Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible infection, wireless indicator has a red cross through but is


  • This topic is locked This topic is locked

#1
Dom2276

Dom2276

    Member

  • Member
  • PipPip
  • 59 posts
Sorry cut off most of my title.. The wireless indicator has a red cross through it but it is connected, and windows update will not install any of 10 important updates. I have a Dell xps i7 running windows 7. I have tried every fix I have found for these problems but to no avail. I have uninstalled drivers, switched on and off, tried Microsoft fix it, cleaned the registry, and run various antimalware programs including spybot. All in safe mode, and I have tried a clean start also. The update issue is a strange one also, there are 10 important updates waiting, but everytime they try and install 4 fail and it loops back to the start of 10 again, very frustrating. error code is 64c. Here is the log from OTL, hope someone can help! New problem started now, my antivirus has started turning itself off for no reason??

OTL logfile created on: 01/10/2013 20:30:05 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.90 Gb Total Physical Memory | 5.15 Gb Available Physical Memory | 65.17% Memory free
15.79 Gb Paging File | 12.30 Gb Available in Paging File | 77.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 64.33 Gb Free Space | 9.47% Space Free | Partition Type: NTFS
Drive Y: | 19.53 Gb Total Space | 7.69 Gb Free Space | 39.37% Space Free | Partition Type: NTFS

Computer Name: DOM-PC | User Name: Dom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/30 19:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Desktop\OTL.exe
PRC - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/16 02:34:06 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/15 23:12:16 | 004,851,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/14 15:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/14 15:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/09/10 11:18:22 | 000,755,080 | ---- | M] (Samsung) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkDMS.exe
PRC - [2013/09/05 04:23:44 | 001,315,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
PRC - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/06/28 04:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/22 15:08:17 | 000,595,144 | ---- | M] (Murray Hurps Software Pty Ltd) -- C:\Program Files (x86)\Ad Muncher\AdMunch.exe
PRC - [2013/05/10 12:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/03 02:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/02 00:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2012/01/12 04:00:22 | 000,229,048 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2011/11/02 15:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/19 06:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/19 06:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/19 06:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/19 06:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/09/23 05:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/23 05:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/09/23 05:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/09/22 05:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/09/17 03:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/08/12 15:05:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
PRC - [2011/04/14 05:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/12/21 13:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 13:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/18 05:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/18 05:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/02 11:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/09/30 22:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/08/13 05:45:00 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2009/07/29 23:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2009/05/20 06:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/01 19:07:25 | 000,557,056 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\pysqlite2._sqlite.pyd
MOD - [2013/10/01 19:07:25 | 000,128,512 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\_elementtree.pyd
MOD - [2013/10/01 19:07:25 | 000,098,816 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32api.pyd
MOD - [2013/10/01 19:07:25 | 000,044,032 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\_socket.pyd
MOD - [2013/10/01 19:07:25 | 000,022,528 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32ts.pyd
MOD - [2013/10/01 19:07:24 | 000,320,512 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32com.shell.shell.pyd
MOD - [2013/10/01 19:07:24 | 000,070,656 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\wx._html2.pyd
MOD - [2013/10/01 19:07:24 | 000,026,624 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\_multiprocessing.pyd
MOD - [2013/10/01 19:07:23 | 000,805,888 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\wx._gdi_.pyd
MOD - [2013/10/01 19:07:23 | 000,504,832 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\windows._cacheinvalidation.pyd
MOD - [2013/10/01 19:07:23 | 000,017,408 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32profile.pyd
MOD - [2013/10/01 19:07:23 | 000,011,264 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32crypt.pyd
MOD - [2013/10/01 19:07:22 | 001,175,040 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\wx._core_.pyd
MOD - [2013/10/01 19:07:22 | 001,153,024 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\_ssl.pyd
MOD - [2013/10/01 19:07:22 | 000,811,008 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\wx._windows_.pyd
MOD - [2013/10/01 19:07:22 | 000,735,232 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\wx._misc_.pyd
MOD - [2013/10/01 19:07:22 | 000,711,680 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\_hashlib.pyd
MOD - [2013/10/01 19:07:22 | 000,364,544 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\pythoncom27.dll
MOD - [2013/10/01 19:07:22 | 000,122,368 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\wx._wizard.pyd
MOD - [2013/10/01 19:07:22 | 000,119,808 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32file.pyd
MOD - [2013/10/01 19:07:22 | 000,110,080 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\PyWinTypes27.dll
MOD - [2013/10/01 19:07:22 | 000,108,544 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32security.pyd
MOD - [2013/10/01 19:07:22 | 000,087,040 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\_ctypes.pyd
MOD - [2013/10/01 19:07:22 | 000,035,840 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32process.pyd
MOD - [2013/10/01 19:07:22 | 000,025,600 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32pdh.pyd
MOD - [2013/10/01 19:07:21 | 001,062,400 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\wx._controls_.pyd
MOD - [2013/10/01 19:07:21 | 000,038,912 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32inet.pyd
MOD - [2013/10/01 19:07:20 | 000,686,080 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\unicodedata.pyd
MOD - [2013/10/01 19:07:20 | 000,127,488 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\pyexpat.pyd
MOD - [2013/10/01 19:07:20 | 000,018,432 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\win32event.pyd
MOD - [2013/10/01 19:07:20 | 000,010,240 | ---- | M] () -- C:\Users\Dom\AppData\Local\Temp\_MEI24522\select.pyd
MOD - [2013/09/30 03:39:30 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll
MOD - [2013/09/30 03:39:04 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5126089292f3f953c53f7f7defc0a79f\System.ServiceModel.Web.ni.dll
MOD - [2013/09/30 03:39:00 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\245d1e603b9f9a15d8934c4f1bbe55ee\System.Xml.Linq.ni.dll
MOD - [2013/09/30 03:38:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/09/30 03:38:07 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c7e65a2dfe8622af6e256cb4a7a3352e\System.IdentityModel.ni.dll
MOD - [2013/09/30 03:38:05 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
MOD - [2013/09/30 03:38:04 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll
MOD - [2013/09/30 03:38:03 | 017,477,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\c0593e0b0fafb24a15548809f246d9e0\System.ServiceModel.ni.dll
MOD - [2013/09/30 03:37:42 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
MOD - [2013/09/30 03:37:33 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
MOD - [2013/09/30 03:37:25 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/09/30 03:36:17 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/30 03:36:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/09/30 03:35:57 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/30 03:35:50 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/09/30 03:35:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/30 03:35:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/09/30 03:35:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/09/30 03:35:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/09/14 13:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 13:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/02/02 00:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/02 00:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/02 00:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/11/02 12:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 12:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/23 05:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/04/23 05:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/12/18 05:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/25 17:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/18 05:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/01/21 14:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/10 09:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/09/23 18:24:30 | 000,605,768 | ---- | M] (Copyright 2013 SAMSUNG) [Auto | Running] -- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe -- (Samsung Link Service)
SRV:64bit: - [2013/09/10 11:19:00 | 000,404,360 | ---- | M] (Samsung) [Auto | Running] -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS)
SRV:64bit: - [2013/05/27 18:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/21 18:03:56 | 000,618,832 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Running] -- C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe -- (NGRegClnSrv)
SRV:64bit: - [2011/11/02 08:37:56 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/11/02 08:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/11/02 08:22:28 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/10/21 13:33:22 | 000,135,440 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/10/20 09:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010/11/30 10:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/23 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/07 23:16:32 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV:64bit: - [2009/11/18 15:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2007/11/20 10:50:32 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdpcoms.exe -- (lxdp_device)
SRV - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/20 14:20:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/04 04:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 12:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/09 00:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/03 02:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/19 06:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/19 06:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/19 06:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/09/23 05:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/12 13:04:58 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/12/21 13:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 13:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 00:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/26 00:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/30 22:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/26 15:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/13 05:45:00 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2010/03/19 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/29 23:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2009/06/11 10:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/06/19 09:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/09 03:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/12/14 01:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/09 00:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/09 00:42:14 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/08/24 03:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 03:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/24 03:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/22 01:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/30 11:53:19 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/03/01 19:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/20 16:35:53 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/20 16:35:53 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/10 08:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/12/02 14:57:06 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/11/15 14:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/20 09:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/10/20 09:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/09/14 05:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/08/30 11:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/03 06:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/07/26 06:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/21 02:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/07/21 02:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 19:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 20:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/03/04 18:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/11 11:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/21 06:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/16 05:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/13 14:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/18 06:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/17 11:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/16 06:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/14 06:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/13 03:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/11/30 10:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 16:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/21 16:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 16:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/20 13:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/16 13:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/21 08:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/04 04:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/07/13 15:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/12 05:14:00 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2010/04/28 12:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 12:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 10:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 10:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/19 22:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/28 04:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 22:14:20 | 000,304,232 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/01/14 00:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2009/09/24 02:23:08 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 13:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/09 03:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2006/11/02 07:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{62E361EE-1F0E-41C0-96DF-C0E2F918BDA2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {99F4E0CF-C394-42E8-9CEA-E40795E1836A}
IE - HKLM\..\SearchScopes\{62E361EE-1F0E-41C0-96DF-C0E2F918BDA2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = ${SEARCH_URL}{searchTerms}
IE - HKLM\..\SearchScopes\{99F4E0CF-C394-42E8-9CEA-E40795E1836A}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.nz/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...GGHP_en-GBGB469
IE - HKCU\..\SearchScopes\{99F4E0CF-C394-42E8-9CEA-E40795E1836A}: "URL" = http://www.google.co...GGHP_en-GBGB469
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:4.1.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/08 12:33:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2013/08/19 13:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\Mozilla\Extensions
[2013/08/19 13:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\Mozilla\Extensions\net.openvpn.client
[2013/09/28 15:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\tyh94w6u.default\extensions
[2013/09/28 15:42:24 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\tyh94w6u.default\extensions\[email protected]
[2012/12/30 20:29:48 | 000,002,090 | ---- | M] () -- C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\tyh94w6u.default\searchplugins\Searchab.xml
[2013/02/14 00:18:13 | 000,001,435 | ---- | M] () -- C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\tyh94w6u.default\searchplugins\spamfreesearch.xml
[2013/06/25 22:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/28 15:32:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/28 15:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/28 15:41:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/13 17:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 17:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 17:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - plugin: iTunes Application Detector (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/06 01:21:15 | 000,000,907 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\SysNative\ICO.EXE (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [NETGATERegistryCleaner] C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe (NETGATE Technologies s.r.o.)
O4 - Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
O4 - Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07D7C6C4-53D0-48C3-A37A-E07C7D427863}: DhcpNameServer = 83.170.64.2 83.170.69.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C438524-4F47-487A-93CE-D1BAB0D8ADB4}: DhcpNameServer = 118.148.1.10 118.148.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11882032-6AA4-47B7-86A5-AC5569E879D7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC32772B-FA57-440D-8B0D-8D88E4D826D4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9FCE419-9F15-415A-99C6-5FE985543394}: DhcpNameServer = 118.148.1.10 118.148.1.20
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/01 12:01:00 | 000,000,053 | -HS- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{4aa5c408-500d-11e1-a843-88532e936853}\Shell - "" = AutoRun
O33 - MountPoints2\{4aa5c408-500d-11e1-a843-88532e936853}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/30 19:21:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dom\Desktop\OTL.exe
[2013/09/30 03:12:02 | 000,000,000 | ---D | C] -- C:\b5c006cffeee775457d0d7154511
[2013/09/30 01:17:06 | 000,000,000 | ---D | C] -- C:\980561c6dcf88010b2
[2013/09/30 00:39:49 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\AVG2014
[2013/09/30 00:39:14 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\TuneUp Software
[2013/09/30 00:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/30 00:38:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/30 00:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/30 00:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/09/30 00:34:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/30 00:34:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\MFAData
[2013/09/30 00:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/30 00:34:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Avg2014
[2013/09/29 04:10:34 | 000,000,000 | ---D | C] -- C:\fe501aa4514f3182ced75d1f6ccab7
[2013/09/28 18:10:43 | 000,000,000 | ---D | C] -- C:\b3cc7c2335cd946642470b10
[2013/09/28 03:16:52 | 000,000,000 | ---D | C] -- C:\cd9e6bddc8659a9b4654b14a31d1
[2013/09/28 00:38:39 | 000,000,000 | ---D | C] -- C:\1636748c503e2b68b1a88e656c65ac
[2013/09/27 20:53:35 | 000,000,000 | ---D | C] -- C:\3e8fd45ef95030712ce704632295e7
[2013/09/27 19:17:54 | 000,000,000 | ---D | C] -- C:\db8463676f71a75b810e733d
[2013/09/27 17:51:14 | 000,000,000 | ---D | C] -- C:\e72d2bac2c21c5faa248a802bd958213
[2013/09/27 17:43:11 | 000,000,000 | ---D | C] -- C:\8a192cb811f68407b52ee6
[2013/09/27 17:03:37 | 000,000,000 | ---D | C] -- C:\MATS
[2013/09/27 16:36:23 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\NETGATE Registry Cleaner
[2013/09/27 16:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGATE Registry Cleaner
[2013/09/27 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2013/09/26 20:43:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/09/26 19:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/26 14:57:38 | 000,000,000 | ---D | C] -- C:\636c88cbb740eae64aba2190
[2013/09/23 00:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/23 00:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/23 00:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/23 00:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/23 00:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/21 17:05:37 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Urban Trial Freestyle
[2013/09/20 17:35:17 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Octane
[2013/09/11 12:26:48 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Rockstar Games
[2013/09/11 12:23:28 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Rockstar Games
[2013/09/11 12:17:21 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/09/11 11:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2013/09/11 11:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013/09/08 23:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viscom Store RMVB Converter
[2013/09/08 23:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viscom Store RMVB Converter
[2013/09/08 23:18:59 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Media Player Classic
[2013/09/08 23:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/09/08 23:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/09/08 23:09:32 | 000,060,416 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomtran.dll
[2013/09/08 23:09:32 | 000,052,736 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomwave.dll
[2013/09/08 23:09:31 | 000,713,728 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscommpgenc.dll
[2013/09/08 23:09:31 | 000,706,560 | ---- | C] (Viscom Software Viscom Software) -- C:\Windows\SysWow64\viscomdata1.dll
[2013/09/08 23:09:31 | 000,705,536 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomdata2.dll
[2013/09/08 23:09:31 | 000,059,904 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomaudioencoder.dll
[2013/09/08 23:09:31 | 000,059,904 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomaudiodata.dll
[2013/09/08 23:09:31 | 000,054,272 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomframe.dll
[2013/09/08 23:09:30 | 000,136,192 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\VideoEdit.ocx
[2013/09/08 23:09:29 | 000,299,008 | ---- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaSplitter.ax
[2013/09/08 22:11:42 | 000,031,544 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/08 21:45:11 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\D5CEBBFC-9741-4C80-8569-B09615F6463C.aplzod
[2013/09/04 18:01:49 | 000,000,000 | ---D | C] -- C:\Users\Dom\Samsung Link
[2013/09/02 10:59:14 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/09/02 10:29:18 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/09/02 10:26:50 | 000,192,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/09/02 10:26:42 | 000,241,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[5 C:\Users\Dom\Documents\*.tmp files -> C:\Users\Dom\Documents\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/01 20:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/01 20:04:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 19:18:09 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/01 19:18:09 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 19:18:09 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 19:17:45 | 000,021,296 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 19:17:45 | 000,021,296 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 19:13:07 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 19:11:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 19:05:58 | 000,000,212 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/10/01 19:05:26 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/30 19:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Desktop\OTL.exe
[2013/09/30 17:45:39 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/30 15:10:00 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013/09/30 00:45:32 | 000,002,135 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/30 00:39:14 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/30 00:14:09 | 000,002,576 | ---- | M] () -- C:\Users\Dom\Desktop\mseremoval.bat
[2013/09/28 00:55:28 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/09/27 23:51:32 | 000,000,636 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2013/09/27 23:05:12 | 393,334,463 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/27 16:36:23 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\NETGATE Registry Cleaner.lnk
[2013/09/26 18:58:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2013/09/24 23:24:56 | 001,082,546 | ---- | M] () -- C:\Users\Dom\Desktop\MaddAddam - Margaret Atwood.MOBI
[2013/09/24 19:02:15 | 001,124,850 | ---- | M] () -- C:\Users\Dom\Documents\Passport stamp.jpg
[2013/09/20 16:38:52 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/12 23:37:11 | 000,470,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 12:17:21 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/09/11 12:12:06 | 000,002,198 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013/09/11 11:53:40 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2013/09/10 23:39:13 | 002,271,600 | ---- | M] () -- C:\Users\Dom\Desktop\40's pattern top.pdf
[2013/09/10 22:15:39 | 000,228,547 | ---- | M] () -- C:\Users\Dom\Desktop\igora_color_chart_esp_javitott.jpg
[2013/09/10 18:19:48 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/09/09 00:04:41 | 759,804,360 | ---- | M] () -- C:\Users\Dom\Desktop\The Worlds End 2013 HD TV 720P AC3 MURDER.rmvb
[2013/09/08 23:52:22 | 001,207,723 | ---- | M] () -- C:\Users\Dom\Documents\303_Womans_weekly_1.pdf
[2013/09/08 23:52:03 | 000,751,175 | ---- | M] () -- C:\Users\Dom\Documents\449_cherry_delight.pdf
[2013/09/08 23:51:55 | 001,031,558 | ---- | M] () -- C:\Users\Dom\Documents\416_SG_bedjacket_Celia.pdf
[2013/09/08 23:17:11 | 000,003,584 | ---- | M] () -- C:\Users\Dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/08 21:44:47 | 000,839,680 | ---- | M] () -- C:\Users\Dom\Desktop\bonnet.jpeg
[2013/09/08 21:44:14 | 003,448,832 | ---- | M] () -- C:\Users\Dom\Desktop\image.jpeg
[2013/09/08 21:43:58 | 001,969,763 | ---- | M] () -- C:\Users\Dom\Desktop\photo.JPG
[2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[5 C:\Users\Dom\Documents\*.tmp files -> C:\Users\Dom\Documents\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/30 00:39:14 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/30 00:14:09 | 000,002,576 | ---- | C] () -- C:\Users\Dom\Desktop\mseremoval.bat
[2013/09/27 23:51:32 | 000,000,636 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2013/09/27 16:36:23 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\NETGATE Registry Cleaner.lnk
[2013/09/27 11:02:01 | 000,002,478 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.1 AE.lnk
[2013/09/27 11:02:01 | 000,002,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk
[2013/09/24 23:24:46 | 001,082,546 | ---- | C] () -- C:\Users\Dom\Desktop\MaddAddam - Margaret Atwood.MOBI
[2013/09/23 00:21:57 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/11 12:12:06 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013/09/11 11:53:40 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2013/09/10 23:39:12 | 002,271,600 | ---- | C] () -- C:\Users\Dom\Desktop\40's pattern top.pdf
[2013/09/10 22:36:50 | 000,228,547 | ---- | C] () -- C:\Users\Dom\Desktop\igora_color_chart_esp_javitott.jpg
[2013/09/08 23:55:23 | 001,207,723 | ---- | C] () -- C:\Users\Dom\Documents\303_Womans_weekly_1.pdf
[2013/09/08 23:55:23 | 001,031,558 | ---- | C] () -- C:\Users\Dom\Documents\416_SG_bedjacket_Celia.pdf
[2013/09/08 23:55:23 | 000,751,175 | ---- | C] () -- C:\Users\Dom\Documents\449_cherry_delight.pdf
[2013/09/08 23:33:10 | 759,804,360 | ---- | C] () -- C:\Users\Dom\Desktop\The Worlds End 2013 HD TV 720P AC3 MURDER.rmvb
[2013/09/08 23:31:31 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013/09/08 23:17:11 | 000,003,584 | ---- | C] () -- C:\Users\Dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/08 23:16:01 | 000,256,088 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2013/09/08 23:16:01 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/09/08 23:09:30 | 002,392,064 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
[2013/09/08 23:09:30 | 000,215,040 | ---- | C] () -- C:\Windows\SysWow64\videoformat.dll
[2013/09/08 23:09:30 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\imgscaler.dll
[2013/09/08 23:09:30 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\img_utils.dll
[2013/09/08 23:09:30 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\videocore.dll
[2013/09/08 21:44:47 | 000,839,680 | ---- | C] () -- C:\Users\Dom\Desktop\bonnet.jpeg
[2013/09/08 21:44:14 | 003,448,832 | ---- | C] () -- C:\Users\Dom\Desktop\image.jpeg
[2013/09/08 21:43:58 | 001,969,763 | ---- | C] () -- C:\Users\Dom\Desktop\photo.JPG
[2013/08/23 15:34:32 | 000,706,560 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013/08/23 15:34:30 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013/07/23 20:18:54 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013/07/23 20:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013/07/23 20:18:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013/07/23 20:18:40 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013/07/23 20:18:38 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2013/07/23 20:18:38 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2013/02/14 00:25:00 | 000,000,292 | ---- | C] () -- C:\Users\Dom\AppData\Local\HamsterBookConverter.cfg
[2012/10/18 06:04:11 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/10/18 06:04:11 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/10/18 06:04:11 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/10/18 06:04:11 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/10/18 06:04:11 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/10/18 06:04:11 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/10/18 06:04:11 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/10/18 06:04:11 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/10/18 06:04:11 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/10/18 06:04:11 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/10/18 06:04:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/10/18 06:04:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/10/18 06:04:11 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/10/18 06:04:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/10/18 06:04:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/10/18 06:04:11 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/10/18 06:04:11 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/10/18 06:04:11 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/10/18 06:04:11 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/06/28 15:49:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\-iDxxkR9p6q7MtY
[2012/06/28 15:33:49 | 000,000,256 | ---- | C] () -- C:\ProgramData\iDxxkR9p6q7MtY
[2012/06/21 04:56:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\-O5euMTN1vMGtcO
[2012/06/21 04:56:41 | 000,000,256 | ---- | C] () -- C:\ProgramData\O5euMTN1vMGtcO
[2012/02/15 12:45:46 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/02/15 12:45:41 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/02/15 12:45:41 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/02/04 01:43:57 | 000,103,272 | ---- | C] () -- C:\Users\Dom\GoToAssistDownloadHelper.exe
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2012/01/20 16:05:46 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2012/01/20 16:05:46 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2012/01/20 16:05:46 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2012/01/20 16:05:46 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2012/01/20 16:05:45 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2012/01/20 16:05:45 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2012/01/20 16:05:45 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2012/01/20 16:05:44 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2012/01/20 16:02:52 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/01/20 16:02:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/01/20 16:01:59 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/20 16:01:58 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/01/20 16:01:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/20 16:01:56 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 15:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 14:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 16:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/30 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\AVG2014
[2013/09/28 15:42:22 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\BitTorrent
[2012/01/31 03:49:18 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Blio
[2013/02/14 00:25:38 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\calibre
[2013/02/21 13:05:31 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Canon
[2013/02/03 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\dBpoweramp
[2012/11/10 23:37:54 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Dropbox
[2013/09/28 15:42:22 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\File Scout
[2012/01/31 03:46:01 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Fingertapps
[2013/06/01 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Leadertech
[2013/09/28 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Milestone
[2013/09/28 15:42:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\NETGATE Registry Cleaner
[2013/09/20 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Octane
[2013/03/13 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Omerta
[2013/09/28 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\OpenVPN Technologies
[2012/02/04 23:14:02 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\PCDr
[2013/03/13 16:27:40 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\PerformerSoft
[2013/06/05 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\redsn0w
[2012/11/01 15:14:21 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Research In Motion
[2013/07/09 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Samsung
[2013/10/01 04:17:20 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\tixati
[2013/09/30 00:39:14 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TuneUp Software
[2012/01/30 22:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ZinioReader4

========== Purity Check ==========



< End of report >

Edited by Dom2276, 01 October 2013 - 11:31 PM.

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, Dom2276! :welcome: My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe. by right clicking and then select Run as administrator
  • Wait until Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.







Please post:

aswMBR log
RKreport.txt


Give me an update on your computer's issues.



Regards,

CompCav
  • 0

#3
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi CompCav

Firstly I would like to thank you for taking the time to help, your generosity is truly appreciated.
Right, nothing has changed with my problems, thank god they are not too serious.
As requested here are the logs:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-04 08:14:05
-----------------------------
08:14:05.055 OS Version: Windows x64 6.1.7601 Service Pack 1
08:14:05.055 Number of processors: 8 586 0x2A07
08:14:05.055 ComputerName: DOM-PC UserName: Dom
08:14:07.669 Initialize success
08:14:29.422 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:14:29.422 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3
08:14:29.562 Disk 0 MBR read successfully
08:14:29.562 Disk 0 MBR scan
08:14:29.562 Disk 0 Windows VISTA default MBR code
08:14:29.578 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
08:14:29.594 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
08:14:29.609 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 695299 MB offset 41172992
08:14:29.656 Disk 0 scanning C:\Windows\system32\drivers
08:14:36.487 Service scanning
08:14:55.669 Modules scanning
08:14:55.685 Disk 0 trace - called modules:
08:14:55.716 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
08:14:55.716 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80095fe790]
08:14:55.732 3 CLASSPNP.SYS[fffff88001b0d43f] -> nt!IofCallDriver -> [0xfffffa8009542c20]
08:14:56.059 5 stdcfltn.sys[fffff88001675c52] -> nt!IofCallDriver -> [0xfffffa800790a550]
08:14:56.075 7 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80079f1050]
08:14:56.075 Scan finished successfully
08:15:10.532 Disk 0 MBR has been saved successfully to "C:\Users\Dom\Desktop\MBR.dat"
08:15:10.548 The log file has been saved successfully to "C:\Users\Dom\Desktop\aswMBR.txt"


And:

RogueKiller V8.7.1 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dom [Admin rights]
Mode : Scan -- Date : 10/04/2013 08:19:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[Microsoft][HIDDEN] rundll32.exe -- \Device\HarddiskVolume3\Windows\System32\rundll32.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9750420AS +++++
--- User ---
[MBR] c4d441a27258bc95be2bbf548713c1b2
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10042013_081924.txt >>

Looking forward to hearing your thoughts

Many thanks

Dom
  • 0

#4
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Sorry just realised I didn't run roguekiller as administrator, but as I have administrator rights I guess that shouldn't make a difference. Also it asks if I want to delete the problems found, shall I go ahead and do that?
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Yes please have it delete the problems found and post the resultant log in your next reply.
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer before performing the next step.


Step 2

Re-open OTL to your Desktop
  • Right click on the icon and select Run as administrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    services.*
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will openOTL.Txt
  • Post the log


Step 3

Please post:

  • ComboFix.txt
  • OTL.txt

Please give me an update on how the computer is behaving.



  • 0

#7
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Strangely when combo fix started scanning, my wireless indicator displayed the correct full signel icon, but after reboot it went back to red cross again.

combo fix log:

ComboFix 13-10-03.03 - Dom 04/10/2013 11:44:55.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8086.5337 [GMT 13:00]
Running from: c:\users\Dom\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dom\AppData\Local\Temp\_MEI31602\_ctypes.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\_elementtree.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\_hashlib.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\_multiprocessing.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\_socket.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\_ssl.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\msvcp100.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\msvcr100.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\pyexpat.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\pysqlite2._sqlite.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\python27.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\pythoncom27.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\PyWinTypes27.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\select.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\unicodedata.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32api.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32com.shell.shell.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32crypt.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32event.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32file.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32inet.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32pdh.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32process.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32profile.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32security.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\win32ts.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\windows._cacheinvalidation.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\wx._controls_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\wx._core_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\wx._gdi_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\wx._html2.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\wx._misc_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\wx._windows_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\wx._wizard.pyd
c:\users\Dom\AppData\Local\Temp\_MEI31602\wxbase294u_net_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\wxbase294u_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\wxmsw294u_adv_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\wxmsw294u_core_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\wxmsw294u_html_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI31602\wxmsw294u_webview_vc90.dll
.
---- Previous Run -------
.
c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe
c:\programdata\PCDr\6308\AddOnDownloaded\0779eca6-695c-444d-8ef3-6621f5a112ee.dll
c:\programdata\PCDr\6308\AddOnDownloaded\244ec244-34e7-4b04-85aa-c16ea08f2533.dll
c:\programdata\PCDr\6308\AddOnDownloaded\394b144a-f70e-44ff-a1ce-7fed69d15b12.dll
c:\programdata\PCDr\6308\AddOnDownloaded\3df85ce4-1732-4e9b-9fee-111cf95d7191.dll
c:\programdata\PCDr\6308\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6308\AddOnDownloaded\5ec8c7eb-8ac7-4252-bb47-87f22e27e4a9.dll
c:\programdata\PCDr\6308\AddOnDownloaded\646d4422-eb1f-4e32-8b16-f32fc711fbc0.dll
c:\programdata\PCDr\6308\AddOnDownloaded\751275e0-9b7c-49a7-b6d8-eaf73a4eac58.dll
c:\programdata\PCDr\6308\AddOnDownloaded\7ec00d71-b236-42d5-b7d2-aab97a4a1f3d.dll
c:\programdata\PCDr\6308\AddOnDownloaded\8658165e-a29d-4eca-a939-35aff3e05f62.dll
c:\programdata\PCDr\6308\AddOnDownloaded\a7c185b3-39a9-4aaf-9506-7726c68d6350.dll
c:\programdata\PCDr\6308\AddOnDownloaded\aa7c4756-0f94-474f-8589-eb1b0e71c93b.dll
c:\programdata\PCDr\6308\AddOnDownloaded\ad245130-e9e2-4a7e-8912-a540560daf66.dll
c:\programdata\PCDr\6308\AddOnDownloaded\be543d7a-9241-474e-9567-a20b994760c0.dll
c:\programdata\PCDr\6308\AddOnDownloaded\c0c54ea3-e58e-438a-9c4c-778b0979180a.dll
c:\programdata\PCDr\6308\AddOnDownloaded\f39d056b-fbf9-40c5-806d-7d93eacdc251.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\_ctypes.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\_elementtree.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\_hashlib.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\_multiprocessing.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\_socket.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\_ssl.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\msvcp100.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\msvcr100.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\pyexpat.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\pysqlite2._sqlite.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\python27.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\pythoncom27.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\PyWinTypes27.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\select.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\unicodedata.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32api.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32com.shell.shell.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32crypt.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32event.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32file.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32inet.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32pdh.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32process.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32profile.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32security.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\win32ts.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\windows._cacheinvalidation.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\wx._controls_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\wx._core_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\wx._gdi_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\wx._html2.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\wx._misc_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\wx._windows_.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\wx._wizard.pyd
c:\users\Dom\AppData\Local\Temp\_MEI57642\wxbase294u_net_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\wxbase294u_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\wxmsw294u_adv_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\wxmsw294u_core_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\wxmsw294u_html_vc90.dll
c:\users\Dom\AppData\Local\Temp\_MEI57642\wxmsw294u_webview_vc90.dll
c:\users\Dom\Documents\~WRL0127.tmp
c:\users\Dom\Documents\~WRL2827.tmp
c:\users\Dom\Documents\~WRL3502.tmp
c:\users\Dom\Documents\~WRL3530.tmp
c:\users\Dom\Documents\~WRL3762.tmp
c:\windows\SysWow64\img_utils.dll
c:\windows\SysWow64\imgscaler.dll
c:\windows\SysWow64\tmpB260.tmp
c:\windows\SysWow64\tmpB271.tmp
c:\windows\SysWow64\videocore.dll
c:\windows\SysWow64\videoformat.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-09-03 to 2013-10-03 )))))))))))))))))))))))))))))))
.
.
2013-10-03 22:53 . 2013-10-03 22:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-03 22:53 . 2013-10-03 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-03 22:29 . 2013-10-03 22:29 -------- d-----w- C:\a22a4bab0742e18a6f37a1
2013-10-03 18:58 . 2013-10-03 19:02 -------- d-----w- C:\f4f0ab7db8afa1adb9ef748c34
2013-10-03 14:16 . 2013-10-03 14:16 -------- d-----w- C:\8c2d5679db8972bf4321c8427d
2013-10-03 14:11 . 2013-10-03 14:16 -------- d-----w- C:\3339f3641d253d138642a173
2013-10-02 12:35 . 2013-10-02 12:39 -------- d-----w- C:\f17769f40431c23d4d5c
2013-10-02 12:21 . 2013-10-02 12:21 -------- d-----w- C:\95fa73a90dd3a414a832976808c7
2013-10-02 03:22 . 2013-10-02 03:27 -------- d-----w- C:\2b670418ec06f80ec79a6c4a
2013-10-01 14:11 . 2013-10-01 14:15 -------- d-----w- C:\37c8801170743d90a88348f15a33f61b
2013-10-01 10:45 . 2013-10-01 10:45 -------- d-----w- c:\windows\ERUNT
2013-10-01 10:26 . 2013-10-01 10:35 -------- d-----w- C:\AdwCleaner
2013-10-01 08:15 . 2013-10-01 08:19 -------- d-----w- C:\f0945988b9f1dfcce1
2013-09-29 14:12 . 2013-09-29 14:16 -------- d-----w- C:\b5c006cffeee775457d0d7154511
2013-09-29 12:17 . 2013-09-29 12:29 -------- d-----w- C:\980561c6dcf88010b2
2013-09-29 11:39 . 2013-09-29 11:39 -------- d-----w- c:\users\Dom\AppData\Roaming\AVG2014
2013-09-29 11:39 . 2013-09-29 11:39 -------- d-----w- c:\users\Dom\AppData\Roaming\TuneUp Software
2013-09-29 11:38 . 2013-09-29 11:39 -------- d-----w- c:\programdata\AVG2014
2013-09-29 11:38 . 2013-09-29 11:38 -------- d-----w- C:\$AVG
2013-09-29 11:38 . 2013-09-29 11:38 -------- d-----w- c:\program files (x86)\AVG
2013-09-29 11:34 . 2013-10-03 20:26 -------- d-----w- c:\programdata\MFAData
2013-09-29 11:34 . 2013-09-29 11:46 -------- d-----w- c:\users\Dom\AppData\Local\Avg2014
2013-09-29 11:34 . 2013-09-29 11:34 -------- d--h--w- c:\programdata\Common Files
2013-09-29 11:34 . 2013-09-29 11:34 -------- d-----w- c:\users\Dom\AppData\Local\MFAData
2013-09-28 15:10 . 2013-09-28 15:14 -------- d-----w- C:\fe501aa4514f3182ced75d1f6ccab7
2013-09-28 05:17 . 2013-09-15 12:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC33C6C6-6615-4C28-B7B8-CB996A2903CE}\mpengine.dll
2013-09-28 05:10 . 2013-09-28 05:14 -------- d-----w- C:\b3cc7c2335cd946642470b10
2013-09-27 14:16 . 2013-09-27 14:21 -------- d-----w- C:\cd9e6bddc8659a9b4654b14a31d1
2013-09-27 11:38 . 2013-09-27 11:42 -------- d-----w- C:\1636748c503e2b68b1a88e656c65ac
2013-09-27 07:53 . 2013-09-28 02:41 -------- d-----w- C:\3e8fd45ef95030712ce704632295e7
2013-09-27 06:17 . 2013-09-27 06:21 -------- d-----w- C:\db8463676f71a75b810e733d
2013-09-27 04:51 . 2013-09-27 04:56 -------- d-----w- C:\e72d2bac2c21c5faa248a802bd958213
2013-09-27 04:43 . 2013-09-27 04:48 -------- d-----w- C:\8a192cb811f68407b52ee6
2013-09-27 04:03 . 2013-09-27 14:01 -------- d-----w- C:\MATS
2013-09-27 03:36 . 2013-09-28 02:42 -------- d-----w- c:\users\Dom\AppData\Roaming\NETGATE Registry Cleaner
2013-09-27 03:36 . 2013-09-27 03:36 -------- d-----w- c:\program files\NETGATE
2013-09-26 06:29 . 2013-09-28 02:42 -------- d-----w- c:\program files\CCleaner
2013-09-26 01:57 . 2013-09-26 01:58 -------- d-----w- C:\636c88cbb740eae64aba2190
2013-09-22 11:21 . 2013-09-30 04:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-22 11:21 . 2013-09-28 02:42 -------- d-----w- c:\program files\iTunes
2013-09-22 11:21 . 2013-09-28 02:42 -------- d-----w- c:\program files\iPod
2013-09-22 11:21 . 2013-09-28 02:41 -------- d-----w- c:\program files (x86)\iTunes
2013-09-21 04:05 . 2013-09-21 04:07 -------- d-----w- c:\users\Dom\AppData\Local\Urban Trial Freestyle
2013-09-20 04:35 . 2013-09-20 04:35 -------- d-----w- c:\users\Dom\AppData\Roaming\Octane
2013-09-16 00:30 . 2013-09-16 00:30 4806016 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-09-16 00:30 . 2013-09-16 00:30 4806016 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-09-12 02:06 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-12 02:06 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-12 02:06 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-12 02:06 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-12 00:27 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-12 00:27 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-12 00:27 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-12 00:27 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-09-12 00:27 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-09-10 23:23 . 2013-09-28 02:33 -------- d-----w- c:\users\Dom\AppData\Local\Rockstar Games
2013-09-10 23:17 . 2013-09-10 23:17 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-09-10 22:53 . 2013-09-28 02:41 -------- d-----w- c:\program files (x86)\Rockstar Games
2013-09-08 10:31 . 2013-09-28 02:44 -------- d-----w- c:\program files (x86)\Viscom Store RMVB Converter
2013-09-08 10:31 . 2006-11-06 14:30 262144 ----a-w- c:\windows\SysWow64\lame_enc.dll
2013-09-08 10:31 . 2004-08-04 20:00 502272 ----a-w- c:\windows\SysWow64\WMM2FXA.dll
2013-09-08 10:18 . 2013-09-26 06:37 -------- d-----w- c:\users\Dom\AppData\Roaming\Media Player Classic
2013-09-08 10:16 . 2013-08-02 17:29 256088 ----a-w- c:\windows\system32\unrar64.dll
2013-09-08 10:16 . 2013-08-02 17:29 217176 ----a-w- c:\windows\SysWow64\unrar.dll
2013-09-08 10:15 . 2013-09-28 02:41 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-09-08 10:09 . 2006-05-02 21:16 60416 ----a-w- c:\windows\SysWow64\viscomtran.dll
2013-09-08 10:09 . 2003-08-19 03:31 52736 ----a-w- c:\windows\SysWow64\viscomwave.dll
2013-09-08 10:09 . 2008-03-21 13:00 706560 ----a-w- c:\windows\SysWow64\viscomdata1.dll
2013-09-08 10:09 . 2008-03-17 21:18 713728 ----a-w- c:\windows\SysWow64\viscommpgenc.dll
2013-09-08 10:09 . 2007-09-21 23:00 705536 ----a-w- c:\windows\SysWow64\viscomdata2.dll
2013-09-08 10:09 . 2007-03-04 16:54 54272 ----a-w- c:\windows\SysWow64\viscomframe.dll
2013-09-08 10:09 . 2006-12-06 11:59 59904 ----a-w- c:\windows\SysWow64\viscomaudiodata.dll
2013-09-08 10:09 . 2006-12-05 15:19 59904 ----a-w- c:\windows\SysWow64\viscomaudioencoder.dll
2013-09-08 10:09 . 2008-04-05 23:43 136192 ----a-w- c:\windows\SysWow64\VideoEdit.ocx
2013-09-08 10:09 . 2007-02-26 15:13 2392064 ----a-w- c:\windows\SysWow64\videotrans.dll
2013-09-08 10:09 . 2005-02-02 15:07 1709568 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-09-08 10:09 . 2003-07-29 15:16 299008 ----a-w- c:\windows\SysWow64\RealMediaSplitter.ax
2013-09-08 09:11 . 2013-09-08 09:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-08 08:45 . 2013-09-30 22:17 -------- d-----w- c:\users\Dom\AppData\Local\D5CEBBFC-9741-4C80-8569-B09615F6463C.aplzod
2013-09-04 05:01 . 2013-09-04 05:01 -------- d-----w- c:\users\Dom\Samsung Link
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 03:38 . 2013-05-22 02:18 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-20 01:20 . 2012-03-29 22:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 01:20 . 2012-01-20 01:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 02:03 . 2012-01-30 12:15 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-10 05:19 . 2013-06-24 07:50 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-01 21:59 . 2013-09-01 21:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-01 21:29 . 2013-09-01 21:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-01 21:26 . 2013-09-01 21:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-01 21:26 . 2013-09-01 21:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-23 01:34 . 2013-08-23 01:34 908800 ----a-w- c:\windows\system32\ContentDirectoryPresenter64.dll
2013-08-23 01:34 . 2013-08-23 01:34 706560 ----a-w- c:\windows\SysWow64\ContentDirectoryPresenter.dll
2013-08-23 01:34 . 2013-08-23 01:34 30720 ----a-w- c:\windows\system32\MediaDB64.dll
2013-08-23 01:34 . 2013-08-23 01:34 25600 ----a-w- c:\windows\SysWow64\MediaDB.dll
2013-08-20 09:53 . 2013-08-20 09:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 01:48 . 2013-09-12 00:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 03:07 . 2013-08-01 03:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 03:06 . 2013-08-01 03:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-07-25 09:25 . 2013-08-15 15:11 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 15:11 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-23 06:19 . 2013-07-23 06:19 918016 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-07-23 06:19 . 2013-07-23 06:19 158720 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-07-23 06:19 . 2013-07-23 06:19 49152 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 06:19 . 2013-07-23 06:19 299520 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-07-23 06:19 . 2013-07-23 06:19 58880 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 06:19 . 2013-07-23 06:19 16896 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 06:18 . 2013-07-23 06:18 46592 ----a-w- c:\windows\SysWow64\boost_thread-vc90-mt-1_47.dll
2013-07-23 06:18 . 2013-07-23 06:18 38912 ----a-w- c:\windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
2013-07-23 06:18 . 2013-07-23 06:18 704000 ----a-w- c:\windows\SysWow64\boost_regex-vc90-mt-1_47.dll
2013-07-23 06:18 . 2013-07-23 06:18 227840 ----a-w- c:\windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
2013-07-23 06:18 . 2013-07-23 06:18 130048 ----a-w- c:\windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
2013-07-23 06:18 . 2013-07-23 06:18 12800 ----a-w- c:\windows\SysWow64\boost_system-vc90-mt-1_47.dll
2013-07-19 01:58 . 2013-08-15 15:14 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 15:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 15:14 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 15:11 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 15:14 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 15:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 15:14 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 15:11 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 15:14 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 15:14 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 15:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 15:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 15:11 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-30 39408]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-09-04 1315144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"Ad Muncher"="c:\program files (x86)\Ad Muncher\AdMunch.exe" [2013-05-22 595144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-17 152392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-15 4851760]
.
c:\users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-1-21 243072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 8.1 AE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 8.1 AE\PHOTOfunSTUDIO.exe" [2012-10-18 229048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/19 21:01;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys;c:\windows\SYSNATIVE\drivers\hitmanpro36.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS;c:\windows\SYSNATIVE\DRIVERS\MDPMGRNT.SYS [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys;c:\windows\SYSNATIVE\drivers\CBDisk.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe;c:\windows\SYSNATIVE\lxdpcoms.exe [x]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [x]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [x]
S2 NGRegClnSrv;NETGATE Registry Cleaner Service;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 01:20]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 12:39]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 12:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-09-29 90624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.nz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\tyh94w6u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-08-17 13:53; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2013-10-04 12:02:10 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-03 23:02
.
Pre-Run: 68,348,293,120 bytes free
Post-Run: 68,177,092,608 bytes free
.
- - End Of File - - 02BCD635BB7F4DC6DD78FE22ADB682BA

And OTL log:

OTL logfile created on: 04/10/2013 12:13:34 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.90 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 62.98% Memory free
15.79 Gb Paging File | 12.49 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 63.59 Gb Free Space | 9.37% Space Free | Partition Type: NTFS

Computer Name: DOM-PC | User Name: Dom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/30 19:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Desktop\OTL.exe
PRC - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/06/20 13:53:24 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/05/10 12:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/03 02:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/19 06:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/19 06:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/19 06:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/09/23 05:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/23 05:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/09/23 05:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/09/22 05:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/12/21 13:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 13:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/30 22:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/08/13 05:45:00 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2010/03/19 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/07/29 23:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE


========== Modules (No Company Name) ==========

MOD - [2013/10/04 11:53:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/10/04 11:53:21 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/10/04 11:52:57 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/10/04 11:52:52 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/10/04 11:52:49 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/10/04 11:52:47 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/10/04 11:52:41 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/03 12:09:05 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/04/16 11:56:17 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2013/04/16 11:56:16 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2013/04/16 11:56:15 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2012/10/05 23:53:24 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012/10/05 23:53:23 | 005,988,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012/10/05 23:53:23 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2012/10/05 23:53:23 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2011/09/23 05:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/04/23 05:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/11/21 16:24:58 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
MOD - [2010/11/21 16:24:52 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MOD - [2010/11/21 16:24:52 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2009/06/11 10:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/11 10:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 18:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/21 18:03:56 | 000,618,832 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Running] -- C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe -- (NGRegClnSrv)
SRV:64bit: - [2011/11/02 08:37:56 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/11/02 08:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/11/02 08:22:28 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/10/21 13:33:22 | 000,135,440 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/10/20 09:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010/11/30 10:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/23 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/07 23:16:32 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV:64bit: - [2009/11/18 15:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2007/11/20 10:50:32 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdpcoms.exe -- (lxdp_device)
SRV - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/20 14:20:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/04 04:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 12:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/09 00:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/03 02:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/19 06:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/19 06:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/19 06:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/09/23 05:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/12 13:04:58 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/12/21 13:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 13:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 00:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/26 00:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/30 22:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/26 15:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/13 05:45:00 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2010/03/19 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/29 23:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2009/06/11 10:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/06/19 09:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/09 03:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/12/14 01:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/09 00:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/09 00:42:14 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/08/24 03:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 03:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/24 03:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/22 01:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/30 11:53:19 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/03/01 19:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/20 16:35:53 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/20 16:35:53 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/10 08:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/12/02 14:57:06 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/11/15 14:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/20 09:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/10/20 09:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/09/14 05:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/08/30 11:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/03 06:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/07/26 06:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/21 02:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/07/21 02:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 19:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 20:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/03/04 18:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/11 11:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/21 06:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/16 05:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/13 14:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/18 06:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/17 11:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/16 06:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/14 06:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/13 03:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/11/30 10:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 16:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/21 16:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 16:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/20 13:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/16 13:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/21 08:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/04 04:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/07/13 15:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/12 05:14:00 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2010/04/28 12:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 12:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 10:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 10:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/19 22:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/28 04:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 22:14:20 | 000,304,232 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/01/14 00:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2009/09/24 02:23:08 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 13:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/09 03:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2006/11/02 07:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{62E361EE-1F0E-41C0-96DF-C0E2F918BDA2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{62E361EE-1F0E-41C0-96DF-C0E2F918BDA2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = ${SEARCH_URL}{searchTerms}
IE - HKLM\..\SearchScopes\{99F4E0CF-C394-42E8-9CEA-E40795E1836A}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2560220840-281653925-362234918-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.nz/
IE - HKU\S-1-5-21-2560220840-281653925-362234918-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2560220840-281653925-362234918-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...GGHP_en-GBGB469
IE - HKU\S-1-5-21-2560220840-281653925-362234918-1001\..\SearchScopes\{99F4E0CF-C394-42E8-9CEA-E40795E1836A}: "URL" = http://www.google.co...GGHP_en-GBGB469
IE - HKU\S-1-5-21-2560220840-281653925-362234918-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2560220840-281653925-362234918-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:4.1.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/08 12:33:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2013/08/19 13:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\Mozilla\Extensions
[2013/08/19 13:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\Mozilla\Extensions\net.openvpn.client
[2013/09/28 15:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\tyh94w6u.default\extensions
[2013/09/28 15:42:24 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\tyh94w6u.default\extensions\[email protected]
[2013/06/25 22:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/28 15:32:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/28 15:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/28 15:41:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/13 17:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 17:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 17:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - plugin: iTunes Application Detector (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/04 11:56:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2560220840-281653925-362234918-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\SysNative\ICO.EXE (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2560220840-281653925-362234918-1001..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2560220840-281653925-362234918-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2560220840-281653925-362234918-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2560220840-281653925-362234918-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
O4 - Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2560220840-281653925-362234918-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2560220840-281653925-362234918-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C438524-4F47-487A-93CE-D1BAB0D8ADB4}: DhcpNameServer = 118.148.1.10 118.148.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35886345-E09F-404A-87AC-366C87DCA054}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9FCE419-9F15-415A-99C6-5FE985543394}: DhcpNameServer = 118.148.1.10 118.148.1.20
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/04 11:56:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/04 11:53:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/04 11:42:33 | 005,130,107 | R--- | C] (Swearware) -- C:\Users\Dom\Desktop\ComboFix.exe
[2013/10/04 11:29:59 | 000,000,000 | ---D | C] -- C:\a22a4bab0742e18a6f37a1
[2013/10/04 11:03:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/04 11:03:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/04 11:03:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/04 11:02:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/04 11:02:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/04 08:13:33 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Dom\Desktop\aswMBR.exe
[2013/10/04 07:58:26 | 000,000,000 | ---D | C] -- C:\f4f0ab7db8afa1adb9ef748c34
[2013/10/04 03:16:05 | 000,000,000 | ---D | C] -- C:\8c2d5679db8972bf4321c8427d
[2013/10/04 03:11:50 | 000,000,000 | ---D | C] -- C:\3339f3641d253d138642a173
[2013/10/03 01:35:20 | 000,000,000 | ---D | C] -- C:\f17769f40431c23d4d5c
[2013/10/03 01:21:57 | 000,000,000 | ---D | C] -- C:\95fa73a90dd3a414a832976808c7
[2013/10/02 16:22:32 | 000,000,000 | ---D | C] -- C:\2b670418ec06f80ec79a6c4a
[2013/10/02 03:11:06 | 000,000,000 | ---D | C] -- C:\37c8801170743d90a88348f15a33f61b
[2013/10/01 23:45:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/01 23:26:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/01 21:15:52 | 000,000,000 | ---D | C] -- C:\f0945988b9f1dfcce1
[2013/09/30 19:21:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dom\Desktop\OTL.exe
[2013/09/30 03:12:02 | 000,000,000 | ---D | C] -- C:\b5c006cffeee775457d0d7154511
[2013/09/30 01:17:06 | 000,000,000 | ---D | C] -- C:\980561c6dcf88010b2
[2013/09/30 00:39:49 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\AVG2014
[2013/09/30 00:39:14 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\TuneUp Software
[2013/09/30 00:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/30 00:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/30 00:38:46 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/09/30 00:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/09/30 00:34:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/30 00:34:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\MFAData
[2013/09/30 00:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/30 00:34:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Avg2014
[2013/09/29 04:10:34 | 000,000,000 | ---D | C] -- C:\fe501aa4514f3182ced75d1f6ccab7
[2013/09/28 18:10:43 | 000,000,000 | ---D | C] -- C:\b3cc7c2335cd946642470b10
[2013/09/28 03:16:52 | 000,000,000 | ---D | C] -- C:\cd9e6bddc8659a9b4654b14a31d1
[2013/09/28 00:38:39 | 000,000,000 | ---D | C] -- C:\1636748c503e2b68b1a88e656c65ac
[2013/09/27 20:53:35 | 000,000,000 | ---D | C] -- C:\3e8fd45ef95030712ce704632295e7
[2013/09/27 19:17:54 | 000,000,000 | ---D | C] -- C:\db8463676f71a75b810e733d
[2013/09/27 17:51:14 | 000,000,000 | ---D | C] -- C:\e72d2bac2c21c5faa248a802bd958213
[2013/09/27 17:43:11 | 000,000,000 | ---D | C] -- C:\8a192cb811f68407b52ee6
[2013/09/27 17:03:37 | 000,000,000 | ---D | C] -- C:\MATS
[2013/09/27 16:36:23 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\NETGATE Registry Cleaner
[2013/09/27 16:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGATE Registry Cleaner
[2013/09/27 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2013/09/26 20:43:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/09/26 19:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/26 14:57:38 | 000,000,000 | ---D | C] -- C:\636c88cbb740eae64aba2190
[2013/09/23 00:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/23 00:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/23 00:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/23 00:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/23 00:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/21 17:05:37 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Urban Trial Freestyle
[2013/09/20 17:35:17 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Octane
[2013/09/11 12:26:48 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Rockstar Games
[2013/09/11 12:23:28 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Rockstar Games
[2013/09/11 12:17:21 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/09/11 11:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2013/09/11 11:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013/09/08 23:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viscom Store RMVB Converter
[2013/09/08 23:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viscom Store RMVB Converter
[2013/09/08 23:18:59 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Media Player Classic
[2013/09/08 23:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/09/08 23:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/09/08 23:09:32 | 000,060,416 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomtran.dll
[2013/09/08 23:09:32 | 000,052,736 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomwave.dll
[2013/09/08 23:09:31 | 000,713,728 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscommpgenc.dll
[2013/09/08 23:09:31 | 000,706,560 | ---- | C] (Viscom Software Viscom Software) -- C:\Windows\SysWow64\viscomdata1.dll
[2013/09/08 23:09:31 | 000,705,536 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomdata2.dll
[2013/09/08 23:09:31 | 000,059,904 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomaudioencoder.dll
[2013/09/08 23:09:31 | 000,059,904 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomaudiodata.dll
[2013/09/08 23:09:31 | 000,054,272 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomframe.dll
[2013/09/08 23:09:30 | 000,136,192 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\VideoEdit.ocx
[2013/09/08 23:09:29 | 000,299,008 | ---- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaSplitter.ax
[2013/09/08 22:11:42 | 000,031,544 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/08 21:45:11 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\D5CEBBFC-9741-4C80-8569-B09615F6463C.aplzod
[2013/09/04 18:01:49 | 000,000,000 | ---D | C] -- C:\Users\Dom\Samsung Link

========== Files - Modified Within 30 Days ==========

[2013/10/04 12:04:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/04 12:03:37 | 000,021,296 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 12:03:37 | 000,021,296 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 12:02:49 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/04 12:02:49 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/04 12:02:49 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/04 11:56:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/04 11:56:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/04 11:55:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/04 11:55:25 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/04 11:43:14 | 005,130,107 | R--- | M] (Swearware) -- C:\Users\Dom\Desktop\ComboFix.exe
[2013/10/04 11:20:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/04 08:16:21 | 000,950,272 | ---- | M] () -- C:\Users\Dom\Desktop\RogueKiller.exe
[2013/10/04 08:15:10 | 000,000,512 | ---- | M] () -- C:\Users\Dom\Desktop\MBR.dat
[2013/10/04 08:13:47 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Dom\Desktop\aswMBR.exe
[2013/10/02 22:20:21 | 000,004,701 | ---- | M] () -- C:\WirelessDiagLog.csv
[2013/09/30 19:21:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Desktop\OTL.exe
[2013/09/30 17:45:39 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/30 00:45:32 | 000,002,135 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/30 00:39:14 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/30 00:14:09 | 000,002,576 | ---- | M] () -- C:\Users\Dom\Desktop\mseremoval.bat
[2013/09/28 00:55:28 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/09/27 23:51:32 | 000,000,636 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2013/09/27 23:05:12 | 393,334,463 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/27 16:36:23 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\NETGATE Registry Cleaner.lnk
[2013/09/26 18:58:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2013/09/24 23:24:56 | 001,082,546 | ---- | M] () -- C:\Users\Dom\Desktop\MaddAddam - Margaret Atwood.MOBI
[2013/09/24 19:02:15 | 001,124,850 | ---- | M] () -- C:\Users\Dom\Documents\Passport stamp.jpg
[2013/09/20 16:38:52 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/12 23:37:11 | 000,470,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 12:17:21 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/09/11 12:12:06 | 000,002,198 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013/09/11 11:53:40 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2013/09/10 23:39:13 | 002,271,600 | ---- | M] () -- C:\Users\Dom\Desktop\40's pattern top.pdf
[2013/09/10 22:15:39 | 000,228,547 | ---- | M] () -- C:\Users\Dom\Desktop\igora_color_chart_esp_javitott.jpg
[2013/09/10 18:19:48 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/09/09 00:04:41 | 759,804,360 | ---- | M] () -- C:\Users\Dom\Desktop\The Worlds End 2013 HD TV 720P AC3 MURDER.rmvb
[2013/09/08 23:52:22 | 001,207,723 | ---- | M] () -- C:\Users\Dom\Documents\303_Womans_weekly_1.pdf
[2013/09/08 23:52:03 | 000,751,175 | ---- | M] () -- C:\Users\Dom\Documents\449_cherry_delight.pdf
[2013/09/08 23:51:55 | 001,031,558 | ---- | M] () -- C:\Users\Dom\Documents\416_SG_bedjacket_Celia.pdf
[2013/09/08 23:17:11 | 000,003,584 | ---- | M] () -- C:\Users\Dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/08 21:44:47 | 000,839,680 | ---- | M] () -- C:\Users\Dom\Desktop\bonnet.jpeg
[2013/09/08 21:44:14 | 003,448,832 | ---- | M] () -- C:\Users\Dom\Desktop\image.jpeg
[2013/09/08 21:43:58 | 001,969,763 | ---- | M] () -- C:\Users\Dom\Desktop\photo.JPG

========== Files Created - No Company Name ==========

[2013/10/04 11:03:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/04 11:03:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/04 11:03:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/04 11:03:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/04 11:03:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/04 08:16:18 | 000,950,272 | ---- | C] () -- C:\Users\Dom\Desktop\RogueKiller.exe
[2013/10/04 08:15:10 | 000,000,512 | ---- | C] () -- C:\Users\Dom\Desktop\MBR.dat
[2013/09/30 00:39:14 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/30 00:14:09 | 000,002,576 | ---- | C] () -- C:\Users\Dom\Desktop\mseremoval.bat
[2013/09/27 23:51:32 | 000,000,636 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2013/09/27 16:36:23 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\NETGATE Registry Cleaner.lnk
[2013/09/27 11:02:01 | 000,002,478 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.1 AE.lnk
[2013/09/24 23:24:46 | 001,082,546 | ---- | C] () -- C:\Users\Dom\Desktop\MaddAddam - Margaret Atwood.MOBI
[2013/09/23 00:21:57 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/11 12:12:06 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013/09/11 11:53:40 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2013/09/10 23:39:12 | 002,271,600 | ---- | C] () -- C:\Users\Dom\Desktop\40's pattern top.pdf
[2013/09/10 22:36:50 | 000,228,547 | ---- | C] () -- C:\Users\Dom\Desktop\igora_color_chart_esp_javitott.jpg
[2013/09/08 23:55:23 | 001,207,723 | ---- | C] () -- C:\Users\Dom\Documents\303_Womans_weekly_1.pdf
[2013/09/08 23:55:23 | 001,031,558 | ---- | C] () -- C:\Users\Dom\Documents\416_SG_bedjacket_Celia.pdf
[2013/09/08 23:55:23 | 000,751,175 | ---- | C] () -- C:\Users\Dom\Documents\449_cherry_delight.pdf
[2013/09/08 23:33:10 | 759,804,360 | ---- | C] () -- C:\Users\Dom\Desktop\The Worlds End 2013 HD TV 720P AC3 MURDER.rmvb
[2013/09/08 23:31:31 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013/09/08 23:17:11 | 000,003,584 | ---- | C] () -- C:\Users\Dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/08 23:16:01 | 000,256,088 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2013/09/08 23:16:01 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/09/08 23:09:30 | 002,392,064 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
[2013/09/08 21:44:47 | 000,839,680 | ---- | C] () -- C:\Users\Dom\Desktop\bonnet.jpeg
[2013/09/08 21:44:14 | 003,448,832 | ---- | C] () -- C:\Users\Dom\Desktop\image.jpeg
[2013/09/08 21:43:58 | 001,969,763 | ---- | C] () -- C:\Users\Dom\Desktop\photo.JPG
[2013/08/23 14:34:32 | 000,706,560 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013/08/23 14:34:30 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013/07/23 19:18:54 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013/07/23 19:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013/07/23 19:18:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013/07/23 19:18:40 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013/07/23 19:18:38 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2013/07/23 19:18:38 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2013/02/14 00:25:00 | 000,000,292 | ---- | C] () -- C:\Users\Dom\AppData\Local\HamsterBookConverter.cfg
[2012/10/18 06:04:11 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/10/18 06:04:11 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/10/18 06:04:11 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/10/18 06:04:11 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/10/18 06:04:11 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/10/18 06:04:11 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/10/18 06:04:11 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/10/18 06:04:11 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/10/18 06:04:11 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/10/18 06:04:11 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/10/18 06:04:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/10/18 06:04:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/10/18 06:04:11 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/10/18 06:04:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/10/18 06:04:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/10/18 06:04:11 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/10/18 06:04:11 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/10/18 06:04:11 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/10/18 06:04:11 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/06/28 15:49:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\-iDxxkR9p6q7MtY
[2012/06/28 15:33:49 | 000,000,256 | ---- | C] () -- C:\ProgramData\iDxxkR9p6q7MtY
[2012/06/21 04:56:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\-O5euMTN1vMGtcO
[2012/06/21 04:56:41 | 000,000,256 | ---- | C] () -- C:\ProgramData\O5euMTN1vMGtcO
[2012/02/15 12:45:46 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/02/15 12:45:41 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/02/15 12:45:41 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/02/04 01:43:57 | 000,103,272 | ---- | C] () -- C:\Users\Dom\GoToAssistDownloadHelper.exe
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2012/01/20 16:05:46 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2012/01/20 16:05:46 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2012/01/20 16:05:46 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2012/01/20 16:05:46 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2012/01/20 16:05:46 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2012/01/20 16:05:46 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2012/01/20 16:05:45 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2012/01/20 16:05:45 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2012/01/20 16:05:45 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2012/01/20 16:05:45 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2012/01/20 16:05:44 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2012/01/20 16:05:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2012/01/20 16:05:44 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2012/01/20 16:02:52 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/01/20 16:02:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/01/20 16:01:59 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/20 16:01:58 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/01/20 16:01:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/20 16:01:56 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 15:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 14:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/21 16:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/30 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\AVG2014
[2013/09/28 15:42:22 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\BitTorrent
[2012/01/31 03:49:18 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Blio
[2013/02/14 00:25:38 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\calibre
[2013/02/21 13:05:31 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Canon
[2013/02/03 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\dBpoweramp
[2012/11/10 23:37:54 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Dropbox
[2012/01/31 03:46:01 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Fingertapps
[2013/06/01 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Leadertech
[2013/09/28 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Milestone
[2013/09/28 15:42:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\NETGATE Registry Cleaner
[2013/09/20 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Octane
[2013/03/13 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Omerta
[2013/09/28 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\OpenVPN Technologies
[2012/02/04 23:14:02 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\PCDr
[2013/06/05 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\redsn0w
[2012/11/01 15:14:21 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Research In Motion
[2013/07/09 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Samsung
[2013/10/03 01:24:00 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\tixati
[2013/09/30 00:39:14 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TuneUp Software
[2012/01/30 22:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ZinioReader4

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 14:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 18:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 14:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 16:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 16:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 19:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 14:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 14:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/05 11:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 18:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 17:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 16:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 16:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 16:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/01/20 16:35:50 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 14:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 14:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 14:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 14:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 16:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 14:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 14:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 14:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 14:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 14:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/04 06:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 14:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/01/20 16:35:57 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 19:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 19:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 14:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 16:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 16:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 16:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 19:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 14:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 16:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 16:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 16:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 16:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 16:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 16:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 14:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 18:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 16:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 16:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 16:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 16:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 18:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 16:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 16:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 16:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 16:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 16:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 14:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/03 11:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 16:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 14:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 16:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012/01/20 16:35:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/01/20 16:35:54 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2012/01/20 16:35:54 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/01/20 16:35:54 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/01/20 16:35:54 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 16:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/01/20 16:35:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/01/20 16:35:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 16:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/11 10:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012/04/04 18:54:08 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012/04/04 18:54:08 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012/04/04 18:54:04 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012/04/04 18:54:02 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012/04/04 18:54:02 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012/04/04 18:54:02 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012/04/04 18:54:04 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012/04/04 18:54:04 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012/04/04 18:53:58 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2012/04/04 18:54:04 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012/04/04 18:53:56 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012/04/04 18:54:08 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2012/04/04 18:53:56 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012/04/04 18:54:02 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2012/04/04 18:53:56 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2012/04/04 18:54:08 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012/04/04 18:54:04 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012/04/04 18:54:10 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012/04/04 18:54:10 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012/04/04 18:54:02 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2012/04/04 18:54:08 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012/04/04 18:53:58 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2012/04/04 18:54:04 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/16 16:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2012/04/04 18:54:02 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012/04/04 18:53:58 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012/04/04 18:53:58 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >
[2010/11/16 16:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >
[2010/11/16 16:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >
[2010/11/16 16:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >
[2010/11/16 16:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >
[2010/11/16 16:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >
[2010/11/16 16:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >
[2010/11/16 16:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >
[2010/11/16 16:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >
[2010/11/16 16:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >
[2010/11/16 16:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >
[2010/11/16 16:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >
[2010/11/16 16:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >
[2010/11/16 16:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >
[2010/11/16 16:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >
[2010/11/16 16:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >
[2010/11/16 16:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >
[2010/11/16 16:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >
[2010/11/16 16:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >
[2010/11/16 16:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >
[2010/11/16 16:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >
[2010/11/16 16:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >
[2010/11/16 16:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >
[2010/11/16 16:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >
[2010/11/16 16:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >
[2010/11/16 16:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2013/05/10 20:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/16 16:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 14:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 14:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 14:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 20:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 20:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 17:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 17:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 09:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 09:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 20:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 09:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 20:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 10:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 20:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 09:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 20:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 10:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2013/05/03 19:21:28 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\My Dell\images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/14 09:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 09:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2013/07/16 14:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SERVICES.WHM >
[2008/11/10 08:49:56 | 000,003,678 | ---- | M] () MD5=78C07607AD198E5769746185F8EF2D78 -- C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\pc\html\www.craplist.net\services.whm

< MD5 for: SVCHOST.EXE >
[2009/07/14 14:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 14:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 14:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/05 02:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 14:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 14:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 14:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 16:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 16:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 16:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 16:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 16:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 16:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 16:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/21 16:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 16:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/05 02:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/14 18:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 18:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/31 01:39:07 | 000,000,888 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/01/31 01:39:07 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/03/30 11:17:05 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is D05A-98DF
Directory of C:\
14/07/2009 18:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 18:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 18:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 18:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 18:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 18:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 18:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 18:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 18:08 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 18:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 18:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 18:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 18:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 18:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 18:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 18:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 18:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 18:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 18:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 18:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 18:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 18:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 18:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 18:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 18:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 18:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 18:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 18:08 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 18:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 18:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Dom
30/01/2012 12:08 <JUNCTION> Application Data [C:\Users\Dom\AppData\Roaming]
30/01/2012 12:08 <JUNCTION> Cookies [C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies]
30/01/2012 12:08 <JUNCTION> Local Settings [C:\Users\Dom\AppData\Local]
30/01/2012 12:08 <JUNCTION> My Documents [C:\Users\Dom\Documents]
30/01/2012 12:08 <JUNCTION> NetHood [C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/01/2012 12:08 <JUNCTION> PrintHood [C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/01/2012 12:08 <JUNCTION> Recent [C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Recent]
30/01/2012 12:08 <JUNCTION> SendTo [C:\Users\Dom\AppData\Roaming\Microsoft\Windows\SendTo]
30/01/2012 12:08 <JUNCTION> Start Menu [C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu]
30/01/2012 12:08 <JUNCTION> Templates [C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dom\AppData\Local
30/01/2012 12:08 <JUNCTION> Application Data [C:\Users\Dom\AppData\Local]
30/01/2012 12:08 <JUNCTION> History [C:\Users\Dom\AppData\Local\Microsoft\Windows\History]
30/01/2012 12:08 <JUNCTION> Temporary Internet Files [C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dom\AppData\LocalLow
20/03/2012 12:40 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Dom\Documents
30/01/2012 12:08 <JUNCTION> My Music [C:\Users\Dom\Music]
30/01/2012 12:08 <JUNCTION> My Pictures [C:\Users\Dom\Pictures]
30/01/2012 12:08 <JUNCTION> My Videos [C:\Users\Dom\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 18:08 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 18:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 18:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
20/01/2012 14:53 <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
20/01/2012 14:53 <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
20/01/2012 14:53 <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
20/01/2012 14:53 <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
20/01/2012 14:53 <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
20/01/2012 14:53 <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
20/01/2012 14:53 <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
20/01/2012 14:53 <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
20/01/2012 14:53 <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
20/01/2012 14:53 <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
20/01/2012 14:53 <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
20/01/2012 14:53 <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
20/01/2012 14:53 <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
20/01/2012 14:53 <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
20/01/2012 14:53 <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
20/01/2012 14:53 <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 68,111,818,752 bytes free

< End of report >
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1

You have some remnants still of MSE on your computer.

Download this fixit to your desktop.
Run the fixit by right click then select Run as administrator.
After it runs reboot the computer and go on to the next step.


Step 2

P2P Warning!:

IMPORTANT I have noticed that there are signs of BitTorrent P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.



Step 3

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2560220840-281653925-362234918-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    2013/10/04 07:58:26 | 000,000,000 | ---D | C] -- C:\f4f0ab7db8afa1adb9ef748c34
    [2013/10/04 03:16:05 | 000,000,000 | ---D | C] -- C:\8c2d5679db8972bf4321c8427d
    [2013/10/04 03:11:50 | 000,000,000 | ---D | C] -- C:\3339f3641d253d138642a173
    [2013/10/03 01:35:20 | 000,000,000 | ---D | C] -- C:\f17769f40431c23d4d5c
    [2013/10/03 01:21:57 | 000,000,000 | ---D | C] -- C:\95fa73a90dd3a414a832976808c7
    [2013/10/02 16:22:32 | 000,000,000 | ---D | C] -- C:\2b670418ec06f80ec79a6c4a
    [2013/10/02 03:11:06 | 000,000,000 | ---D | C] -- C:\37c8801170743d90a88348f15a33f61b
    [2013/10/01 21:15:52 | 000,000,000 | ---D | C] -- C:\f0945988b9f1dfcce1
    [2013/09/30 01:17:06 | 000,000,000 | ---D | C] -- C:\980561c6dcf88010b2
    [2013/09/29 04:10:34 | 000,000,000 | ---D | C] -- C:\fe501aa4514f3182ced75d1f6ccab7
    [2013/09/28 18:10:43 | 000,000,000 | ---D | C] -- C:\b3cc7c2335cd946642470b10
    [2013/09/28 03:16:52 | 000,000,000 | ---D | C] -- C:\cd9e6bddc8659a9b4654b14a31d1
    [2013/09/28 00:38:39 | 000,000,000 | ---D | C] -- C:\1636748c503e2b68b1a88e656c65ac
    [2013/09/27 20:53:35 | 000,000,000 | ---D | C] -- C:\3e8fd45ef95030712ce704632295e7
    [2013/09/27 19:17:54 | 000,000,000 | ---D | C] -- C:\db8463676f71a75b810e733d
    [2013/09/27 17:51:14 | 000,000,000 | ---D | C] -- C:\e72d2bac2c21c5faa248a802bd958213
    [2013/09/27 17:43:11 | 000,000,000 | ---D | C] -- C:\8a192cb811f68407b52ee6
    [2013/09/26 14:57:38 | 000,000,000 | ---D | C] -- C:\636c88cbb740eae64aba2190
    [2013/09/23 00:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/06/28 15:49:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\-iDxxkR9p6q7MtY
    [2012/06/28 15:33:49 | 000,000,256 | ---- | C] () -- C:\ProgramData\iDxxkR9p6q7MtY
    [2012/06/21 04:56:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\-O5euMTN1vMGtcO
    [2012/06/21 04:56:41 | 000,000,256 | ---- | C] () -- C:\ProgramData\O5euMTN1vMGtcO
    [2013/09/28 15:42:22 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\BitTorrent
    
    
    :files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4

Please rerun RogueKiller and click scan again and post the latest RKreport.txt.


Step 5

Please post:
OTL fix log
RKreport.txt

Also give me an update on the issues with your computer.



  • 0

#9
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I removed MSE recently as it failed to update several times, I did try fix it before but obviously to no avail. I also thought I had removed bit torrent so was surprised to find it in my programs again!? I will keep my P2P activity to my old laptop I have set up just for that. As requested here is the OTL log. I will post roguekiller after in case it shuts down and I lose OTL log.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2\ deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files\Java\jre7\bin\jp2ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2560220840-281653925-362234918-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\8c2d5679db8972bf4321c8427d\Graphics folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\3082 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\3076 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\2070 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\2052 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1055 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1053 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1049 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1046 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1045 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1044 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1043 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1042 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1041 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1040 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1038 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1037 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1036 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1035 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1033 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1032 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1031 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1030 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1029 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1028 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d\1025 folder moved successfully.
C:\8c2d5679db8972bf4321c8427d folder moved successfully.
C:\3339f3641d253d138642a173 folder moved successfully.
C:\f17769f40431c23d4d5c folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\Graphics folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\3082 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\3076 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\2070 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\2052 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1055 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1053 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1049 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1046 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1045 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1044 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1043 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1042 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1041 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1040 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1038 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1037 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1036 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1035 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1033 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1032 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1031 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1030 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1029 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1028 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7\1025 folder moved successfully.
C:\95fa73a90dd3a414a832976808c7 folder moved successfully.
C:\2b670418ec06f80ec79a6c4a folder moved successfully.
C:\37c8801170743d90a88348f15a33f61b folder moved successfully.
C:\f0945988b9f1dfcce1 folder moved successfully.
C:\980561c6dcf88010b2 folder moved successfully.
C:\fe501aa4514f3182ced75d1f6ccab7 folder moved successfully.
C:\b3cc7c2335cd946642470b10 folder moved successfully.
C:\cd9e6bddc8659a9b4654b14a31d1 folder moved successfully.
C:\1636748c503e2b68b1a88e656c65ac folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\Graphics folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\3082 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\3076 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\2070 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\2052 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1055 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1053 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1049 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1046 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1045 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1044 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1043 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1042 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1041 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1040 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1038 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1037 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1036 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1035 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1033 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1032 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1031 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1030 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1029 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1028 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7\1025 folder moved successfully.
C:\3e8fd45ef95030712ce704632295e7 folder moved successfully.
C:\db8463676f71a75b810e733d folder moved successfully.
C:\e72d2bac2c21c5faa248a802bd958213 folder moved successfully.
C:\8a192cb811f68407b52ee6 folder moved successfully.
C:\636c88cbb740eae64aba2190 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 folder moved successfully.
C:\ProgramData\-iDxxkR9p6q7MtY moved successfully.
C:\ProgramData\iDxxkR9p6q7MtY moved successfully.
C:\ProgramData\-O5euMTN1vMGtcO moved successfully.
C:\ProgramData\O5euMTN1vMGtcO moved successfully.
C:\Users\Dom\AppData\Roaming\BitTorrent\ie folder moved successfully.
C:\Users\Dom\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully.
C:\Users\Dom\AppData\Roaming\BitTorrent\apps folder moved successfully.
C:\Users\Dom\AppData\Roaming\BitTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dom\Desktop\cmd.bat deleted successfully.
C:\Users\Dom\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dom
->Temp folder emptied: 42625017 bytes
->Temporary Internet Files folder emptied: 471690779 bytes
->Java cache emptied: 99321 bytes
->FireFox cache emptied: 81110073 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 60341 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127902574 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 140446 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 690.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10052013_093222

Files\Folders moved on Reboot...
C:\Users\Dom\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Dom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UWOTARHW\afr[1].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UWOTARHW\afr[2].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UWOTARHW\page__p__2337483__fromsearch__1[1].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O4N28YV3\afr[2].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O4N28YV3\dl[1].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6WK7Y02\afr[1].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27WQN7YE\3rdparty[1].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27WQN7YE\dl[1].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27WQN7YE\Downton_Abbey_4x02_HDTV_x264-FoV_[eztv][1].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

I removed MSE recently as it failed to update several times, I did try fix it before but obviously to no avail.

Did the fixit run OK?

I also thought I had removed bit torrent so was surprised to find it in my programs again!?

I saw it in the log but did not check uninstalls. We can check that soon.


Looking forward to RogueKiller log.
  • 0

Advertisements


#11
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Roguekiller report:

RogueKiller V8.7.1 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dom [Admin rights]
Mode : Remove -- Date : 10/05/2013 09:55:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9750420AS +++++
--- User ---
[MBR] c4d441a27258bc95be2bbf548713c1b2
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10052013_095502.txt >>
RKreport[0]_D_10042013_084956.txt;RKreport[0]_S_10042013_081924.txt;RKreport[0]_S_10042013_085126.txt
RKreport[0]_S_10042013_085318.txt;RKreport[0]_S_10052013_095420.txt



There is no change to the problems, still got a red cross through wireless indicator and 10 windows updates that fail and loop every time they try and install.
  • 0

#12
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Sorry missed your post, yes fix it ran ok.
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1

Please re-open OTL

  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

Posted Image

  • At the top of the console click the greyed out None button.<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section, click the Use Safelist button.<---Very Important
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open a notepad window, Extras.Txt. It is saved in the same location as OTL.


Step 2.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

Then at the prompt type: sfc /scannow

Notice: Leave a single space between sfc and /scannow.


Then press Enter and it will run. Once it completes please make note of any message and post it here.

Then reboot into Normal Mode.


Step 3.

  • Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
    Posted Image
  • Copy the line below and paste it at the command prompt. Then press Enter

    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt
  • The file sfcdetails.txt will now be on your desktop. Please open it , Edit | select all | copy and paste it in your next reply.


Step 4.

Please post:

  • Extras.txt
  • sfcdetails.txt

  • 0

#14
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
when I try and do the sfc /scannow command it starts then says there is a scan pending and the system needs to reboot. I tried rebooting and entering command again but it does the same thing. I have the extras txt here, but the sfcdetails.txt are blank.

OTL Extras logfile created on: 05/10/2013 10:26:15 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.90 Gb Total Physical Memory | 4.82 Gb Available Physical Memory | 61.06% Memory free
15.79 Gb Paging File | 12.17 Gb Available in Paging File | 77.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 63.81 Gb Free Space | 9.40% Space Free | Partition Type: NTFS

Computer Name: DOM-PC | User Name: Dom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FAC9A3-77B7-494D-A82A-779529352687}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{16948674-243F-4DF2-BE96-8E57409113E3}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{1AFAD3CE-97A9-4591-9645-0087EA451188}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BB9F362-FDFE-4E1A-B14F-84E76A988EDE}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{1E98B065-769F-496A-8148-6D9773813978}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2FE6ECEC-3B64-47F7-B705-8228471DA2BF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{351C1F51-6C49-4F9C-9129-0E7DEC21895F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AF405C9-B0CD-487B-A380-9D3F1724091F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4ACDB59B-00A3-4ECE-905F-1B86AD78ED8C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{52BDE5CA-3A95-41B5-AB83-DA220A3DCAB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54E72286-7DFD-4DEA-985F-372233099673}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{559012B9-2F65-49EE-BA8E-87222D2B076A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5740240E-647C-4AA1-A35A-01B1B28F4AA7}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A4F689E-29B1-4F8B-BA46-17DDCF455C11}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{5BC2F5D3-C807-4071-9055-BCC6DC5F4B72}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{5CB53503-9D56-4B62-BA8A-00896273B808}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5D6125D6-8458-4566-8FA3-79CFEBDE5C15}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{6549B626-43AC-4F79-B0BF-F9614C93E4EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67B7CAD3-EC1A-4DF5-B116-84C5A5E0BD2A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6C9A5F13-7640-4B3D-81B8-D31E0D980355}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E3FEAB1-2BE5-43A5-8F2A-AEE860AEDF17}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F0BA0CF-4FAE-4088-B216-A3423C47E1B3}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{75DBD98D-8D3B-48C5-9FD3-9AFAE191D369}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77C52890-9803-4F83-9549-24CEB536FA6E}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{77E23E78-C7F2-4AB4-92BE-C1E322D1816D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78FC8386-0157-416E-A451-85F531BC2317}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7F41D9F4-EBB8-4B96-83DB-D43D36127DA3}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{8090811A-6165-4BC6-8A40-A130B1DA59A0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{80CEF5CF-CDC5-42B7-BC43-E8339D33AF2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84B66C46-B3A3-4319-AA16-600D89F5A77C}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{882EC1F0-CF70-49B1-8438-105618E1162F}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{8A9CD82D-F556-436F-BADD-F2974E029D8F}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8AB0D6E7-4329-4036-9146-95549AE31956}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8CCB52D2-5574-4E82-BCD3-D133FEE6C183}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{921243DC-502E-4BC2-BD18-58646BDF74ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9277EACE-58EF-4627-B25C-CA79D41624E7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{92F9A901-26B8-4A85-B0BA-6BABECAA9CAB}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{937FD897-6A08-4C1C-B918-7192A605DA2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95EA198E-2E47-43F3-BDC5-9D20E344C607}" = lport=2869 | protocol=6 | dir=in | app=system |
"{987C116E-A1DF-4817-97A5-036A65D7499C}" = rport=139 | protocol=6 | dir=out | app=system |
"{9EB2FD7A-25E4-4798-9885-C9C7D50E285F}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F3D130E-456C-4C9B-9056-16A092626549}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9F8A585B-2D5D-46BE-9B1F-CCA5F887A21B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4BA53BC-1080-4486-BAF5-533A673642EA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AA648291-ECBE-4365-AF07-881FB96C32BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AEBD01A8-F2BE-4B9D-ACA8-C8F155CA9EAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFC76C36-2CCC-45E1-BA00-359FF8F02CC0}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{BAF591A2-141D-4C5C-AEC7-7F0A8DF090B1}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{BBD6F30C-9422-4C7D-B9B6-4592624BC088}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BBDAA415-3900-46BC-9BEC-7A501886BD8A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5B89B53-76CC-438D-AC34-8B6AE8BE054D}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{C6A501DF-CFB2-4CA4-A830-80E7206531DC}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{CB0BD7DB-A116-416C-917B-FBF371102F6D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E349AE30-1895-4B7D-9957-E3052C045665}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E3E8E1ED-3F11-42AD-92D6-6D4B4CA4EC02}" = rport=137 | protocol=17 | dir=out | app=system |
"{EAA3994C-A895-4CF0-8C15-C41C05920103}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED58A920-CB7D-4F82-9DBB-D4E6B1FDBB4D}" = rport=138 | protocol=17 | dir=out | app=system |
"{F3173AEB-1E79-425E-AAF4-FF9D0E9B9660}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F68DC7BB-8FC6-4FF6-8B07-E74CC055D1A7}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{F7F3DBE5-AD59-4BD5-9540-640865A37E02}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015845CE-B197-4267-BFFF-460D2E35AEC5}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{0667A119-66B6-4C7B-91B6-DF082CD8ECDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{09BDCF88-2442-49D4-A257-EEB9AA3D7E56}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe |
"{0A9B40CC-28CC-4241-B59B-BCEE03700609}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{0B256BE8-B8FC-4895-A00E-2FA3424BD65B}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.18\allshareframeworkdms.exe |
"{0C1499B0-0A78-457C-AB99-F8CB7E3AA27E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0D13A4DB-1651-4D92-84BD-08B814BB25AD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{0FE16AA7-26AF-4F3C-B3FD-056FD1D513EA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{10EC42A8-044D-4EA2-B255-99906B9FC154}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1306D871-4F4A-4BFF-9E04-B91129E4A228}" = protocol=6 | dir=in | app=c:\users\dom\appdata\roaming\dropbox\bin\dropbox.exe |
"{16A75D84-BC41-480B-AB16-64D07524EF2E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{19A15B27-3A2C-4B10-800C-E05DCBBBDABE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1A16C07E-5779-455D-98CD-25A50598CDB9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{228FBEF6-7759-4B68-9015-FA87A20CF837}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{229B61AE-4199-4CBF-AF58-89F74D3D3395}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25F148DD-0DAE-4BE5-A9B9-91661DC011AA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2656838E-1BA1-4824-AEAC-0F76EF0E2DAE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{29873FC0-14B7-4D93-85F0-F4A48F53557C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B1F21F8-3011-4014-8285-886235A59D82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{2EF4AF99-4577-424E-BF87-B27CECCCBEFD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2F6D8D5F-35DF-4E45-8368-F043D40A1D87}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{3087F991-9BA5-44DD-9064-3112285A9D80}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{32190B31-2BA1-4892-B0F2-51E40B39F89E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{36117D60-F460-4C61-81D4-8937F7DA5860}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{36732A59-721E-4096-9519-EE929B54FA17}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{367A24A3-B78E-4704-B59D-DF1095B5D9DE}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{37C331A4-216C-411C-A457-1DDDD3763728}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{3BC4D595-FDB6-4062-9919-4D75ECF1C76F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3D177D86-B94B-48A8-AEE6-C6BCD257C76E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{40C2B689-826B-450A-B9B5-B24206643282}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.18\allshareframeworkdms.exe |
"{41C025FE-38A8-4611-9946-F53DEBA4CA73}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{45C8B983-E567-4720-83F1-1419965865B6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\driver san francisco\driver.exe |
"{48525430-766F-4215-B537-9A957A08D08B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{499C2EAC-1256-4C46-976B-1979DF4753AA}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{4A1CE751-4274-4ACC-BFF9-AA0C9F8406AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5133F3F9-5FEA-44A8-B974-1A8369C6DE11}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{51452490-4CAC-481F-B3DC-73557E92C9EA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{54A6405A-5315-4B33-8F9A-401E35219D72}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{54CE24B9-5AF9-44BE-BCCB-9057B60E5E50}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.14\allshareframeworkdms.exe |
"{5593FDDC-149B-494F-94C5-2688F2E3178B}" = protocol=17 | dir=in | app=c:\users\dom\appdata\roaming\dropbox\bin\dropbox.exe |
"{59FFD19A-4F18-4B7C-9662-B3F39848611D}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{5FE6AC8C-2A04-4752-B565-D0A0B5E9E0CC}" = protocol=58 | dir=in | [email protected],-148 |
"{60D804A5-A3A6-49A0-B0C8-0D80DAD1C275}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6139C6E7-F532-4EF4-8982-B1990B6DD872}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{61C1016E-2867-46E2-943C-5A18E4A53557}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{627526CC-6030-4687-9623-9E722BCD1FFB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{632AC9F6-B50C-443C-8DBB-F51510D6EB30}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{65052FDE-1EF5-4752-9955-DDBB46997DEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67EEC270-2370-4665-84AA-EDD37D234F3D}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.15\allshareframeworkdms.exe |
"{6A00DAAE-6E35-4A81-A0BE-E54E08D9DC65}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6BE1E433-494F-4F7B-85D9-8DCC9193592B}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{700797FE-5F93-4937-85FC-65207B141667}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{7255BC42-79B0-4192-A7AA-4D68154A2990}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.17\allshareframeworkdms.exe |
"{75A9DF66-6386-4D1C-82A2-07328C9C8BE2}" = protocol=58 | dir=out | [email protected],-28546 |
"{77C4FD21-F479-406D-B125-DD1E8D566E1E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{780B904E-BFE7-4E7A-B603-108144C29BFD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{7EA39182-6B6F-4F27-81E8-BEFDFFF96631}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe |
"{7ED9675D-A122-487A-84E1-D71F2BE2908B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7F3D41EA-0AE4-47B4-910A-62829316F665}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.14\allshareframeworkdms.exe |
"{822C774F-A9A7-4F35-A8F4-9149A27D74CD}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.18\allshareframeworkdms.exe |
"{823DA1CE-7EE6-4FC1-9ED6-C4F4E681C527}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{831E684A-7A6C-4C7E-825C-0C3760952970}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{84366393-FFFD-480E-B225-CF911C8EAEFF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\driver san francisco\driver.exe |
"{86006F59-BBFF-4F41-A5D6-088D12016A47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B16024C-DDB6-49A0-A6EB-21CC241CF708}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8DEBF4AE-180A-466D-919F-89B75E4B54E0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8EA04952-188A-46FB-9FEB-4DAF17E200D6}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.15\allshareframeworkdms.exe |
"{92EE9383-018D-41D9-B950-7E933F944BA3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{98F49D8C-0E6C-4222-994A-8FD6B8E397AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B9116B8-AFB1-4A67-A045-C826BC5550FF}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{A27902E8-A519-4D6E-95C6-FA020CDDCFAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A2921152-952E-4ABD-B095-416748F176EC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A4193444-02A7-47D4-AB0F-A25941DA6412}" = protocol=6 | dir=out | app=system |
"{A525BEE1-3563-4795-B885-2945F3F677FB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AAC52DE3-253E-41C2-BA0C-971CFC9C2224}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{AACAF845-CB9B-412A-B20F-E593E4A2AAE4}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{ACC4D83B-FED4-437A-B4E3-3B608A88C42C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{AE11992D-AE30-496F-94B6-4A2A9A34A4B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE455179-4998-45E7-8DB5-12D6055A7B06}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AF5BBD65-7A18-45D5-BF3B-C76A5697CDBA}" = protocol=1 | dir=out | [email protected],-28544 |
"{B0521CDA-2657-4C4F-9F34-D2C8FA66A9F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{B14AE39C-9A56-4DC1-BFB1-58420FE5A27C}" = protocol=58 | dir=in | [email protected],-28545 |
"{B1E5FFB6-5EB1-4071-A89C-2732685BE317}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5883832-E300-4E17-916F-E67B07E88985}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B97858D9-8F3B-4DFE-AFF7-E94E7AA5D30D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BDA79BFC-890A-4668-85B0-873559964826}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{C47FA01D-4074-483C-8CD1-653CB466CC53}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{C9B15F2F-266C-46A6-BDE8-981A8DF93027}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA4518DA-8E30-4744-8592-D38C97E4A38B}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{CB012EC4-76E1-48B8-BC78-3CB5D2774073}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CB068174-3089-44EE-8663-176C15DFC6AF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CD5E2C1A-2DC6-409C-9446-7A15A7691AD5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{CDD6B746-6C13-4319-8FCE-9A9E0CD42C54}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.17\allshareframeworkdms.exe |
"{CFF20E1A-FD76-42AA-AED1-5CF6E998425C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{D385A7F3-2358-41CD-8CD3-5809D31DC56D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D61C26C2-C101-4024-9ACA-AF39DAAC5C1D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{DB8FDDD2-8C27-4001-A07B-B0113A615717}" = protocol=1 | dir=in | [email protected],-28543 |
"{E0217C05-467A-4650-9271-FD0EEA76035B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E05C5A81-E20C-47B1-A4A6-90389BB48F0F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E14427D0-5E52-4C81-A2EA-45BC936E1550}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe |
"{E46D0A33-A96A-43B3-8D0B-880767C8C54E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{E62EEBE8-A4C0-4AF8-86A8-06C1F2785098}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{E6FA9953-AFDC-41B8-9729-C0AB3E72EF01}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{E7329A94-68A9-44E5-BBD1-AABC1B3846AD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{E7B4C7F6-6E8C-4EB6-9A6E-9FAA15F1ED30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB0D03F0-E1D2-4DCB-A068-FECA3083092C}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{EDD833B5-C5E4-4467-A21C-B31F26071BAC}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.18\allshareframeworkdms.exe |
"{EE51C5B9-8F99-4185-9334-D1EB9111CEAC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EF158FA5-46A2-44DE-9475-2105AE657DF8}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{EF9C0799-2166-4478-90DE-EE47A8A7376D}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{F04B5C9D-23DF-4BE2-857A-B064FEAAE562}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{F13BEDA1-0F60-40A7-A64F-2B654C93B8FF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{F3077A65-F997-49B2-81D3-E10828B03445}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\driver san francisco\driver.exe |
"{F3AFE476-8989-4B46-B8AA-11AC2C7612FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6DD516F-E01E-4DF2-99E2-B816156EBCF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7B9B922-9F8B-4377-896F-436982FDCEB0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FBFF9941-D3A7-4847-ABC9-86C5A2BCE366}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\driver san francisco\driver.exe |
"{FD070657-895C-47C2-8749-29E7A0F7D650}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0C8FEF49-71F9-487F-BB31-EF09E5C76011}C:\users\dom\appdata\local\microsoft\windows\temporary internet files\content.ie5\0cn118mp\tinyumbrella-6.13.00.exe" = protocol=6 | dir=in | app=c:\users\dom\appdata\local\microsoft\windows\temporary internet files\content.ie5\0cn118mp\tinyumbrella-6.13.00.exe |
"TCP Query User{23A75F18-3648-460C-A0BA-3FB22AA92A60}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{761270E1-467D-4ED7-93C7-863AD299926F}C:\program files (x86)\company of heroes 2\reliccoh2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\company of heroes 2\reliccoh2.exe |
"TCP Query User{84221DC6-5DC7-4FF7-9F88-83CBE1D016FB}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{9A37EE98-A0BA-4359-9BC8-929853771ADE}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"TCP Query User{9F74B47F-8E8E-45C9-917D-45CE3F63CBC0}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"TCP Query User{B0FD36E0-B4A3-4DE1-A776-0B2F2BB1FAAB}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe |
"TCP Query User{C2879D58-C900-42AC-82FF-8CECD6B524FF}C:\program files (x86)\far cry 2 fortunes edition\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\far cry 2 fortunes edition\bin\farcry2.exe |
"TCP Query User{CE8840D4-50A8-4AEA-AAAE-132CC427BFAE}C:\users\dom\desktop\downloads\fifa 13 =fifa soccer 13= pc full game ^^nosteam^^\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=c:\users\dom\desktop\downloads\fifa 13 =fifa soccer 13= pc full game ^^nosteam^^\fifa 13\game\fifa13.exe |
"UDP Query User{2DAD80A3-166A-4724-9A79-8789F0A4AD6D}C:\program files (x86)\far cry 2 fortunes edition\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\far cry 2 fortunes edition\bin\farcry2.exe |
"UDP Query User{326E9AEE-3B32-4A04-A5FE-E5E98FCEE538}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{33BFE08D-2722-4EC5-9C2D-7AB8F5010752}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{81672DDA-37A2-4283-BC05-81FAF9C9663F}C:\users\dom\appdata\local\microsoft\windows\temporary internet files\content.ie5\0cn118mp\tinyumbrella-6.13.00.exe" = protocol=17 | dir=in | app=c:\users\dom\appdata\local\microsoft\windows\temporary internet files\content.ie5\0cn118mp\tinyumbrella-6.13.00.exe |
"UDP Query User{82D1B94E-BACF-4FA2-95FB-B8A81C822413}C:\users\dom\desktop\downloads\fifa 13 =fifa soccer 13= pc full game ^^nosteam^^\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=c:\users\dom\desktop\downloads\fifa 13 =fifa soccer 13= pc full game ^^nosteam^^\fifa 13\game\fifa13.exe |
"UDP Query User{B0965329-0E3D-4F67-B5CE-356189948136}C:\program files (x86)\company of heroes 2\reliccoh2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\company of heroes 2\reliccoh2.exe |
"UDP Query User{B99AA8FD-B7E4-416B-81C4-1C956AE9B79D}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{C1912C27-A049-49C6-BFF6-F06F2B7848D4}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{E5FE6515-6FB3-4868-B745-9BE466C6F92A}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series" = Canon MG2200 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit)
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{2EA43D50-131A-44DE-A678-47F6D572AB30}" = AVG 2014
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B1977BE-7B68-458C-9638-03672C1A15A9}" = AVG 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel® PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"AVG" = AVG 2014
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MouseSuite98" = Mouse Suite
"NETGATE Registry Cleaner_is1" = NETGATE Registry Cleaner
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01070EBF-D92B-4E09-8A5C-F33CE8B9D9D5}" = Blio
"{072A5217-8165-4AB7-8366-36CB3245DB60}" = OpenVPN Client
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}" = Dell Stage Remote
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38676C9C-270F-43D1-926A-E45DE8820A6B}" = BlackBerry Device Software Updater
"{387A7BC7-577B-4FC9-8337-4DB8F7D34E55}" = MotoGP™13
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B784CE7-7CDB-4AF1-B636-2DC3EA51EA87}" = MotoGP™13
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760B0129-EA57-42A0-8628-7B5ADF8B66EA}" = Dell MusicStage
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC16F299-6399-4350-B0C6-36F646473958}" = PHOTOfunSTUDIO 8.1 AE
"{FC45E4D6-FEA5-4091-B172-4351D130C2E1}" = Dell Stage
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Ad Muncher" = Ad Muncher v4.93.33707
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AVerMedia H339 Hybrid TV Tuner" = AVerMedia H339 Hybrid TV Tuner 2.2.64.64
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Canon MG2200 series On-screen Manual" = Canon MG2200 series On-screen Manual
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Dell Webcam Central" = Dell Webcam Central
"Driver San Francisco" = Driver San Francisco
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GOGPACKOMERTA_is1" = Omerta - City of Gangsters
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.0.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PremElem90" = Adobe Premiere Elements 9
"ProInst" = Intel PROSet Wireless
"Q29tcGFueW9mSGVyb2VzMg==_is1" = Company of Heroes 2
"Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1" = Call of Juarez Gunslinger © Ubisoft version 1
"R1JJRDI=_is1" = GRID 2 © Codemasters version 1
"tixati" = Tixati
"VirtualCloneDrive" = VirtualCloneDrive
"Viscom Store RMVB Converter_is1" = Viscom Store RMVB Converter
"VLC media player" = VLC media player 2.0.8
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/10/2013 15:54:37 | Computer Name = Dom-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: rastapi.DLL_unloaded, version: 0.0.0.0,
time stamp: 0x4a5be041 Exception code: 0xc0000005 Fault offset: 0x000007fef31300e4
Faulting
process id: 0x6bc Faulting application start time: 0x01cec10ce9dcebdf Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: rastapi.DLL Report Id:
cbb67b8c-2d2e-11e3-852f-848f69c42f15

Error - 04/10/2013 15:56:37 | Computer Name = Dom-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/10/2013 16:29:16 | Computer Name = Dom-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : BeginFileEnumeration() failed.

System
Error: The parameter is incorrect. .

Error - 04/10/2013 16:29:17 | Computer Name = Dom-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : BeginFileEnumeration() failed.

System
Error: The parameter is incorrect. .

Error - 04/10/2013 16:34:46 | Computer Name = Dom-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : BeginFileEnumeration() failed.

System
Error: The parameter is incorrect. .

Error - 04/10/2013 16:37:13 | Computer Name = Dom-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/10/2013 17:03:54 | Computer Name = Dom-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : BeginFileEnumeration() failed.

System
Error: The parameter is incorrect. .

Error - 04/10/2013 17:03:54 | Computer Name = Dom-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : BeginFileEnumeration() failed.

System
Error: The parameter is incorrect. .

Error - 04/10/2013 17:03:58 | Computer Name = Dom-PC | Source = MsiInstaller | ID = 11714
Description =

Error - 04/10/2013 17:03:58 | Computer Name = Dom-PC | Source = MsiInstaller | ID = 11714
Description =

[ System Events ]
Error - 04/10/2013 16:37:25 | Computer Name = Dom-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 04/10/2013 16:39:27 | Computer Name = Dom-PC | Source = WMPNetworkSvc | ID = 866297
Description =

Error - 04/10/2013 16:39:26 | Computer Name = Dom-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 04/10/2013 16:39:26 | Computer Name = Dom-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 04/10/2013 17:08:38 | Computer Name = Dom-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003,
Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217).

Error - 04/10/2013 17:09:01 | Computer Name = Dom-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows
Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008
R2 for x64-based Systems (KB2533523).

Error - 04/10/2013 17:12:31 | Computer Name = Dom-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003,
Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939).

Error - 04/10/2013 17:15:07 | Computer Name = Dom-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351).

Error - 04/10/2013 17:22:22 | Computer Name = Dom-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows
Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008
R2 for x64-based Systems (KB2468871).

Error - 04/10/2013 17:22:22 | Computer Name = Dom-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack
1 Redistributable Package (KB2538243).


< End of report >
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thanks for the log. We will deal with the sfc issue later :thumbsup:




Step 1.



Open MalwareBytes'
  • Click the Update tab and then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP