\4959228drv.sys -- (4959228drv)
DRV:64bit: - [2013/05/26 21:48:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/26 21:48:16 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/26 21:48:15 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/03/18 14:25:00 | 000,068,720 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2013/03/17 23:36:16 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/01/25 14:33:16 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/20 14:11:38 | 000,464,480 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2012/11/20 14:11:38 | 000,040,544 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (AFW)
DRV:64bit: - [2012/10/04 08:38:58 | 000,034,928 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BdNet.sys -- (BdNet)
DRV:64bit: - [2012/06/26 10:48:34 | 000,256,072 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV:64bit: - [2012/06/26 10:48:34 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/29 08:40:02 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/06/29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE:64bit: - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 7C 2D 29 8F 68 CE 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}
IE - HKCU\..\SearchScopes\{16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{23303B5B-C540-4BE4-83F1-8C0DC4FACEBC}: "URL" = http://websearch.ask...41-3D2C671F5827
IE - HKCU\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://isearch.avg.c...fr&d=2012-01-07 04:52:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{3D9DC740-E406-42D2-8871-4B15DA52C51E}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{5715C1D3-7F11-4D86-B22C-814B8C34C38D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7EC4E5A4-99D1-46A5-9649-01107F3AA6DB}: "URL" = https://startpage.co...uage=english_uk
IE - HKCU\..\SearchScopes\{8AA527DD-48AE-4EDC-AEB7-155463CF3E2A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AAAEE6DC-4E10-4705-87AF-F0806210CBD3}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{C308655F-C2AB-4F50-8EA7-BDD9C66ECAF2}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2013/09/03 14:08:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/01 08:10:23 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{332F2E0C-25BC-4B9F-B282-A06785088426}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{5CDE1C03-381D-4A8E-9931-75AD9AEF0024}
[2013/09/02 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\ProcAlyzer Dumps
[2013/09/02 11:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/01 12:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/01 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Deployment
[2013/09/01 09:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013/08/30 03:04:11 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{899D16EF-9ACE-4C07-B2D8-C9EE458E0286}
[2013/08/30 01:40:59 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Wise Care 365
[2013/08/30 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013/08/30 01:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivaZer
[2013/08/15 07:08:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/08/15 05:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/08/14 06:52:22 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{9CFD3332-1A1A-44EF-8953-E0F0176E054C}
[2013/08/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 21:18:36 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\LogMeIn Rescue Applet
[2013/08/13 01:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial
[2013/08/12 09:22:54 | 000,125,496 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:54 | 000,113,088 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 09:22:51 | 000,073,056 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:51 | 000,060,256 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 01:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/08/11 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\andrew\Doctor Web
[2013/08/11 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{C86DFA3B-13C0-423E-A228-1535BB032B4B}
[2013/08/11 06:17:00 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/11 06:15:08 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/11 04:34:39 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2013/08/11 04:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2013/08/11 04:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2013/08/11 04:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2013/08/11 04:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2013/08/11 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/11 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/08 06:36:20 | 000,556,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/08 05:59:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/08 05:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/08/07 19:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/08/07 14:56:38 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/08/07 14:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/08/05 19:11:00 | 000,000,000 | ---D | C] -- C:\EEK
[2013/08/04 23:11:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/07/21 09:11:20 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2013/02/07 13:11:02 | 003,226,824 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\Utils.dll
[2013/02/07 13:10:34 | 004,742,856 | ---- | C] (Terra Informatica Software, Inc.) -- C:\Program Files (x86)\sciter-x.dll
[2013/02/07 13:10:10 | 002,218,184 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\RegistryDefrag.dll
[2013/02/07 13:09:46 | 000,067,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\offreg.dll
[2013/02/07 13:09:38 | 000,519,368 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\DiskDuplicates.dll
[2013/02/07 13:09:30 | 000,213,704 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CPluginServicePS.dll
[2013/02/07 13:09:22 | 002,282,696 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPluginService.exe
[2013/02/07 13:09:06 | 000,330,440 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CategoryFactory.dll
[2013/02/07 13:08:44 | 009,851,080 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPCTuneUp.exe
[2013/02/04 10:20:40 | 001,674,752 | ---- | C] (COMODO Security Solutions) -- C:\Program Files (x86)\feedback.dll

========== Files - Modified Within 30 Days ==========

[2013/09/03 16:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 16:30:43 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 16:30:43 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 16:30:02 | 000,736,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/03 16:30:02 | 000,633,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/03 16:30:02 | 000,115,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/03 16:27:15 | 000,000,576 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/03 16:26:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/03 16:25:55 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/09/03 16:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/03 16:24:56 | 218,865,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/03 06:13:07 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/09/02 16:00:49 | 000,005,698 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 20:39:12 | 000,002,246 | ---- | M] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 09:07:23 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:36:56 | 000,015,618 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/09/01 08:19:15 | 000,294,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/01 08:16:53 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/01 08:10:23 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/01 03:56:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/31 01:39:49 | 000,239,723 | ---- | M] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | M] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/15 06:31:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_475
[2013/08/15 05:57:20 | 000,002,126 | ---- | M] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 23:18:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_736
[2013/08/12 09:22:27 | 000,060,256 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 09:22:26 | 000,073,056 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:25 | 000,125,496 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:25 | 000,113,088 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 03:24:30 | 000,004,084 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:15 | 000,025,972 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 12:45:09 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_477
[2013/08/11 06:52:51 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_702
[2013/08/11 06:16:17 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:57 | 000,010,704 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | M] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | M] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:57 | 016,685,832 | ---- | M] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Windows\SysWow64\sqlite3.dll

========== Files Created - No Company Name ==========

[2013/09/03 16:27:15 | 000,000,576 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/02 16:00:43 | 000,005,698 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 12:30:17 | 000,002,246 | ---- | C] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 12:29:06 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 12:29:04 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 09:07:23 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:35:19 | 000,015,618 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/08/31 01:39:49 | 000,239,723 | ---- | C] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | C] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/30 01:02:53 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[2013/08/30 00:57:18 | 218,865,663 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/15 07:07:19 | 000,294,200 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/15 05:57:20 | 000,002,126 | ---- | C] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 21:04:25 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/08/13 01:24:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/12 03:24:11 | 000,004,084 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:12 | 000,025,972 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 06:16:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:47 | 000,010,704 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | C] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | C] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:32 | 016,685,832 | ---- | C] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/11 00:30:59 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/11 00:30:58 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013/07/31 20:52:06 | 000,000,036 | ---- | C] () -- C:\Users\andrew\AppData\Local\housecall.guid.cache
[2013/07/23 03:08:29 | 000,423,709 | ---- | C] () -- C:\Users\andrew\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\Win4665 Config DB.dlx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\System3192SettingsDB.dat
[2013/06/01 22:29:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/05/28 13:33:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/16 10:02:55 | 000,008,192 | ---- | C] () -- C:\Program Files (x86)\CPTSettings.dat
[2013/05/11 22:52:28 | 000,000,203 | ---- | C] () -- C:\Windows\uruninstaller.ini
[2013/03/04 02:12:30 | 000,074,291 | ---- | C] () -- C:\ProgramData\1362359390.bdinstall.bin
[2013/03/04 02:09:50 | 000,022,959 | ---- | C] () -- C:\ProgramData\1362359386.bdinstall.bin
[2013/03/04 01:41:32 | 000,166,263 | ---- | C] () -- C:\ProgramData\1362357473.bdinstall.bin
[2013/02/07 13:09:54 | 000,243,400 | ---- | C] () -- C:\Program Files (x86)\Plugin.dll
[2013/02/07 13:01:28 | 000,518,144 | ---- | C] () -- C:\Program Files (x86)\ForceDelete.dll
[2013/02/06 19:20:18 | 000,034,816 | ---- | C] () -- C:\Program Files (x86)\AddAffiliateToRegistry.exe
[2013/01/10 16:42:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/24 11:02:31 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/06/23 17:34:42 | 000,302,425 | ---- | C] () -- C:\Users\andrew\AppData\Local\funmoods-speeddial.crx
[2012/01/21 21:43:33 | 000,007,597 | ---- | C] () -- C:\Users\andrew\AppData\Local\resmon.resmoncfg
[2012/01/19 10:41:19 | 000,736,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/29 09:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/29 08:53:17 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/09/29 08:36:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/29 08:33:45 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2013/09/01 12:28:49 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/29 13:31:36 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Auslogics
[2013/06/01 01:25:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\AVG
[2012/01/07 05:53:33 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\AVG2012
[2013/04/18 01:45:14 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Baidu
[2013/04/21 03:06:28 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Baidu Security
[2012/01/24 13:50:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/08/13 21:42:00 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2012/06/18 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\DriverCure
[2013/06/07 23:38:28 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Easeware
[2013/02/25 22:57:59 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ErrorTeck
[2013/06/10 09:13:55 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ESET
[2013/03/04 22:26:24 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Geek Uninstaller
[2013/07/08 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\GlarySoft
[2013/07/23 03:48:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\IObit
[2013/06/01 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\iolo
[2013/07/23 03:35:39 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\mysearchdial
[2012/06/19 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\PC Cleaners
[2012/06/19 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\PCPro
[2012/01/07 05:29:25 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Sammsoft
[2013/03/27 02:07:20 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\SoftGrid Client
[2013/06/08 21:55:01 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Systweak
[2013/05/11 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TestApp
[2012/01/05 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Toshiba
[2011/12/29 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TOSHIBA Online Product Information
[2013/05/18 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TuneUp Software
[2013/04/30 01:11:12 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\URSoft
[2012/01/21 02:43:19 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Windows Live Writer
[2013/09/03 16:26:18 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Wise Care 365

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
OTL logfile created on: 9/3/2013 4:34:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 4.20 Gb Available Physical Memory | 74.90% Memory free
11.21 Gb Paging File | 9.73 Gb Available in Paging File | 86.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 87.24 Gb Free Space | 58.54% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 39.76 Gb Free Space | 26.75% Space Free | Partition Type: NTFS

Computer Name: ANDREW-TOSH | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 16:32:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Downloads\OTL.exe
PRC - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
PRC - [2013/04/26 14:57:22 | 001,177,224 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Program Files (x86)\Secure Speed Dial\IE\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/31 22:17:38 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/08/12 09:22:07 | 000,596,832 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV:64bit: - [2013/08/12 09:22:04 | 000,684,896 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV:64bit: - [2013/08/12 09:22:04 | 000,243,552 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2013/08/12 09:22:03 | 000,376,160 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV:64bit: - [2013/08/12 09:22:03 | 000,340,320 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2013/08/12 09:22:02 | 000,619,360 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV:64bit: - [2013/08/12 09:22:02 | 000,445,856 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV:64bit: - [2013/08/12 09:18:51 | 000,353,120 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/01 10:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\4959228drv.sys -- (4959228drv)
DRV:64bit: - [2013/05/26 21:48:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/26 21:48:16 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/26 21:48:15 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/03/18 14:25:00 | 000,068,720 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2013/03/17 23:36:16 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/01/25 14:33:16 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/20 14:11:38 | 000,464,480 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2012/11/20 14:11:38 | 000,040,544 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (AFW)
DRV:64bit: - [2012/10/04 08:38:58 | 000,034,928 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BdNet.sys -- (BdNet)
DRV:64bit: - [2012/06/26 10:48:34 | 000,256,072 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV:64bit: - [2012/06/26 10:48:34 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/29 08:40:02 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/06/29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE:64bit: - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 7C 2D 29 8F 68 CE 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}
IE - HKCU\..\SearchScopes\{16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{23303B5B-C540-4BE4-83F1-8C0DC4FACEBC}: "URL" = http://websearch.ask...41-3D2C671F5827
IE - HKCU\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://isearch.avg.c...fr&d=2012-01-07 04:52:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{3D9DC740-E406-42D2-8871-4B15DA52C51E}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{5715C1D3-7F11-4D86-B22C-814B8C34C38D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7EC4E5A4-99D1-46A5-9649-01107F3AA6DB}: "URL" = https://startpage.co...uage=english_uk
IE - HKCU\..\SearchScopes\{8AA527DD-48AE-4EDC-AEB7-155463CF3E2A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AAAEE6DC-4E10-4705-87AF-F0806210CBD3}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{C308655F-C2AB-4F50-8EA7-BDD9C66ECAF2}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2013/09/03 14:08:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/01 08:10:23 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{332F2E0C-25BC-4B9F-B282-A06785088426}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{5CDE1C03-381D-4A8E-9931-75AD9AEF0024}
[2013/09/02 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\ProcAlyzer Dumps
[2013/09/02 11:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/01 12:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/01 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Deployment
[2013/09/01 09:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013/08/30 03:04:11 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{899D16EF-9ACE-4C07-B2D8-C9EE458E0286}
[2013/08/30 01:40:59 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Wise Care 365
[2013/08/30 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013/08/30 01:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivaZer
[2013/08/15 07:08:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/08/15 05:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/08/14 06:52:22 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{9CFD3332-1A1A-44EF-8953-E0F0176E054C}
[2013/08/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 21:18:36 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\LogMeIn Rescue Applet
[2013/08/13 01:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial
[2013/08/12 09:22:54 | 000,125,496 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:54 | 000,113,088 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 09:22:51 | 000,073,056 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:51 | 000,060,256 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 01:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/08/11 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\andrew\Doctor Web
[2013/08/11 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{C86DFA3B-13C0-423E-A228-1535BB032B4B}
[2013/08/11 06:17:00 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/11 06:15:08 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/11 04:34:39 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2013/08/11 04:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2013/08/11 04:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2013/08/11 04:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2013/08/11 04:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2013/08/11 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/11 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/08 06:36:20 | 000,556,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/08 05:59:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/08 05:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/08/07 19:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/08/07 14:56:38 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/08/07 14:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/08/05 19:11:00 | 000,000,000 | ---D | C] -- C:\EEK
[2013/08/04 23:11:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/07/21 09:11:20 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2013/02/07 13:11:02 | 003,226,824 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\Utils.dll
[2013/02/07 13:10:34 | 004,742,856 | ---- | C] (Terra Informatica Software, Inc.) -- C:\Program Files (x86)\sciter-x.dll
[2013/02/07 13:10:10 | 002,218,184 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\RegistryDefrag.dll
[2013/02/07 13:09:46 | 000,067,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\offreg.dll
[2013/02/07 13:09:38 | 000,519,368 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\DiskDuplicates.dll
[2013/02/07 13:09:30 | 000,213,704 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CPluginServicePS.dll
[2013/02/07 13:09:22 | 002,282,696 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPluginService.exe
[2013/02/07 13:09:06 | 000,330,440 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CategoryFactory.dll
[2013/02/07 13:08:44 | 009,851,080 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPCTuneUp.exe
[2013/02/04 10:20:40 | 001,674,752 | ---- | C] (COMODO Security Solutions) -- C:\Program Files (x86)\feedback.dll

========== Files - Modified Within 30 Days ==========

[2013/09/03 16:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 16:30:43 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 16:30:43 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 16:30:02 | 000,736,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/03 16:30:02 | 000,633,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/03 16:30:02 | 000,115,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/03 16:27:15 | 000,000,576 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/03 16:26:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/03 16:25:55 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/09/03 16:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/03 16:24:56 | 218,865,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/03 06:13:07 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/09/02 16:00:49 | 000,005,698 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 20:39:12 | 000,002,246 | ---- | M] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 09:07:23 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:36:56 | 000,015,618 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/09/01 08:19:15 | 000,294,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/01 08:16:53 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/01 08:10:23 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/01 03:56:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/31 01:39:49 | 000,239,723 | ---- | M] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | M] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/15 06:31:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_475
[2013/08/15 05:57:20 | 000,002,126 | ---- | M] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 23:18:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_736
[2013/08/12 09:22:27 | 000,060,256 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 09:22:26 | 000,073,056 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:25 | 000,125,496 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:25 | 000,113,088 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 03:24:30 | 000,004,084 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:15 | 000,025,972 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 12:45:09 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_477
[2013/08/11 06:52:51 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_702
[2013/08/11 06:16:17 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:57 | 000,010,704 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | M] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | M] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:57 | 016,685,832 | ---- | M] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Windows\SysWow64\sqlite3.dll

========== Files Created - No Company Name ==========

[2013/09/03 16:27:15 | 000,000,576 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/02 16:00:43 | 000,005,698 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 12:30:17 | 000,002,246 | ---- | C] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 12:29:06 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 12:29:04 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 09:07:23 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:35:19 | 000,015,618 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/08/31 01:39:49 | 000,239,723 | ---- | C] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | C] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/30 01:02:53 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[2013/08/30 00:57:18 | 218,865,663 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/15 07:07:19 | 000,294,200 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/15 05:57:20 | 000,002,126 | ---- | C] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 21:04:25 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/08/13 01:24:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/12 03:24:11 | 000,004,084 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:12 | 000,025,972 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 06:16:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:47 | 000,010,704 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | C] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | C] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:32 | 016,685,832 | ---- | C] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/11 00:30:59 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/11 00:30:58 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013/07/31 20:52:06 | 000,000,036 | ---- | C] () -- C:\Users\andrew\AppData\Local\housecall.guid.cache
[2013/07/23 03:08:29 | 000,423,709 | ---- | C] () -- C:\Users\andrew\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\Win4665 Config DB.dlx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\System3192SettingsDB.dat
[2013/06/01 22:29:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/05/28 13:33:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/16 10:02:55 | 000,008,192 | ---- | C] () -- C:\Program Files (x86)\CPTSettings.dat
[2013/05/11 22:52:28 | 000,000,203 | ---- | C] () -- C:\Windows\uruninstaller.ini
[2013/03/04 02:12:30 | 000,074,291 | ---- | C] () -- C:\ProgramData\1362359390.bdinstall.bin
[2013/03/04 02:09:50 | 000,022,959 | ---- | C] () -- C:\ProgramData\1362359386.bdinstall.bin
[2013/03/04 01:41:32 | 000,166,263 | ---- | C] () -- C:\ProgramData\1362357473.bdinstall.bin
[2013/02/07 13:09:54 | 000,243,400 | ---- | C] () -- C:\Program Files (x86)\Plugin.dll
[2013/02/07 13:01:28 | 000,518,144 | ---- | C] () -- C:\Program Files (x86)\ForceDelete.dll
[2013/02/06 19:20:18 | 000,034,816 | ---- | C] () -- C:\Program Files (x86)\AddAffiliateToRegistry.exe
[2013/01/10 16:42:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/24 11:02:31 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/06/23 17:34:42 | 000,302,425 | ---- | C] () -- C:\Users\andrew\AppData\Local\funmoods-speeddial.crx
[2012/01/21 21:43:33 | 000,007,597 | ---- | C] () -- C:\Users\andrew\AppData\Local\resmon.resmoncfg
[2012/01/19 10:41:19 | 000,736,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/29 09:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/29 08:53:17 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/09/29 08:36:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/29 08:33:45 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2013/09/01 12:28:49 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/29 13:31:36 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Auslogics
[2013/06/01 01:25:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\AVG
[2012/01/07 05:53:33 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\AVG2012
[2013/04/18 01:45:14 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Baidu
[2013/04/21 03:06:28 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Baidu Security
[2012/01/24 13:50:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/08/13 21:42:00 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2012/06/18 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\DriverCure
[2013/06/07 23:38:28 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Easeware
[2013/02/25 22:57:59 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ErrorTeck
[2013/06/10 09:13:55 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ESET
[2013/03/04 22:26:24 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Geek Uninstaller
[2013/07/08 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\GlarySoft
[2013/07/23 03:48:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\IObit
[2013/06/01 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\iolo
[2013/07/23 03:35:39 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\mysearchdial
[2012/06/19 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\PC Cleaners
[2012/06/19 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\PCPro
[2012/01/07 05:29:25 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Sammsoft
[2013/03/27 02:07:20 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\SoftGrid Client
[2013/06/08 21:55:01 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Systweak
[2013/05/11 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TestApp
[2012/01/05 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Toshiba
[2011/12/29 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TOSHIBA Online Product Information
[2013/05/18 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TuneUp Software
[2013/04/30 01:11:12 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\URSoft
[2012/01/21 02:43:19 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Windows Live Writer
[2013/09/03 16:26:18 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Wise Care 365

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
OTL logfile created on: 9/3/2013 4:34:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 4.20 Gb Available Physical Memory | 74.90% Memory free
11.21 Gb Paging File | 9.73 Gb Available in Paging File | 86.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 87.24 Gb Free Space | 58.54% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 39.76 Gb Free Space | 26.75% Space Free | Partition Type: NTFS

Computer Name: ANDREW-TOSH | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 16:32:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Downloads\OTL.exe
PRC - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
PRC - [2013/04/26 14:57:22 | 001,177,224 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Program Files (x86)\Secure Speed Dial\IE\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/31 22:17:38 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/08/12 09:22:07 | 000,596,832 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV:64bit: - [2013/08/12 09:22:04 | 000,684,896 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV:64bit: - [2013/08/12 09:22:04 | 000,243,552 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2013/08/12 09:22:03 | 000,376,160 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV:64bit: - [2013/08/12 09:22:03 | 000,340,320 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2013/08/12 09:22:02 | 000,619,360 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV:64bit: - [2013/08/12 09:22:02 | 000,445,856 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV:64bit: - [2013/08/12 09:18:51 | 000,353,120 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/01 10:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\4959228drv.sys -- (4959228drv)
DRV:64bit: - [2013/05/26 21:48:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/26 21:48:16 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/26 21:48:15 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/03/18 14:25:00 | 000,068,720 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2013/03/17 23:36:16 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/01/25 14:33:16 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/20 14:11:38 | 000,464,480 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2012/11/20 14:11:38 | 000,040,544 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (AFW)
DRV:64bit: - [2012/10/04 08:38:58 | 000,034,928 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BdNet.sys -- (BdNet)
DRV:64bit: - [2012/06/26 10:48:34 | 000,256,072 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV:64bit: - [2012/06/26 10:48:34 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/29 08:40:02 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/06/29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE:64bit: - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 7C 2D 29 8F 68 CE 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}
IE - HKCU\..\SearchScopes\{16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{23303B5B-C540-4BE4-83F1-8C0DC4FACEBC}: "URL" = http://websearch.ask...41-3D2C671F5827
IE - HKCU\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://isearch.avg.c...fr&d=2012-01-07 04:52:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{3D9DC740-E406-42D2-8871-4B15DA52C51E}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{5715C1D3-7F11-4D86-B22C-814B8C34C38D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7EC4E5A4-99D1-46A5-9649-01107F3AA6DB}: "URL" = https://startpage.co...uage=english_uk
IE - HKCU\..\SearchScopes\{8AA527DD-48AE-4EDC-AEB7-155463CF3E2A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AAAEE6DC-4E10-4705-87AF-F0806210CBD3}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{C308655F-C2AB-4F50-8EA7-BDD9C66ECAF2}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2013/09/03 14:08:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/01 08:10:23 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{332F2E0C-25BC-4B9F-B282-A06785088426}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{5CDE1C03-381D-4A8E-9931-75AD9AEF0024}
[2013/09/02 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\ProcAlyzer Dumps
[2013/09/02 11:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/01 12:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/01 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Deployment
[2013/09/01 09:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013/08/30 03:04:11 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{899D16EF-9ACE-4C07-B2D8-C9EE458E0286}
[2013/08/30 01:40:59 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Wise Care 365
[2013/08/30 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013/08/30 01:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivaZer
[2013/08/15 07:08:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/08/15 05:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/08/14 06:52:22 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{9CFD3332-1A1A-44EF-8953-E0F0176E054C}
[2013/08/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 21:18:36 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\LogMeIn Rescue Applet
[2013/08/13 01:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial
[2013/08/12 09:22:54 | 000,125,496 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:54 | 000,113,088 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 09:22:51 | 000,073,056 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:51 | 000,060,256 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 01:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/08/11 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\andrew\Doctor Web
[2013/08/11 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{C86DFA3B-13C0-423E-A228-1535BB032B4B}
[2013/08/11 06:17:00 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/11 06:15:08 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/11 04:34:39 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2013/08/11 04:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2013/08/11 04:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2013/08/11 04:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2013/08/11 04:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2013/08/11 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/11 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/08 06:36:20 | 000,556,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/08 05:59:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/08 05:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/08/07 19:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/08/07 14:56:38 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/08/07 14:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/08/05 19:11:00 | 000,000,000 | ---D | C] -- C:\EEK
[2013/08/04 23:11:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/07/21 09:11:20 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2013/02/07 13:11:02 | 003,226,824 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\Utils.dll
[2013/02/07 13:10:34 | 004,742,856 | ---- | C] (Terra Informatica Software, Inc.) -- C:\Program Files (x86)\sciter-x.dll
[2013/02/07 13:10:10 | 002,218,184 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\RegistryDefrag.dll
[2013/02/07 13:09:46 | 000,067,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\offreg.dll
[2013/02/07 13:09:38 | 000,519,368 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\DiskDuplicates.dll
[2013/02/07 13:09:30 | 000,213,704 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CPluginServicePS.dll
[2013/02/07 13:09:22 | 002,282,696 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPluginService.exe
[2013/02/07 13:09:06 | 000,330,440 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CategoryFactory.dll
[2013/02/07 13:08:44 | 009,851,080 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPCTuneUp.exe
[2013/02/04 10:20:40 | 001,674,752 | ---- | C] (COMODO Security Solutions) -- C:\Program Files (x86)\feedback.dll

========== Files - Modified Within 30 Days ==========

[2013/09/03 16:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 16:30:43 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 16:30:43 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 16:30:02 | 000,736,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/03 16:30:02 | 000,633,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/03 16:30:02 | 000,115,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/03 16:27:15 | 000,000,576 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/03 16:26:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/03 16:25:55 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/09/03 16:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/03 16:24:56 | 218,865,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/03 06:13:07 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/09/02 16:00:49 | 000,005,698 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 20:39:12 | 000,002,246 | ---- | M] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 09:07:23 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:36:56 | 000,015,618 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/09/01 08:19:15 | 000,294,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/01 08:16:53 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/01 08:10:23 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/01 03:56:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/31 01:39:49 | 000,239,723 | ---- | M] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | M] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/15 06:31:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_475
[2013/08/15 05:57:20 | 000,002,126 | ---- | M] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 23:18:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_736
[2013/08/12 09:22:27 | 000,060,256 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 09:22:26 | 000,073,056 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:25 | 000,125,496 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:25 | 000,113,088 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 03:24:30 | 000,004,084 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:15 | 000,025,972 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 12:45:09 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_477
[2013/08/11 06:52:51 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_702
[2013/08/11 06:16:17 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:57 | 000,010,704 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | M] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | M] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:57 | 016,685,832 | ---- | M] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Windows\SysWow64\sqlite3.dll

========== Files Created - No Company Name ==========

[2013/09/03 16:27:15 | 000,000,576 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/02 16:00:43 | 000,005,698 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 12:30:17 | 000,002,246 | ---- | C] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 12:29:06 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 12:29:04 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 09:07:23 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:35:19 | 000,015,618 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/08/31 01:39:49 | 000,239,723 | ---- | C] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | C] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/30 01:02:53 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[2013/08/30 00:57:18 | 218,865,663 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/15 07:07:19 | 000,294,200 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/15 05:57:20 | 000,002,126 | ---- | C] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 21:04:25 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/08/13 01:24:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/12 03:24:11 | 000,004,084 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:12 | 000,025,972 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 06:16:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:47 | 000,010,704 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | C] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | C] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:32 | 016,685,832 | ---- | C] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/11 00:30:59 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/11 00:30:58 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013/07/31 20:52:06 | 000,000,036 | ---- | C] () -- C:\Users\andrew\AppData\Local\housecall.guid.cache
[2013/07/23 03:08:29 | 000,423,709 | ---- | C] () -- C:\Users\andrew\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\Win4665 Config DB.dlx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\System3192SettingsDB.dat
[2013/06/01 22:29:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/05/28 13:33:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/16 10:02:55 | 000,008,192 | ---- | C] () -- C:\Program Files (x86)\CPTSettings.dat
[2013/05/11 22:52:28 | 000,000,203 | ---- | C] () -- C:\Windows\uruninstaller.ini
[2013/03/04 02:12:30 | 000,074,291 | ---- | C] () -- C:\ProgramData\1362359390.bdinstall.bin
[2013/03/04 02:09:50 | 000,022,959 | ---- | C] () -- C:\ProgramData\1362359386.bdinstall.bin
[2013/03/04 01:41:32 | 000,166,263 | ---- | C] () -- C:\ProgramData\1362357473.bdinstall.bin
[2013/02/07 13:09:54 | 000,243,400 | ---- | C] () -- C:\Program Files (x86)\Plugin.dll
[2013/02/07 13:01:28 | 000,518,144 | ---- | C] () -- C:\Program Files (x86)\ForceDelete.dll
[2013/02/06 19:20:18 | 000,034,816 | ---- | C] () -- C:\Program Files (x86)\AddAffiliateToRegistry.exe
[2013/01/10 16:42:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/24 11:02:31 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/06/23 17:34:42 | 000,302,425 | ---- | C] () -- C:\Users\andrew\AppData\Local\funmoods-speeddial.crx
[2012/01/21 21:43:33 | 000,007,597 | ---- | C] () -- C:\Users\andrew\AppData\Local\resmon.resmoncfg
[2012/01/19 10:41:19 | 000,736,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/29 09:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/29 08:53:17 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/09/29 08:36:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/29 08:33:45 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2013/09/01 12:28:49 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/29 13:31:36 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Auslogics
[2013/06/01 01:25:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\AVG
[2012/01/07 05:53:33 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\AVG2012
[2013/04/18 01:45:14 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Baidu
[2013/04/21 03:06:28 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Baidu Security
[2012/01/24 13:50:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/08/13 21:42:00 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2012/06/18 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\DriverCure
[2013/06/07 23:38:28 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Easeware
[2013/02/25 22:57:59 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ErrorTeck
[2013/06/10 09:13:55 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ESET
[2013/03/04 22:26:24 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Geek Uninstaller
[2013/07/08 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\GlarySoft
[2013/07/23 03:48:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\IObit
[2013/06/01 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\iolo
[2013/07/23 03:35:39 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\mysearchdial
[2012/06/19 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\PC Cleaners
[2012/06/19 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\PCPro
[2012/01/07 05:29:25 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Sammsoft
[2013/03/27 02:07:20 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\SoftGrid Client
[2013/06/08 21:55:01 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Systweak
[2013/05/11 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TestApp
[2012/01/05 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Toshiba
[2011/12/29 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TOSHIBA Online Product Information
[2013/05/18 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TuneUp Software
[2013/04/30 01:11:12 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\URSoft
[2012/01/21 02:43:19 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Windows Live Writer
[2013/09/03 16:26:18 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Wise Care 365

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#5
zac1
Posted 03 September 2013 - 10:20 AM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hello Ron,
started to highlight the extras txt and all the details disappeared off the screen.Please advise.
  • 0

#6
zac1
Posted 03 September 2013 - 01:00 PM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hello Ron,
It did not show an error what came up was C:\Windows\system32\Msdtc afteOTL Extras logfile created on: 9/3/2013 7:28:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 73.10% Memory free
11.21 Gb Paging File | 9.68 Gb Available in Paging File | 86.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 87.24 Gb Free Space | 58.53% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 39.76 Gb Free Space | 26.75% Space Free | Partition Type: NTFS

Computer Name: ANDREW-TOSH | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [PrivaZer] -- C:\Program Files (x86)\PrivaZer\contextmenuExe.exe (Goversoft LLC)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [PrivaZer] -- C:\Program Files (x86)\PrivaZer\contextmenuExe.exe (Goversoft LLC)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0612FFCB-F384-46D2-A24E-E2139020C937}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0826FF4B-18D9-42B4-BCE8-C6622E1C99F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{0D32C4B6-29D0-45C0-89B1-F78128BB4B93}" = lport=138 | protocol=17 | dir=in | app=system |
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{1AC01A34-262B-4F20-95F5-D7E7872DAE72}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20D3BAF5-3A82-4A63-8635-C712141D6289}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2EEC34D2-4FE1-40CC-B395-CFB21D2DA19C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{466AB50E-0B5B-4FF3-8D49-574FFBF723DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46930ABA-DDD6-4493-8A09-03FF8E6AFFB9}" = lport=137 | protocol=17 | dir=in | app=system |
"{4AC9C54B-6613-44E5-B24D-55884A70185F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{6C740EC6-6AB0-4494-A6D8-4AF9ECC00AFA}" = lport=139 | protocol=6 | dir=in | app=system |
"{6F23DC5A-1BC0-4D15-90F3-E12C37B4EE49}" = rport=445 | protocol=6 | dir=out | app=system |
"{6FEF6CBD-073E-4053-B760-4C49F12FCA80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{7AE893C1-D7D1-4776-8EBE-0C3B5353EE6F}" = rport=139 | protocol=6 | dir=out | app=system |
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system |
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF01ECC3-858D-4645-B31C-B846F0102D77}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB43B02B-55B9-4243-A9BA-8ED74F23CBF7}" = lport=445 | protocol=6 | dir=in | app=system |
"{BFC67410-442B-40A7-9338-F84036C09A06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADA5AB8-5E92-4072-A436-FB10C45EAE34}" = protocol=1 | dir=out | [email protected],-28544 |
"{0BA51E1A-AFF0-4575-A3BF-14F72CB1B5CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{119FC77E-FA4D-433F-9677-B7C36FEE3A2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F554993-32B6-474A-8500-AD23719BA7BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | [email protected],-28543 |
"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A0CA80C-C107-4E08-A8FA-B91DE28CB448}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A5BB824-FCC0-4707-B5A0-D606200B315F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | [email protected],-28544 |
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{757C3055-A325-4E0E-8911-AB353EDBB3CB}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98C18AB6-0B7A-4E2B-81A3-DB00DADFA463}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9994B096-7C93-443D-9315-D151E68E399A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9B15F693-7BE6-4C83-ACC0-C481A95321E0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system |
"{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C074B07C-6DB5-4339-9164-0E82E193761F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C64E1837-E3A4-415A-89FC-73C212338945}" = protocol=58 | dir=out | [email protected],-28546 |
"{C65606E6-8D60-41C5-AB8C-422079B85E85}" = protocol=58 | dir=in | [email protected],-28545 |
"{C6725965-2314-40FE-84B8-94F39F7B9BD3}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | [email protected],-28545 |
"{DE2CAFE6-4504-4F73-A56E-A5205431DDE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7B12DB4-B3D2-4173-BA2E-5B95291A3116}" = protocol=1 | dir=in | [email protected],-28543 |
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | [email protected],-28546 |
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9283746-88D9-4267-A112-49D31A64C42D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6167672A-758D-9960-C32C-47A15E180A70}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{99D90334-5A27-22AA-0CC9-BB2E7FE4608E}" = ccc-utility64
"{B0CF6A06-8D6E-3C49-1B5E-75027D2AB2FB}" = AMD Media Foundation Decoders
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"BullGuard" = BullGuard
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019A5307-B53F-DEC7-BF70-E20C2A121E65}" = Catalyst Control Center InstallProxy
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{094FD5E0-01D2-AAB1-027F-A80F8CAB1477}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{10097883-9F66-3920-8C7E-3239E72953B3}" = CCC Help Greek
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{23DECD57-2D3E-59DE-215C-9B2118FFF9C1}" = CCC Help Korean
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24C934DB-D7F8-797E-8937-BF9BA23F1128}" = Catalyst Control Center Graphics Previews Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29A4049F-58A7-E0D9-991D-A1A672E51EFE}" = CCC Help Thai
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2E823133-4B6B-60A4-43F4-E586F01FCCCA}" = AMD VISION Engine Control Center
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{3E1C0066-D04D-863E-3381-9FD232A888A2}" = CCC Help Portuguese
"{401E17B0-7A9E-3173-42B6-B3A780A2934A}" = CCC Help German
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54B80F68-3A7C-1931-AFE8-CA9BABC3EC4D}" = CCC Help English
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68625052-E88D-8598-3E83-9AE6B5D6394D}" = Catalyst Control Center Localization All
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BABB47D-F46A-4AD1-8548-4C6292232D18}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9158DA86-4AC8-6EA5-20B1-36B3F9CF6497}" = CCC Help Czech
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{988C14A1-37AC-EB3F-B607-DED60CEE16E8}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A713F0C-D077-9B5F-4E0D-D21657387965}" = CCC Help Dutch
"{9A828AEE-658C-0AA0-7B13-83CC644A7E97}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B09443E0-838F-6C14-83E4-DFF68F25D688}" = CCC Help Japanese
"{B946C4A5-E889-D859-AAB1-DE0C00902115}" = CCC Help Russian
"{C1F6CAC5-20D3-C4AA-B867-0836493AB636}" = CCC Help Turkish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA8EF8F2-AF33-253B-7A5E-51E7B1AA6E42}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED61893-3D8D-C863-5913-AACB740063C2}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.72
"{EAE8B2AB-DDD1-3F5E-42F5-EB54BAE8A7BE}" = CCC Help Swedish
"{ED7B4752-749D-3BA8-2CEB-5AC5A7FADF36}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE99A545-DFC9-EF57-5EDC-43F7B6855AB3}" = CCC Help Danish
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3ED01FE-B62F-4CA4-BACA-822369BC0FB7}" = TuneUp Utilities Language Pack (en-GB)
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F510D82F-CD6A-0983-EF06-66004AC50565}" = CCC Help Chinese Standard
"{F52618B2-A995-4F8D-A6C8-9E235A470C68}" = TOSHIBA ConfigFree
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCB1966E-4ACF-6648-8E7C-0D8C2EE573CA}" = CCC Help Norwegian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Revo Uninstaller" = Revo Uninstaller 1.95
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"WinLiveSuite" = Windows Live Essentials
"YU2010_is1" = Your Uninstaller! 7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PrivaZer" = PrivaZer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2013 2:57:53 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 9/3/2013 2:57:53 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 9/3/2013 2:57:54 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 9/3/2013 2:57:54 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 9/3/2013 2:57:54 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 9/3/2013 2:57:54 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 9/3/2013 2:57:55 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 9/3/2013 2:57:55 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 9/3/2013 2:57:55 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

Error - 9/3/2013 2:57:55 PM | Computer Name = andrew-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 5 (0x5) : Access is denied. .

[ System Events ]
Error - 9/3/2013 2:06:12 PM | Computer Name = andrew-TOSH | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80004005'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.

Error - 9/3/2013 2:06:12 PM | Computer Name = andrew-TOSH | Source = Service Control Manager | ID = 7034
Description = The SecureUpdate service terminated unexpectedly. It has done this
1 time(s).

Error - 9/3/2013 2:06:12 PM | Computer Name = andrew-TOSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
4959228drv aswSnx nckkof ofvpmj

Error - 9/3/2013 2:06:57 PM | Computer Name = andrew-TOSH | Source = DCOM | ID = 10016
Description =

Error - 9/3/2013 2:08:39 PM | Computer Name = andrew-TOSH | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%-2147024891

Error - 9/3/2013 2:16:57 PM | Computer Name = andrew-TOSH | Source = DCOM | ID = 10016
Description =

Error - 9/3/2013 2:26:57 PM | Computer Name = andrew-TOSH | Source = DCOM | ID = 10016
Description =

Error - 9/3/2013 2:36:57 PM | Computer Name = andrew-TOSH | Source = DCOM | ID = 10016
Description =

Error - 9/3/2013 2:46:57 PM | Computer Name = andrew-TOSH | Source = DCOM | ID = 10016
Description =

Error - 9/3/2013 2:56:57 PM | Computer Name = andrew-TOSH | Source = DCOM | ID = 10016
Description =


< End of report >
r hitting the enter key.
  • 0

#7
zac1
Posted 03 September 2013 - 01:02 PM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 9/3/2013 7:28:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 73.10% Memory free
11.21 Gb Paging File | 9.68 Gb Available in Paging File | 86.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 87.24 Gb Free Space | 58.53% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 39.76 Gb Free Space | 26.75% Space Free | Partition Type: NTFS

Computer Name: ANDREW-TOSH | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 16:32:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Downloads\OTL.exe
PRC - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
PRC - [2013/04/26 14:57:22 | 001,177,224 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Program Files (x86)\Secure Speed Dial\IE\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/31 22:17:38 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/08/12 09:22:07 | 000,596,832 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV:64bit: - [2013/08/12 09:22:04 | 000,684,896 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV:64bit: - [2013/08/12 09:22:04 | 000,243,552 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2013/08/12 09:22:03 | 000,376,160 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV:64bit: - [2013/08/12 09:22:03 | 000,340,320 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2013/08/12 09:22:02 | 000,619,360 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV:64bit: - [2013/08/12 09:22:02 | 000,445,856 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV:64bit: - [2013/08/12 09:18:51 | 000,353,120 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/01 10:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\4959228drv.sys -- (4959228drv)
DRV:64bit: - [2013/05/26 21:48:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/26 21:48:16 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/26 21:48:15 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/03/18 14:25:00 | 000,068,720 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2013/03/17 23:36:16 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/01/25 14:33:16 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/20 14:11:38 | 000,464,480 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2012/11/20 14:11:38 | 000,040,544 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (AFW)
DRV:64bit: - [2012/10/04 08:38:58 | 000,034,928 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BdNet.sys -- (BdNet)
DRV:64bit: - [2012/06/26 10:48:34 | 000,256,072 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV:64bit: - [2012/06/26 10:48:34 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/29 08:40:02 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/06/29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE:64bit: - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 7C 2D 29 8F 68 CE 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}
IE - HKCU\..\SearchScopes\{16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{23303B5B-C540-4BE4-83F1-8C0DC4FACEBC}: "URL" = http://websearch.ask...41-3D2C671F5827
IE - HKCU\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://isearch.avg.c...fr&d=2012-01-07 04:52:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{3D9DC740-E406-42D2-8871-4B15DA52C51E}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{5715C1D3-7F11-4D86-B22C-814B8C34C38D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7EC4E5A4-99D1-46A5-9649-01107F3AA6DB}: "URL" = https://startpage.co...uage=english_uk
IE - HKCU\..\SearchScopes\{8AA527DD-48AE-4EDC-AEB7-155463CF3E2A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AAAEE6DC-4E10-4705-87AF-F0806210CBD3}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{C308655F-C2AB-4F50-8EA7-BDD9C66ECAF2}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2013/09/03 14:08:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/01 08:10:23 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{332F2E0C-25BC-4B9F-B282-A06785088426}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{5CDE1C03-381D-4A8E-9931-75AD9AEF0024}
[2013/09/02 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\ProcAlyzer Dumps
[2013/09/02 11:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/01 12:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/01 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Deployment
[2013/09/01 09:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013/08/30 03:04:11 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{899D16EF-9ACE-4C07-B2D8-C9EE458E0286}
[2013/08/30 01:40:59 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Wise Care 365
[2013/08/30 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013/08/30 01:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivaZer
[2013/08/15 07:08:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/08/15 05:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/08/14 06:52:22 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{9CFD3332-1A1A-44EF-8953-E0F0176E054C}
[2013/08/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 21:18:36 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\LogMeIn Rescue Applet
[2013/08/13 01:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial
[2013/08/12 09:22:54 | 000,125,496 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:54 | 000,113,088 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 09:22:51 | 000,073,056 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:51 | 000,060,256 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 01:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/08/11 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\andrew\Doctor Web
[2013/08/11 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{C86DFA3B-13C0-423E-A228-1535BB032B4B}
[2013/08/11 06:17:00 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/11 06:15:08 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/11 04:34:39 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2013/08/11 04:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2013/08/11 04:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2013/08/11 04:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2013/08/11 04:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2013/08/11 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/11 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/08 06:36:20 | 000,556,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/08 05:59:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/08 05:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/08/07 19:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/08/07 14:56:38 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/08/07 14:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/08/05 19:11:00 | 000,000,000 | ---D | C] -- C:\EEK
[2013/08/04 23:11:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/07/21 09:11:20 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2013/02/07 13:11:02 | 003,226,824 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\Utils.dll
[2013/02/07 13:10:34 | 004,742,856 | ---- | C] (Terra Informatica Software, Inc.) -- C:\Program Files (x86)\sciter-x.dll
[2013/02/07 13:10:10 | 002,218,184 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\RegistryDefrag.dll
[2013/02/07 13:09:46 | 000,067,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\offreg.dll
[2013/02/07 13:09:38 | 000,519,368 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\DiskDuplicates.dll
[2013/02/07 13:09:30 | 000,213,704 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CPluginServicePS.dll
[2013/02/07 13:09:22 | 002,282,696 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPluginService.exe
[2013/02/07 13:09:06 | 000,330,440 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CategoryFactory.dll
[2013/02/07 13:08:44 | 009,851,080 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPCTuneUp.exe
[2013/02/04 10:20:40 | 001,674,752 | ---- | C] (COMODO Security Solutions) -- C:\Program Files (x86)\feedback.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/03 19:34:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 19:12:16 | 000,736,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/03 19:12:16 | 000,633,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/03 19:12:16 | 000,115,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/03 19:10:00 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 19:10:00 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 19:06:33 | 000,000,576 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/03 19:05:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/03 19:05:54 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/09/03 19:04:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/03 19:04:18 | 218,865,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/03 06:13:07 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/09/02 16:00:49 | 000,005,698 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 20:39:12 | 000,002,246 | ---- | M] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 09:07:23 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:36:56 | 000,015,618 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/09/01 08:19:15 | 000,294,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/01 08:16:53 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/01 08:10:23 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/01 03:56:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/31 01:39:49 | 000,239,723 | ---- | M] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | M] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/15 06:31:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_475
[2013/08/15 05:57:20 | 000,002,126 | ---- | M] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 23:18:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_736
[2013/08/12 09:22:27 | 000,060,256 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 09:22:26 | 000,073,056 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:25 | 000,125,496 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:25 | 000,113,088 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 03:24:30 | 000,004,084 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:15 | 000,025,972 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 12:45:09 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_477
[2013/08/11 06:52:51 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_702
[2013/08/11 06:16:17 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:57 | 000,010,704 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | M] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | M] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:57 | 016,685,832 | ---- | M] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Windows\SysWow64\sqlite3.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/03 19:06:33 | 000,000,576 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/02 16:00:43 | 000,005,698 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 12:30:17 | 000,002,246 | ---- | C] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 12:29:06 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 12:29:04 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 09:07:23 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:35:19 | 000,015,618 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/08/31 01:39:49 | 000,239,723 | ---- | C] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | C] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/30 01:02:53 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[2013/08/30 00:57:18 | 218,865,663 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/15 07:07:19 | 000,294,200 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/15 05:57:20 | 000,002,126 | ---- | C] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 21:04:25 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/08/13 01:24:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/12 03:24:11 | 000,004,084 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:12 | 000,025,972 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 06:16:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:47 | 000,010,704 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | C] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | C] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:32 | 016,685,832 | ---- | C] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/11 00:30:59 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/11 00:30:58 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013/07/31 20:52:06 | 000,000,036 | ---- | C] () -- C:\Users\andrew\AppData\Local\housecall.guid.cache
[2013/07/23 03:08:29 | 000,423,709 | ---- | C] () -- C:\Users\andrew\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\Win4665 Config DB.dlx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\System3192SettingsDB.dat
[2013/06/01 22:29:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/05/28 13:33:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/16 10:02:55 | 000,008,192 | ---- | C] () -- C:\Program Files (x86)\CPTSettings.dat
[2013/05/11 22:52:28 | 000,000,203 | ---- | C] () -- C:\Windows\uruninstaller.ini
[2013/03/04 02:12:30 | 000,074,291 | ---- | C] () -- C:\ProgramData\1362359390.bdinstall.bin
[2013/03/04 02:09:50 | 000,022,959 | ---- | C] () -- C:\ProgramData\1362359386.bdinstall.bin
[2013/03/04 01:41:32 | 000,166,263 | ---- | C] () -- C:\ProgramData\1362357473.bdinstall.bin
[2013/02/07 13:09:54 | 000,243,400 | ---- | C] () -- C:\Program Files (x86)\Plugin.dll
[2013/02/07 13:01:28 | 000,518,144 | ---- | C] () -- C:\Program Files (x86)\ForceDelete.dll
[2013/02/06 19:20:18 | 000,034,816 | ---- | C] () -- C:\Program Files (x86)\AddAffiliateToRegistry.exe
[2013/01/10 16:42:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/24 11:02:31 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/06/23 17:34:42 | 000,302,425 | ---- | C] () -- C:\Users\andrew\AppData\Local\funmoods-speeddial.crx
[2012/01/21 21:43:33 | 000,007,597 | ---- | C] () -- C:\Users\andrew\AppData\Local\resmon.resmoncfg
[2012/01/19 10:41:19 | 000,736,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/29 09:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/29 08:53:17 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/09/29 08:36:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/29 08:33:45 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2013/09/01 12:28:49 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#8
zac1
Posted 03 September 2013 - 01:05 PM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 9/3/2013 7:28:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 73.10% Memory free
11.21 Gb Paging File | 9.68 Gb Available in Paging File | 86.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 87.24 Gb Free Space | 58.53% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 39.76 Gb Free Space | 26.75% Space Free | Partition Type: NTFS

Computer Name: ANDREW-TOSH | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 16:32:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Downloads\OTL.exe
PRC - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
PRC - [2013/04/26 14:57:22 | 001,177,224 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Program Files (x86)\Secure Speed Dial\IE\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/31 22:17:38 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/08/12 09:22:07 | 000,596,832 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV:64bit: - [2013/08/12 09:22:04 | 000,684,896 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV:64bit: - [2013/08/12 09:22:04 | 000,243,552 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2013/08/12 09:22:03 | 000,376,160 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV:64bit: - [2013/08/12 09:22:03 | 000,340,320 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2013/08/12 09:22:02 | 000,619,360 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV:64bit: - [2013/08/12 09:22:02 | 000,445,856 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV:64bit: - [2013/08/12 09:18:51 | 000,353,120 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/01 10:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\4959228drv.sys -- (4959228drv)
DRV:64bit: - [2013/05/26 21:48:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/26 21:48:16 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/26 21:48:15 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/03/18 14:25:00 | 000,068,720 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2013/03/17 23:36:16 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/01/25 14:33:16 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/20 14:11:38 | 000,464,480 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2012/11/20 14:11:38 | 000,040,544 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (AFW)
DRV:64bit: - [2012/10/04 08:38:58 | 000,034,928 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BdNet.sys -- (BdNet)
DRV:64bit: - [2012/06/26 10:48:34 | 000,256,072 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV:64bit: - [2012/06/26 10:48:34 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/29 08:40:02 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/06/29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE:64bit: - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 7C 2D 29 8F 68 CE 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}
IE - HKCU\..\SearchScopes\{16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{23303B5B-C540-4BE4-83F1-8C0DC4FACEBC}: "URL" = http://websearch.ask...41-3D2C671F5827
IE - HKCU\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://isearch.avg.c...fr&d=2012-01-07 04:52:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{3D9DC740-E406-42D2-8871-4B15DA52C51E}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{5715C1D3-7F11-4D86-B22C-814B8C34C38D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7EC4E5A4-99D1-46A5-9649-01107F3AA6DB}: "URL" = https://startpage.co...uage=english_uk
IE - HKCU\..\SearchScopes\{8AA527DD-48AE-4EDC-AEB7-155463CF3E2A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AAAEE6DC-4E10-4705-87AF-F0806210CBD3}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{C308655F-C2AB-4F50-8EA7-BDD9C66ECAF2}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2013/09/03 14:08:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/01 08:10:23 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{332F2E0C-25BC-4B9F-B282-A06785088426}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{5CDE1C03-381D-4A8E-9931-75AD9AEF0024}
[2013/09/02 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\ProcAlyzer Dumps
[2013/09/02 11:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/01 12:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/01 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Deployment
[2013/09/01 09:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013/08/30 03:04:11 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{899D16EF-9ACE-4C07-B2D8-C9EE458E0286}
[2013/08/30 01:40:59 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Wise Care 365
[2013/08/30 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013/08/30 01:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivaZer
[2013/08/15 07:08:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/08/15 05:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/08/14 06:52:22 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{9CFD3332-1A1A-44EF-8953-E0F0176E054C}
[2013/08/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 21:18:36 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\LogMeIn Rescue Applet
[2013/08/13 01:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial
[2013/08/12 09:22:54 | 000,125,496 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:54 | 000,113,088 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 09:22:51 | 000,073,056 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:51 | 000,060,256 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 01:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/08/11 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\andrew\Doctor Web
[2013/08/11 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{C86DFA3B-13C0-423E-A228-1535BB032B4B}
[2013/08/11 06:17:00 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/11 06:15:08 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/11 04:34:39 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2013/08/11 04:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2013/08/11 04:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2013/08/11 04:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2013/08/11 04:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2013/08/11 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/11 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/08 06:36:20 | 000,556,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/08 05:59:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/08 05:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/08/07 19:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/08/07 14:56:38 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/08/07 14:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/08/05 19:11:00 | 000,000,000 | ---D | C] -- C:\EEK
[2013/08/04 23:11:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/07/21 09:11:20 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2013/02/07 13:11:02 | 003,226,824 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\Utils.dll
[2013/02/07 13:10:34 | 004,742,856 | ---- | C] (Terra Informatica Software, Inc.) -- C:\Program Files (x86)\sciter-x.dll
[2013/02/07 13:10:10 | 002,218,184 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\RegistryDefrag.dll
[2013/02/07 13:09:46 | 000,067,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\offreg.dll
[2013/02/07 13:09:38 | 000,519,368 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\DiskDuplicates.dll
[2013/02/07 13:09:30 | 000,213,704 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CPluginServicePS.dll
[2013/02/07 13:09:22 | 002,282,696 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPluginService.exe
[2013/02/07 13:09:06 | 000,330,440 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CategoryFactory.dll
[2013/02/07 13:08:44 | 009,851,080 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPCTuneUp.exe
[2013/02/04 10:20:40 | 001,674,752 | ---- | C] (COMODO Security Solutions) -- C:\Program Files (x86)\feedback.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/03 19:34:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 19:12:16 | 000,736,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/03 19:12:16 | 000,633,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/03 19:12:16 | 000,115,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/03 19:10:00 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 19:10:00 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 19:06:33 | 000,000,576 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/03 19:05:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/03 19:05:54 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/09/03 19:04:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/03 19:04:18 | 218,865,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/03 06:13:07 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/09/02 16:00:49 | 000,005,698 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 20:39:12 | 000,002,246 | ---- | M] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 09:07:23 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:36:56 | 000,015,618 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/09/01 08:19:15 | 000,294,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/01 08:16:53 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/01 08:10:23 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/01 03:56:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/31 01:39:49 | 000,239,723 | ---- | M] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | M] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/15 06:31:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_475
[2013/08/15 05:57:20 | 000,002,126 | ---- | M] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 23:18:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_736
[2013/08/12 09:22:27 | 000,060,256 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 09:22:26 | 000,073,056 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:25 | 000,125,496 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:25 | 000,113,088 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 03:24:30 | 000,004,084 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:15 | 000,025,972 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 12:45:09 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_477
[2013/08/11 06:52:51 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_702
[2013/08/11 06:16:17 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:57 | 000,010,704 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | M] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | M] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:57 | 016,685,832 | ---- | M] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Windows\SysWow64\sqlite3.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/03 19:06:33 | 000,000,576 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/02 16:00:43 | 000,005,698 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 12:30:17 | 000,002,246 | ---- | C] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 12:29:06 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 12:29:04 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 09:07:23 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:35:19 | 000,015,618 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/08/31 01:39:49 | 000,239,723 | ---- | C] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | C] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/30 01:02:53 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[2013/08/30 00:57:18 | 218,865,663 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/15 07:07:19 | 000,294,200 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/15 05:57:20 | 000,002,126 | ---- | C] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 21:04:25 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/08/13 01:24:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/12 03:24:11 | 000,004,084 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:12 | 000,025,972 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 06:16:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:47 | 000,010,704 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | C] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | C] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:32 | 016,685,832 | ---- | C] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/11 00:30:59 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/11 00:30:58 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013/07/31 20:52:06 | 000,000,036 | ---- | C] () -- C:\Users\andrew\AppData\Local\housecall.guid.cache
[2013/07/23 03:08:29 | 000,423,709 | ---- | C] () -- C:\Users\andrew\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\Win4665 Config DB.dlx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\System3192SettingsDB.dat
[2013/06/01 22:29:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/05/28 13:33:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/16 10:02:55 | 000,008,192 | ---- | C] () -- C:\Program Files (x86)\CPTSettings.dat
[2013/05/11 22:52:28 | 000,000,203 | ---- | C] () -- C:\Windows\uruninstaller.ini
[2013/03/04 02:12:30 | 000,074,291 | ---- | C] () -- C:\ProgramData\1362359390.bdinstall.bin
[2013/03/04 02:09:50 | 000,022,959 | ---- | C] () -- C:\ProgramData\1362359386.bdinstall.bin
[2013/03/04 01:41:32 | 000,166,263 | ---- | C] () -- C:\ProgramData\1362357473.bdinstall.bin
[2013/02/07 13:09:54 | 000,243,400 | ---- | C] () -- C:\Program Files (x86)\Plugin.dll
[2013/02/07 13:01:28 | 000,518,144 | ---- | C] () -- C:\Program Files (x86)\ForceDelete.dll
[2013/02/06 19:20:18 | 000,034,816 | ---- | C] () -- C:\Program Files (x86)\AddAffiliateToRegistry.exe
[2013/01/10 16:42:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/24 11:02:31 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/06/23 17:34:42 | 000,302,425 | ---- | C] () -- C:\Users\andrew\AppData\Local\funmoods-speeddial.crx
[2012/01/21 21:43:33 | 000,007,597 | ---- | C] () -- C:\Users\andrew\AppData\Local\resmon.resmoncfg
[2012/01/19 10:41:19 | 000,736,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/29 09:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/29 08:53:17 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/09/29 08:36:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/29 08:33:45 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2013/09/01 12:28:49 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#9
zac1
Posted 03 September 2013 - 01:07 PM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 9/3/2013 7:28:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 73.10% Memory free
11.21 Gb Paging File | 9.68 Gb Available in Paging File | 86.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 87.24 Gb Free Space | 58.53% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 39.76 Gb Free Space | 26.75% Space Free | Partition Type: NTFS

Computer Name: ANDREW-TOSH | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 16:32:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Downloads\OTL.exe
PRC - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
PRC - [2013/04/26 14:57:22 | 001,177,224 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Program Files (x86)\Secure Speed Dial\IE\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/31 22:17:38 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/08/12 09:22:07 | 000,596,832 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV:64bit: - [2013/08/12 09:22:04 | 000,684,896 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV:64bit: - [2013/08/12 09:22:04 | 000,243,552 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2013/08/12 09:22:03 | 000,376,160 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV:64bit: - [2013/08/12 09:22:03 | 000,340,320 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2013/08/12 09:22:02 | 000,619,360 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV:64bit: - [2013/08/12 09:22:02 | 000,445,856 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV:64bit: - [2013/08/12 09:18:51 | 000,353,120 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/01 10:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\4959228drv.sys -- (4959228drv)
DRV:64bit: - [2013/05/26 21:48:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/26 21:48:16 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/26 21:48:15 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/03/18 14:25:00 | 000,068,720 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2013/03/17 23:36:16 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/01/25 14:33:16 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/20 14:11:38 | 000,464,480 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2012/11/20 14:11:38 | 000,040,544 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (AFW)
DRV:64bit: - [2012/10/04 08:38:58 | 000,034,928 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BdNet.sys -- (BdNet)
DRV:64bit: - [2012/06/26 10:48:34 | 000,256,072 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV:64bit: - [2012/06/26 10:48:34 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/29 08:40:02 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/06/29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE:64bit: - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 7C 2D 29 8F 68 CE 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}
IE - HKCU\..\SearchScopes\{16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{23303B5B-C540-4BE4-83F1-8C0DC4FACEBC}: "URL" = http://websearch.ask...41-3D2C671F5827
IE - HKCU\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://isearch.avg.c...fr&d=2012-01-07 04:52:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{3D9DC740-E406-42D2-8871-4B15DA52C51E}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{5715C1D3-7F11-4D86-B22C-814B8C34C38D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7EC4E5A4-99D1-46A5-9649-01107F3AA6DB}: "URL" = https://startpage.co...uage=english_uk
IE - HKCU\..\SearchScopes\{8AA527DD-48AE-4EDC-AEB7-155463CF3E2A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AAAEE6DC-4E10-4705-87AF-F0806210CBD3}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{C308655F-C2AB-4F50-8EA7-BDD9C66ECAF2}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2013/09/03 14:08:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/01 08:10:23 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{332F2E0C-25BC-4B9F-B282-A06785088426}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{5CDE1C03-381D-4A8E-9931-75AD9AEF0024}
[2013/09/02 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\ProcAlyzer Dumps
[2013/09/02 11:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/01 12:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/01 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Deployment
[2013/09/01 09:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013/08/30 03:04:11 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{899D16EF-9ACE-4C07-B2D8-C9EE458E0286}
[2013/08/30 01:40:59 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Wise Care 365
[2013/08/30 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013/08/30 01:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivaZer
[2013/08/15 07:08:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/08/15 05:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/08/14 06:52:22 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{9CFD3332-1A1A-44EF-8953-E0F0176E054C}
[2013/08/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 21:18:36 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\LogMeIn Rescue Applet
[2013/08/13 01:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial
[2013/08/12 09:22:54 | 000,125,496 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:54 | 000,113,088 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 09:22:51 | 000,073,056 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:51 | 000,060,256 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 01:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/08/11 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\andrew\Doctor Web
[2013/08/11 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{C86DFA3B-13C0-423E-A228-1535BB032B4B}
[2013/08/11 06:17:00 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/11 06:15:08 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/11 04:34:39 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2013/08/11 04:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2013/08/11 04:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2013/08/11 04:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2013/08/11 04:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2013/08/11 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/11 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/08 06:36:20 | 000,556,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/08 05:59:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/08 05:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/08/07 19:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/08/07 14:56:38 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/08/07 14:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/08/05 19:11:00 | 000,000,000 | ---D | C] -- C:\EEK
[2013/08/04 23:11:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/07/21 09:11:20 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2013/02/07 13:11:02 | 003,226,824 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\Utils.dll
[2013/02/07 13:10:34 | 004,742,856 | ---- | C] (Terra Informatica Software, Inc.) -- C:\Program Files (x86)\sciter-x.dll
[2013/02/07 13:10:10 | 002,218,184 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\RegistryDefrag.dll
[2013/02/07 13:09:46 | 000,067,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\offreg.dll
[2013/02/07 13:09:38 | 000,519,368 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\DiskDuplicates.dll
[2013/02/07 13:09:30 | 000,213,704 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CPluginServicePS.dll
[2013/02/07 13:09:22 | 002,282,696 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPluginService.exe
[2013/02/07 13:09:06 | 000,330,440 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CategoryFactory.dll
[2013/02/07 13:08:44 | 009,851,080 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPCTuneUp.exe
[2013/02/04 10:20:40 | 001,674,752 | ---- | C] (COMODO Security Solutions) -- C:\Program Files (x86)\feedback.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/03 19:34:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/03 19:12:16 | 000,736,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/03 19:12:16 | 000,633,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/03 19:12:16 | 000,115,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/03 19:10:00 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 19:10:00 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/03 19:06:33 | 000,000,576 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/03 19:05:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/03 19:05:54 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/09/03 19:04:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/03 19:04:18 | 218,865,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/03 06:13:07 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/09/02 16:00:49 | 000,005,698 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 20:39:12 | 000,002,246 | ---- | M] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 09:07:23 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:36:56 | 000,015,618 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/09/01 08:19:15 | 000,294,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/01 08:16:53 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/01 08:10:23 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/01 03:56:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/31 01:39:49 | 000,239,723 | ---- | M] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | M] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/15 06:31:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_475
[2013/08/15 05:57:20 | 000,002,126 | ---- | M] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 23:18:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_736
[2013/08/12 09:22:27 | 000,060,256 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 09:22:26 | 000,073,056 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:25 | 000,125,496 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:25 | 000,113,088 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 03:24:30 | 000,004,084 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:15 | 000,025,972 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 12:45:09 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_477
[2013/08/11 06:52:51 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_702
[2013/08/11 06:16:17 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:57 | 000,010,704 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | M] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | M] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:57 | 016,685,832 | ---- | M] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Windows\SysWow64\sqlite3.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/03 19:06:33 | 000,000,576 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/02 16:00:43 | 000,005,698 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 12:30:17 | 000,002,246 | ---- | C] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 12:29:06 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 12:29:04 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 09:07:23 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013/09/01 08:35:19 | 000,015,618 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/08/31 01:39:49 | 000,239,723 | ---- | C] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | C] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/30 01:02:53 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[2013/08/30 00:57:18 | 218,865,663 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/15 07:07:19 | 000,294,200 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/15 05:57:20 | 000,002,126 | ---- | C] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 21:04:25 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/08/13 01:24:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/12 03:24:11 | 000,004,084 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:12 | 000,025,972 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 06:16:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:47 | 000,010,704 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | C] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | C] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:32 | 016,685,832 | ---- | C] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/11 00:30:59 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/11 00:30:58 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013/07/31 20:52:06 | 000,000,036 | ---- | C] () -- C:\Users\andrew\AppData\Local\housecall.guid.cache
[2013/07/23 03:08:29 | 000,423,709 | ---- | C] () -- C:\Users\andrew\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\Win4665 Config DB.dlx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\System3192SettingsDB.dat
[2013/06/01 22:29:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/05/28 13:33:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/16 10:02:55 | 000,008,192 | ---- | C] () -- C:\Program Files (x86)\CPTSettings.dat
[2013/05/11 22:52:28 | 000,000,203 | ---- | C] () -- C:\Windows\uruninstaller.ini
[2013/03/04 02:12:30 | 000,074,291 | ---- | C] () -- C:\ProgramData\1362359390.bdinstall.bin
[2013/03/04 02:09:50 | 000,022,959 | ---- | C] () -- C:\ProgramData\1362359386.bdinstall.bin
[2013/03/04 01:41:32 | 000,166,263 | ---- | C] () -- C:\ProgramData\1362357473.bdinstall.bin
[2013/02/07 13:09:54 | 000,243,400 | ---- | C] () -- C:\Program Files (x86)\Plugin.dll
[2013/02/07 13:01:28 | 000,518,144 | ---- | C] () -- C:\Program Files (x86)\ForceDelete.dll
[2013/02/06 19:20:18 | 000,034,816 | ---- | C] () -- C:\Program Files (x86)\AddAffiliateToRegistry.exe
[2013/01/10 16:42:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/24 11:02:31 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/06/23 17:34:42 | 000,302,425 | ---- | C] () -- C:\Users\andrew\AppData\Local\funmoods-speeddial.crx
[2012/01/21 21:43:33 | 000,007,597 | ---- | C] () -- C:\Users\andrew\AppData\Local\resmon.resmoncfg
[2012/01/19 10:41:19 | 000,736,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/29 09:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/29 08:53:17 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/09/29 08:36:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/29 08:33:45 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2013/09/01 12:28:49 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#10
zac1
Posted 03 September 2013 - 01:08 PM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hello Ron did i do it correctly.Please let me know.
  • 0

Advertisements

#11
zac1
Posted 06 September 2013 - 05:28 AM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Good Afternoon Ron
I have had no communication from you for 3 days now.Can you please give me an update as to where we are now.

Best Wishes
Zac1
  • 0

#12
zac1
Posted 06 September 2013 - 02:46 PM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hello Ron sending OTL File againOTL logfile created on: 9/6/2013 9:19:19 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrew\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.61 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 74.01% Memory free
11.21 Gb Paging File | 9.69 Gb Available in Paging File | 86.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 89.48 Gb Free Space | 60.03% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 39.74 Gb Free Space | 26.73% Space Free | Partition Type: NTFS

Computer Name: ANDREW-TOSH | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 19:23:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Downloads\OTL (1).exe
PRC - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
PRC - [2013/04/26 14:57:22 | 001,177,224 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/06 15:15:42 | 000,268,968 | ---- | M] () -- C:\Program Files (x86)\Secure Speed Dial\IE\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/31 22:17:38 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/08/12 09:22:07 | 000,596,832 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV:64bit: - [2013/08/12 09:22:04 | 000,684,896 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV:64bit: - [2013/08/12 09:22:04 | 000,243,552 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2013/08/12 09:22:03 | 000,376,160 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV:64bit: - [2013/08/12 09:22:03 | 000,340,320 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2013/08/12 09:22:02 | 000,619,360 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV:64bit: - [2013/08/12 09:22:02 | 000,445,856 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV:64bit: - [2013/08/12 09:18:51 | 000,353,120 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2011/06/28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/05 16:33:40 | 002,229,072 | ---- | M] (Secure Speed Dial) [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/01 10:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\4959228drv.sys -- (4959228drv)
DRV:64bit: - [2013/05/26 21:48:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/26 21:48:16 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/26 21:48:15 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/03/18 14:25:00 | 000,068,720 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2013/03/17 23:36:16 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/01/25 14:33:16 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012/12/21 13:43:52 | 000,633,680 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2012/12/21 13:43:52 | 000,090,960 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/20 14:11:38 | 000,464,480 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2012/11/20 14:11:38 | 000,040,544 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (AFW)
DRV:64bit: - [2012/10/04 08:38:58 | 000,034,928 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BdNet.sys -- (BdNet)
DRV:64bit: - [2012/06/26 10:48:34 | 000,256,072 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV:64bit: - [2012/06/26 10:48:34 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/29 08:40:02 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/06/29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE:64bit: - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes,DefaultScope = {ABA3D263-6AB2-4530-B983-62D8D153B360}
IE - HKLM\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{ABA3D263-6AB2-4530-B983-62D8D153B360}: "URL" = http://start.funmood...A&cr=1141072529

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 7C 2D 29 8F 68 CE 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}
IE - HKCU\..\SearchScopes\{16F3F12F-FB2D-45B8-9BA5-37AB7AADB53F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{23303B5B-C540-4BE4-83F1-8C0DC4FACEBC}: "URL" = http://websearch.ask...41-3D2C671F5827
IE - HKCU\..\SearchScopes\{34ECC055-9CF7-8E3C-6BFC-788B9E43D4E9}: "URL" = http://isearch.avg.c...fr&d=2012-01-07 04:52:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{3D9DC740-E406-42D2-8871-4B15DA52C51E}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{5715C1D3-7F11-4D86-B22C-814B8C34C38D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7EC4E5A4-99D1-46A5-9649-01107F3AA6DB}: "URL" = https://startpage.co...uage=english_uk
IE - HKCU\..\SearchScopes\{8AA527DD-48AE-4EDC-AEB7-155463CF3E2A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AAAEE6DC-4E10-4705-87AF-F0806210CBD3}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{C308655F-C2AB-4F50-8EA7-BDD9C66ECAF2}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2013/09/03 14:08:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0\
CHR - Extension: YouTube = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/01 08:10:23 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{332F2E0C-25BC-4B9F-B282-A06785088426}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/04 23:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2013/09/04 23:20:27 | 000,000,000 | ---D | C] -- C:\archive_db
[2013/09/04 23:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2013/09/04 23:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2013/09/04 23:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Drive Copy™ 12 Compact
[2013/09/04 23:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
[2013/09/02 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{5CDE1C03-381D-4A8E-9931-75AD9AEF0024}
[2013/09/02 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\ProcAlyzer Dumps
[2013/09/02 11:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/01 12:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/01 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Deployment
[2013/09/01 09:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013/08/30 03:04:11 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{899D16EF-9ACE-4C07-B2D8-C9EE458E0286}
[2013/08/30 01:40:59 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Wise Care 365
[2013/08/30 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013/08/30 01:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivaZer
[2013/08/15 07:08:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/08/15 05:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/08/15 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/08/14 06:52:22 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{9CFD3332-1A1A-44EF-8953-E0F0176E054C}
[2013/08/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 21:18:36 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\LogMeIn Rescue Applet
[2013/08/13 01:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial
[2013/08/12 09:22:54 | 000,125,496 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:54 | 000,113,088 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 09:22:51 | 000,073,056 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:51 | 000,060,256 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 01:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/08/11 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\andrew\Doctor Web
[2013/08/11 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{C86DFA3B-13C0-423E-A228-1535BB032B4B}
[2013/08/11 06:17:00 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/11 06:15:08 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/11 04:34:39 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2013/08/11 04:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2013/08/11 04:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2013/08/11 04:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2013/08/11 04:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2013/08/11 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/11 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/08 06:36:20 | 000,556,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[2013/08/08 05:59:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/08 05:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/07/21 09:11:20 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2013/02/07 13:11:02 | 003,226,824 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\Utils.dll
[2013/02/07 13:10:34 | 004,742,856 | ---- | C] (Terra Informatica Software, Inc.) -- C:\Program Files (x86)\sciter-x.dll
[2013/02/07 13:10:10 | 002,218,184 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\RegistryDefrag.dll
[2013/02/07 13:09:46 | 000,067,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\offreg.dll
[2013/02/07 13:09:38 | 000,519,368 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\DiskDuplicates.dll
[2013/02/07 13:09:30 | 000,213,704 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CPluginServicePS.dll
[2013/02/07 13:09:22 | 002,282,696 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPluginService.exe
[2013/02/07 13:09:06 | 000,330,440 | ---- | C] (Comodo Security Solutions, Inc) -- C:\Program Files (x86)\CategoryFactory.dll
[2013/02/07 13:08:44 | 009,851,080 | ---- | C] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\CPCTuneUp.exe
[2013/02/04 10:20:40 | 001,674,752 | ---- | C] (COMODO Security Solutions) -- C:\Program Files (x86)\feedback.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/06 21:08:30 | 000,736,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/06 21:08:30 | 000,633,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/06 21:08:30 | 000,115,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/06 21:06:30 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/06 21:06:30 | 000,025,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/06 21:03:00 | 000,000,576 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/06 21:02:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/06 21:02:16 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/09/06 21:00:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/06 21:00:44 | 218,865,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/06 20:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/05 19:53:18 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/05 08:53:28 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/09/04 23:15:31 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Drive Copy™ 12 Compact.lnk
[2013/09/04 09:44:23 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/02 16:00:49 | 000,005,698 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 20:39:12 | 000,002,246 | ---- | M] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 08:36:56 | 000,015,618 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/09/01 08:19:15 | 000,294,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/01 08:16:53 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/01 08:10:23 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/01 03:56:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/31 01:39:49 | 000,239,723 | ---- | M] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | M] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/15 06:31:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_475
[2013/08/15 05:57:20 | 000,002,126 | ---- | M] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 23:18:06 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_736
[2013/08/12 09:22:27 | 000,060,256 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2013/08/12 09:22:26 | 000,073,056 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2013/08/12 09:22:25 | 000,125,496 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll
[2013/08/12 09:22:25 | 000,113,088 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll
[2013/08/12 03:24:30 | 000,004,084 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:15 | 000,025,972 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 12:45:09 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_477
[2013/08/11 06:52:51 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_702
[2013/08/11 06:16:17 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:57 | 000,010,704 | ---- | M] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | M] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | M] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:57 | 016,685,832 | ---- | M] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/08 07:12:10 | 000,556,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4959228drv.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/06 21:03:00 | 000,000,576 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013/09/04 23:15:31 | 000,002,324 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Drive Copy™ 12 Compact.lnk
[2013/09/02 16:00:43 | 000,005,698 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130902_160038.reg
[2013/09/01 12:30:17 | 000,002,246 | ---- | C] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 12:30:17 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 12:29:06 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 12:29:04 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 08:35:19 | 000,015,618 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130901_083515.reg
[2013/08/31 01:39:49 | 000,239,723 | ---- | C] () -- C:\Users\andrew\AppData\Local\census.cache
[2013/08/31 01:39:34 | 000,104,998 | ---- | C] () -- C:\Users\andrew\AppData\Local\ars.cache
[2013/08/30 01:02:53 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[2013/08/30 00:57:18 | 218,865,663 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/15 07:07:19 | 000,294,200 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/15 05:57:20 | 000,002,126 | ---- | C] () -- C:\Users\andrew\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/08/15 00:08:42 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/13 21:04:25 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
[2013/08/13 01:24:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/12 03:24:11 | 000,004,084 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130812_032407.reg
[2013/08/11 14:13:12 | 000,025,972 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_141309.reg
[2013/08/11 06:16:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ANDREW-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/11 06:04:47 | 000,010,704 | ---- | C] () -- C:\Users\andrew\Documents\cc_20130811_060442.reg
[2013/08/11 05:41:53 | 000,001,039 | ---- | C] () -- C:\Users\andrew\Desktop\Your Unin-staller!.lnk
[2013/08/11 04:46:48 | 000,000,164 | ---- | C] () -- C:\Users\andrew\Desktop\BullGuard Online Drive.lnk
[2013/08/11 04:34:25 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard.lnk
[2013/08/11 04:30:32 | 016,685,832 | ---- | C] () -- C:\Users\Public\Desktop\Install BullGuard Internet Security.exe
[2013/08/11 00:30:59 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/08/11 00:30:58 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013/07/31 20:52:06 | 000,000,036 | ---- | C] () -- C:\Users\andrew\AppData\Local\housecall.guid.cache
[2013/07/23 03:08:29 | 000,423,709 | ---- | C] () -- C:\Users\andrew\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\Win4665 Config DB.dlx
[2013/07/14 19:33:12 | 000,000,024 | -HS- | C] () -- C:\Users\andrew\AppData\Roaming\System3192SettingsDB.dat
[2013/06/01 22:29:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/05/28 13:33:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/05/16 10:02:55 | 000,008,192 | ---- | C] () -- C:\Program Files (x86)\CPTSettings.dat
[2013/05/11 22:52:28 | 000,000,203 | ---- | C] () -- C:\Windows\uruninstaller.ini
[2013/03/04 02:12:30 | 000,074,291 | ---- | C] () -- C:\ProgramData\1362359390.bdinstall.bin
[2013/03/04 02:09:50 | 000,022,959 | ---- | C] () -- C:\ProgramData\1362359386.bdinstall.bin
[2013/03/04 01:41:32 | 000,166,263 | ---- | C] () -- C:\ProgramData\1362357473.bdinstall.bin
[2013/02/07 13:09:54 | 000,243,400 | ---- | C] () -- C:\Program Files (x86)\Plugin.dll
[2013/02/07 13:01:28 | 000,518,144 | ---- | C] () -- C:\Program Files (x86)\ForceDelete.dll
[2013/02/06 19:20:18 | 000,034,816 | ---- | C] () -- C:\Program Files (x86)\AddAffiliateToRegistry.exe
[2013/01/10 16:42:49 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/24 11:02:31 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/06/23 17:34:42 | 000,302,425 | ---- | C] () -- C:\Users\andrew\AppData\Local\funmoods-speeddial.crx
[2012/01/21 21:43:33 | 000,007,597 | ---- | C] () -- C:\Users\andrew\AppData\Local\resmon.resmoncfg
[2012/01/19 10:41:19 | 000,736,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/29 09:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/29 08:53:17 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/09/29 08:36:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/29 08:33:45 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2013/09/01 12:28:49 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/29 13:31:36 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Auslogics
[2013/06/01 01:25:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\AVG
[2012/01/07 05:53:33 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\AVG2012
[2013/04/18 01:45:14 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Baidu
[2013/04/21 03:06:28 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Baidu Security
[2012/01/24 13:50:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/08/13 21:42:00 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\BullGuard
[2012/06/18 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\DriverCure
[2013/06/07 23:38:28 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Easeware
[2013/02/25 22:57:59 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ErrorTeck
[2013/06/10 09:13:55 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ESET
[2013/03/04 22:26:24 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Geek Uninstaller
[2013/07/08 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\GlarySoft
[2013/07/23 03:48:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\IObit
[2013/06/01 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\iolo
[2013/07/23 03:35:39 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\mysearchdial
[2012/06/19 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\PC Cleaners
[2012/06/19 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\PCPro
[2012/01/07 05:29:25 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Sammsoft
[2013/03/27 02:07:20 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\SoftGrid Client
[2013/06/08 21:55:01 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Systweak
[2013/05/11 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TestApp
[2012/01/05 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Toshiba
[2011/12/29 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TOSHIBA Online Product Information
[2013/05/18 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TuneUp Software
[2013/04/30 01:11:12 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\URSoft
[2012/01/21 02:43:19 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Windows Live Writer
[2013/09/04 19:10:36 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Wise Care 365

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#13
zac1
Posted 06 September 2013 - 02:51 PM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Resent the otl file.logs file does not come up afterscan.Please advise.
  • 0

#14
RKinner
Posted 08 September 2013 - 09:58 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Don't understand why you had three different posts in the malware forum but CompCav found this one and told me about it.

You are showing multiple anti-viruses. Bullguard and Avast and maybe BitDefender. Uninstall all but one. Also uninstall HitmanPro. It's dangerous to have - sometimes it works and sometimes it makes the PC unbootable.

If a step doesn't work go on to the next step. Multiple replies to this post are OK so go ahead and post the logs as you get them. Less chance of losing a log.


Download the adwCleaner
Pause your anti-virus. Close all browsers.
  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the Delete option
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

:!: Turn off your screen saver so you can see what is going on

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes. If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt. It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option     Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#15
zac1
Posted 08 September 2013 - 01:22 PM

zac1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Good Evening Ron,
Sorry for the late reply.We have been out all day.The only Antivirus i am running at the moment is Bullguard.I have malwarebytes pro also installed.
I have removed Hitman pro.Below are results from adwcleaner.# AdwCleaner v3.003 - Report created 08/09/2013 at 20:11:56
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andrew - ANDREW-TOSH
# Running from : C:\Users\andrew\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Utils.dll
File Found : C:\Users\andrew\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\SpeedMaxPc
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\Mysearchdial
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\baidu
Folder Found C:\ProgramData\Systweak
Folder Found C:\Users\andrew\AppData\Roaming\baidu
Folder Found C:\Users\andrew\AppData\Roaming\DriverCure
Folder Found C:\Users\andrew\AppData\Roaming\Mysearchdial
Folder Found C:\Users\andrew\AppData\Roaming\Systweak

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SpeedMaxPC
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\SpeedMaxPC
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\toolbar_vit_sweetim_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\toolbar_vit_sweetim_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16576


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5482 octets] - [08/09/2013 20:09:29]
AdwCleaner[R1].txt - [5378 octets] - [08/09/2013 20:11:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5438 octets] ##########
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP