Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet Explorer Completely Unresponsive (Win7) [Closed]

Started by jsound19 , Oct 31 2013 03:51 PM

This topic is locked

#1
jsound19

Posted 31 October 2013 - 03:51 PM

Member

Member
22 posts

Hi, I recently started having an issue where my Internet Explorer basically stopped working. It opens up fine but then when it's loading up the homepage (Which is Google), it just loads up a blank white page and none of the buttons respond when I click on them and when i type a url into the bar it doesn't do anything. Everything else on my computer is fine, (I use Google Chrome mostly, but I share this computer with family) and MBAM, ADWcleaner, JRT, TDSS Killer, SAS , and RogueKiller all detect nothing wrong with my computer. Below is my OTL log

OTL logfile created on: 10/31/2013 5:05:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.86% Memory free
8.00 Gb Paging File | 5.46 Gb Available in Paging File | 68.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 24.83 Gb Free Space | 12.72% Space Free | Partition Type: NTFS
Drive D: | 37.57 Gb Total Space | 13.94 Gb Free Space | 37.10% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/31 17:04:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/10/11 13:08:31 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/08 20:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/25 12:03:13 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/05/23 07:32:08 | 000,632,352 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
PRC - [2013/04/13 10:57:40 | 000,020,608 | ---- | M] (Mr. John aka japamd) -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/18 10:17:36 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\USADISK\WEBHARD_Agent.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2012/02/23 06:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/28 14:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/05/20 16:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/08 20:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 20:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 20:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 20:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 20:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 20:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2012/06/29 14:10:52 | 000,836,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\version.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/01 01:32:08 | 000,054,000 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/10/10 18:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2012/07/04 02:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/08/19 17:43:23 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/08 16:43:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 10:57:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/23 07:32:08 | 000,632,352 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013/04/13 10:57:40 | 000,020,608 | ---- | M] (Mr. John aka japamd) [Auto | Running] -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/18 10:17:36 | 000,150,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USADISK\WEBHARD_Agent.exe -- (USADISK_AGENT)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2012/02/23 06:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/21 16:40:56 | 000,578,264 | ---- | M] (Pandora.TV) [Disabled | Stopped] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2011/11/10 18:12:00 | 003,869,640 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/27 18:06:42 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/17 07:22:26 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2012/10/10 09:05:20 | 000,023,384 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/11 19:34:34 | 000,426,816 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akaiacv0u.sys -- (AKAI_ACV0_USB)
DRV:64bit: - [2012/07/11 19:34:34 | 000,055,104 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akaiacv0m.sys -- (AKAI_ACV0_MIDI)
DRV:64bit: - [2012/07/11 19:34:34 | 000,050,496 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akaiacv0a.sys -- (AKAI_ACV0_WDM)
DRV:64bit: - [2012/07/04 02:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/04 02:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 01:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/19 11:31:38 | 000,018,776 | ---- | M] (Focusrite Audio Engineering Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\automap.sys -- (automap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/28 13:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 13:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 13:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 13:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 13:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 13:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/11/14 23:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/05 12:46:36 | 000,053,080 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV:64bit: - [2011/08/02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/13 23:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/04 22:22:30 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/05/20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009/12/30 12:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/08 15:31:26 | 000,062,960 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h648103.sys -- (h648103)
DRV:64bit: - [2008/08/08 15:31:22 | 000,065,776 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h648101.sys -- (h648101)
DRV:64bit: - [2008/08/08 15:31:20 | 000,063,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h647906.sys -- (h647906)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/08 15:31:18 | 000,043,192 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8101.sys -- (hid8101)
DRV - [2008/08/08 15:31:18 | 000,040,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8103.sys -- (hid8103)
DRV - [2008/08/08 15:31:16 | 000,041,272 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid7906.sys -- (hid7906)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 505352876
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 0B C3 D4 B0 AB CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:0.7.7
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.6
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {4de46b94-1b91-474a-9ae5-6074f86ef7e9}:6.0 PR1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\User\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\iloen.com/MelOnWebLinker: C:\Windows\system32\npMelOnWebLinker.dll (LOEN Entertainment)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/14 20:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/04 20:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/08 11:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013/10/28 21:05:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pm7nseln.default\extensions
[2012/11/11 19:52:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pm7nseln.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/08 11:33:52 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pm7nseln.default\extensions\[email protected]
[2012/11/11 19:14:59 | 000,342,379 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pm7nseln.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/01/27 21:39:47 | 000,020,066 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pm7nseln.default\extensions\{4de46b94-1b91-474a-9ae5-6074f86ef7e9}.xpi
[2012/09/08 11:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\User\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.66_0\
CHR - Extension: XKit = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.2.3_0\
CHR - Extension: AdBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Savevid = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liibpejlpebkfpddljfpipkpjhphifon\1.0_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/05 12:42:34 | 000,001,306 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost127.0.0.1 65.52.240.48
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Ultra Agent] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D886696-C7CE-11D3-A175-08002BF17507} http://www.digimonrp.../digimonrpg.cab (DigimonRpg)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4E60FDC9-25C0-425F-B72B-04347474CFC4} http://conting.sbs.c...ice/Conting.CAB (Conting_S Down Control)
O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} http://bgweb.nowcdn....ownStarter2.cab (DownStarter2 Control)
O16 - DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} http://cdn.usadisk.c.../USAControl.CAB (USADISK File Share Control 5)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD6D630F-0ADA-4260-AB93-37846E3F6B0E}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C295CDD5-58B1-49E5-A481-8E779D04D3D9}: DhcpNameServer = 172.18.145.103 172.18.145.103
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/12 12:46:34 | 000,000,000 | ---- | M] () - C:\AutomapClients.ini -- [ NTFS ]
O32 - AutoRun File - [2012/07/27 11:14:09 | 000,000,052 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/29 17:25:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/10/29 17:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/10/29 17:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2013/10/28 20:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/28 20:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/28 20:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/28 20:41:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/27 18:09:50 | 000,000,000 | ---D | C] -- C:\Windows\System32 (if 32bit) or SYSWOW64 (if 64bit)
[2013/10/26 21:44:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/26 21:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Exploit
[2013/10/26 19:39:42 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\cuban_data
[2013/10/24 23:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SKT Sync 3.0
[2013/10/24 23:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MelOn Player4
[2013/10/24 17:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/24 17:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/24 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/24 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/24 17:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/23 07:48:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (2)
[2013/10/19 12:30:15 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Update MPC Renaissance v1.10
[2013/10/11 18:31:11 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Hex on Steroids
[2013/10/11 17:53:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\HoS
[2013/10/11 17:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
[2013/10/11 17:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3
[2013/10/09 23:31:26 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\[폰트글꼴] 365일 예쁘고 귀여운 폰트만 골라서 쓰자!
[2013/10/02 16:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports
[2013/10/02 16:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Sports
[2013/10/01 22:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akai
[2013/10/01 18:56:07 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\beats
[2013/10/01 18:55:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\covers
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/31 17:13:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/31 16:55:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1615976838-929692116-233931786-1000UA.job
[2013/10/31 16:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 13:55:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1615976838-929692116-233931786-1000Core.job
[2013/10/31 13:13:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/31 10:38:07 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 10:38:07 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 10:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/31 10:23:03 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/29 18:17:02 | 001,349,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/29 18:17:02 | 000,664,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/29 18:17:02 | 000,435,152 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013/10/29 18:17:02 | 000,126,444 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/29 18:17:02 | 000,124,858 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013/10/29 17:25:16 | 000,001,834 | ---- | M] () -- C:\Users\User\Desktop\MagicISO.lnk
[2013/10/28 22:33:08 | 000,094,701 | ---- | M] () -- C:\Users\User\Desktop\3625949,kvz5B0iIixqOzzGcWAtS+cW8UVoxluE9Uq4XDZzFtR7+bsT8v0bsz97YNMpZjdFIFf64r05UZM+AMCu5TrPlsw==.jpg
[2013/10/26 19:23:20 | 021,409,122 | ---- | M] () -- C:\Users\User\Desktop\1165601865.mp3
[2013/10/25 21:38:18 | 000,001,456 | ---- | M] () -- C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/10/23 08:14:44 | 450,817,715 | ---- | M] () -- C:\Users\User\Desktop\New folder (2).zip
[2013/10/19 18:57:38 | 000,051,460 | ---- | M] () -- C:\Users\User\Desktop\tumblr_muxrfp8QHX1qlu8tno1_500.jpg
[2013/10/19 12:56:36 | 001,915,882 | ---- | M] () -- C:\Users\User\Desktop\Idol - '71 Same (--).wav
[2013/10/19 11:11:14 | 000,966,649 | ---- | M] () -- C:\Users\User\Desktop\Untitled.png
[2013/10/11 08:57:59 | 902,859,644 | ---- | M] () -- C:\Users\User\Desktop\SMoKE Patch v0.2.exe
[2013/10/11 07:52:12 | 005,587,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 23:57:28 | 001,336,678 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 20:29:14 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/10/06 15:09:56 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2013/10/06 15:06:04 | 000,009,728 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/29 17:25:16 | 000,001,834 | ---- | C] () -- C:\Users\User\Desktop\MagicISO.lnk
[2013/10/28 22:33:07 | 000,094,701 | ---- | C] () -- C:\Users\User\Desktop\3625949,kvz5B0iIixqOzzGcWAtS+cW8UVoxluE9Uq4XDZzFtR7+bsT8v0bsz97YNMpZjdFIFf64r05UZM+AMCu5TrPlsw==.jpg
[2013/10/26 19:14:29 | 021,409,122 | ---- | C] () -- C:\Users\User\Desktop\1165601865.mp3
[2013/10/23 08:14:18 | 450,817,715 | ---- | C] () -- C:\Users\User\Desktop\New folder (2).zip
[2013/10/19 18:57:37 | 000,051,460 | ---- | C] () -- C:\Users\User\Desktop\tumblr_muxrfp8QHX1qlu8tno1_500.jpg
[2013/10/19 12:54:18 | 001,915,882 | ---- | C] () -- C:\Users\User\Desktop\Idol - '71 Same (--).wav
[2013/10/19 11:11:14 | 000,966,649 | ---- | C] () -- C:\Users\User\Desktop\Untitled.png
[2013/10/12 17:06:05 | 902,859,644 | ---- | C] () -- C:\Users\User\Desktop\SMoKE Patch v0.2.exe
[2013/10/06 15:09:56 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013/07/25 13:25:31 | 000,007,606 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/05/16 14:38:24 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2013/05/06 18:17:45 | 000,001,456 | ---- | C] () -- C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/05/06 18:00:25 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/04/18 13:34:44 | 000,000,311 | ---- | C] () -- C:\Windows\game.ini
[2013/04/07 15:16:37 | 000,000,085 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013/03/29 13:57:20 | 000,332,800 | ---- | C] () -- C:\Windows\wget.exe
[2013/03/29 13:57:20 | 000,167,936 | ---- | C] () -- C:\Windows\unzip.exe
[2013/03/12 16:29:56 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/01/07 20:24:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/07 20:24:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/07 20:24:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/07 20:24:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/07 20:24:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/11/28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/11/28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/11/28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/11/04 21:33:18 | 000,009,728 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/02 16:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012/05/25 23:58:38 | 000,196,648 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/25 23:03:08 | 001,336,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/17 17:17:49 | 000,054,000 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2012/05/15 17:19:59 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/05/13 15:30:10 | 000,000,412 | ---- | C] () -- C:\Users\User\.gta_sa_savegame_editor
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/02 23:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/18 13:28:06 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011/12/04 21:55:42 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2011/11/25 18:34:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2013/04/15 10:42:31 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$319f2830918ad7ccbb3c835ec2569aae\@
[2013/04/15 10:42:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$319f2830918ad7ccbb3c835ec2569aae\L
[2013/04/15 10:42:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$319f2830918ad7ccbb3c835ec2569aae\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/02 18:20:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\2K Sports
[2013/07/12 13:25:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ableton
[2011/11/27 20:43:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\acccore
[2013/05/24 23:49:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Activision
[2013/07/18 15:04:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Applied Acoustics Systems
[2013/10/26 21:09:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2013/05/16 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Avid
[2013/07/01 18:01:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\avidemux
[2013/10/05 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Celemony Software GmbH
[2013/06/27 18:10:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Ultra
[2012/04/09 15:57:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DiskAid
[2012/10/05 18:53:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2013/05/06 13:19:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlowStone
[2012/08/20 19:17:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Guitar Pro 6
[2013/05/06 13:20:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Image-Line
[2012/03/10 15:42:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ImgBurn
[2013/06/13 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012/04/17 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012/05/23 14:40:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2012/09/24 16:49:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mael
[2013/07/18 16:29:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Maize Sampler Player
[2013/10/26 21:08:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MPC
[2012/07/07 20:24:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MySQL
[2012/11/26 18:25:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NPLUTO Corporation
[2012/01/16 23:25:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ooVoo Details
[2012/04/07 11:31:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2013/05/16 22:32:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2012/05/17 17:19:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Proxifier
[2013/09/22 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RadeonPro
[2013/06/25 14:58:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RED MC
[2012/03/21 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\redsn0w
[2012/12/31 13:32:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2013/10/01 19:15:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2013/07/25 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/30 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Subversion
[2012/02/27 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2013/08/05 12:47:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TechSmith
[2011/11/25 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeraCopy
[2013/05/16 22:46:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trillium Lane
[2013/01/27 18:27:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2013/10/31 17:31:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2012/06/28 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VOWSoft
[2012/06/16 15:46:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1284 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:XbQQUIPlGZTWzIDn3cafB
@Alternate Data Stream - 1270 bytes -> C:\ProgramData\Microsoft:4gTmJMiVmjkGPeUEoEYQdT
@Alternate Data Stream - 1229 bytes -> C:\ProgramData\Microsoft:bTZdOjqGT3IWfbCUAL8yf5x
@Alternate Data Stream - 1214 bytes -> C:\ProgramData\Microsoft:MlqghYyX1vxg2WgdEYRw
@Alternate Data Stream - 1195 bytes -> C:\ProgramData\Microsoft:1NNujqqIKbQDEJweYPHy1d

< End of report >

#2
godawgs

Posted 07 November 2013 - 01:56 PM

Teacher

Retired Staff
8,228 posts

Hello jsound19, :wave:

Welcome to the forums!
:welcome:

. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

I'm afraid the news is not good. You have a variant of the ZeroAccess rootkit. And you also have an illegal or pirated copy of Adobe on the computer.

:alarm:

Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:

All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterward. If you decide to continue with the cleanup, please proceed with the following steps.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. That should be the C:\Users\User\Downloads folder. Please post the contents of that file.

Please also post the log file from the following scans that you ran:

MBAM
AdwCleaner
JRT
TDSS Killer
RogueKiller

#3
jsound19

Posted 08 November 2013 - 04:15 PM

Member

Topic Starter
Member
22 posts

I couldn't find the Extras.txt but here's the other logs:

MBAM
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.10.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
User :: USER-PC [administrator]

10/26/2013 10:07:52 AM
mbam-log-2013-10-26 (10-07-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230708
Time elapsed: 19 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ADWCleaner
# AdwCleaner v3.011 - Report created 08/11/2013 at 16:58:40
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v15.0.1 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pm7nseln.default\prefs.js ]

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1610 octets] - [26/10/2013 20:44:35]
AdwCleaner[R1].txt - [1011 octets] - [28/10/2013 19:23:42]
AdwCleaner[R2].txt - [1071 octets] - [08/11/2013 16:52:55]
AdwCleaner[S0].txt - [1697 octets] - [26/10/2013 20:46:39]
AdwCleaner[S1].txt - [994 octets] - [08/11/2013 16:58:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1053 octets] ##########

RK
RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 11/08/2013 16:59:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
::1 localhost127.0.0.1 65.52.240.48
127.0.0.1 activation.cloud.techsmith.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-00B4A0 ATA Device +++++
--- User ---
[MBR] cd388d1d69b263baa597218f9788a031
[BSP] 9efbe4f3adc7bc92c69fc5383d0c2eff : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409602048 | Size: 38471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 8b5089b0ea4593eac79a1ac6a76f7b68
[BSP] 13cb35b98e102fa225b1647af7af7d9d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11082013_165956.txt >>

JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Ultimate x64
Ran by User on 10/28/2013 Mon at 20:41:39.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{1F820560-8554-425D-AC3E-64967D5F6545}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{604B1A76-899C-4AA6-A546-EAEC718D5CAF}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{794838F9-182F-45FD-B9DD-BEFE6F7A813E}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{89635B8D-793E-4F96-BED2-C41B67C5F6F7}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{F66D9B8B-6D44-41E2-9CE4-0009592441B6}

~~~ FireFox

Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pm7nseln.default\extensions\staged
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pm7nseln.default\prefs.js

user_pref("xkit.x1cpostage", "//* VERSION 5.6 REV C **//\r\n//* TITLE One-Click Postage **//\r\n//* DEVELOPER STUDIOXENIX **//\r\n//* DESCRIPTION Reblog, queue or send posts t
user_pref("xkit.xclassicnew_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZ
user_pref("xkit.xfollowers", "//* VERSION 4.1 REV B **//\r\n//* INTERVAL 0 **//\r\n//* TITLE Follower Delta Checker **//\r\n//* DEVELOPER STUDIOXENIX **//\r\n//* DESCRIPTION C
user_pref("xkit.xfollowers_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG
user_pref("xkit.xgotodash", "//* VERSION 1.2 REV A **//\r\n//* TITLE Go-To-Dash **//\r\n//* DESCRIPTION Adds a button on peoples blogs that allows you to go back to that post
user_pref("xkit.xgotodash_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9
user_pref("xkit.xkit_installer", "//* VERSION 6.1 REV A **//\r\n// XKit Installer\r\n// Installs XKit. Loaded by bootstrapper.\r\n// © 2011 STUDIOXENIX.com\r\n\r\nvar instal
user_pref("xkit.xkit_log", "NaNxkit_init:Welcome to XKit.\nCopyright 2011 - 2012 STUDIOXENIX.\nVersion: 6.0 PR1\nRunning on: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0
user_pref("xkit.xkit_preferences", "//* VERSION 6.6 REV E **//\r\n//* INTERVAL 0 **//\r\n// XKit Preferences\r\n// Injects the preference panel to tumblr.\r\n// © 2011 STUDI
user_pref("xkit.xkit_required", "//* VERSION 6.0 REV C **//\r\n// XKit Required\r\n// Required images and text.\r\n// © 2011 - 2012 STUDIOXENIX.com\r\n\r\n\r\n/*!\r\n * jQue
user_pref("xkit.xmutualfollowers", "//* VERSION 1.0 REV B **//\r\n//* INTERVAL 0 **//\r\n//* TITLE Mutual Follower Checker **//\r\n//* DEVELOPER STUDIOXENIX **//\r\n//* DESCRI
user_pref("xkit.xmutualfollowers_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNv
user_pref("xkit.xnews_9IsPoweYV9_message", "Thanks for installing XKit 6! \r\nIf you have any suggestions or problems, please feel free to <a href=\"hxxp://xki
user_pref("xkit.xnews_9IsPoweYV9_read", "true");
user_pref("xkit.xnews_9IsPoweYV9_time", "30335134452");
user_pref("xkit.xnews_9IsPoweYV9_title", "Have suggestions?");
user_pref("xkit.xnews_items", ",0,9IsPoweYV9");
user_pref("xkit.xoldeheader_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZ
user_pref("xkit.xoldesidebar_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5h
user_pref("xkit.xpeh_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54
user_pref("xkit.xpreview_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9i
user_pref("xkit.xreblogyourself_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvb
user_pref("xkit.xreply_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pm7nseln.default\minidumps [2 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/28/2013 Mon at 21:08:23.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4
godawgs

Posted 08 November 2013 - 10:38 PM

Teacher

Retired Staff
8,228 posts

Please post the TDSSKiller log. You can find it at C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

#5
jsound19

Posted 08 November 2013 - 10:44 PM

Member

Topic Starter
Member
22 posts

23:43:24.0877 0x1168 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
23:43:26.0545 0x1168 ============================================================
23:43:26.0546 0x1168 Current date / time: 2013/11/08 23:43:26.0545
23:43:26.0546 0x1168 SystemInfo:
23:43:26.0546 0x1168
23:43:26.0546 0x1168 OS Version: 6.1.7601 ServicePack: 1.0
23:43:26.0546 0x1168 Product type: Workstation
23:43:26.0546 0x1168 ComputerName: USER-PC
23:43:26.0546 0x1168 UserName: User
23:43:26.0546 0x1168 Windows directory: C:\Windows
23:43:26.0546 0x1168 System windows directory: C:\Windows
23:43:26.0546 0x1168 Running under WOW64
23:43:26.0546 0x1168 Processor architecture: Intel x64
23:43:26.0546 0x1168 Number of processors: 2
23:43:26.0546 0x1168 Page size: 0x1000
23:43:26.0546 0x1168 Boot type: Normal boot
23:43:26.0546 0x1168 ============================================================
23:43:27.0379 0x1168 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
23:43:27.0385 0x1168 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:43:30.0488 0x1168 ============================================================
23:43:30.0488 0x1168 \Device\Harddisk0\DR0:
23:43:30.0512 0x1168 MBR partitions:
23:43:30.0512 0x1168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:43:30.0512 0x1168 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866E000
23:43:30.0512 0x1168 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x4B23800
23:43:30.0512 0x1168 \Device\Harddisk1\DR1:
23:43:30.0512 0x1168 MBR partitions:
23:43:30.0512 0x1168 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D31C1
23:43:30.0512 0x1168 ============================================================
23:43:30.0568 0x1168 C: <-> \Device\Harddisk0\DR0\Partition2
23:43:30.0606 0x1168 D: <-> \Device\Harddisk0\DR0\Partition3
23:43:30.0716 0x1168 G: <-> \Device\Harddisk1\DR1\Partition1
23:43:30.0716 0x1168 ============================================================
23:43:30.0717 0x1168 Initialize success
23:43:30.0717 0x1168 ============================================================

#6
godawgs

Posted 09 November 2013 - 10:20 AM

Teacher

Retired Staff
8,228 posts

Thanks. Let's get a current OTL log and also the Extras log.
The first thing I want you to do is move the OTL file from the C:\Users\User\Downloads folder to the desktop. To do that, open the C:\Users\User\Downloads folder, right click the OTL icon in the folder and click Copy. Next, go back to the desktop. Right click on a blank aera of the desktop and click Paste. This will put OTL on the dektop. You can now go back to the Downloade folder and delete the OTL icon and the OTL.txt file.

Question: Is the user name actually User or did you replace the user name with User when you posted the OTL log?

Posted Image

OTL Scan

1.
Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C

2.
Please open Posted Image

on the desktop. To do that:

Vista /7 users: right click the icon and click Run as Administrator.

Make sure all other windows are closed .

You will see a console like the one below:
At the top of the console, click the box beside Scan All Users and Include 64bit Scans
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section click the circle beside Use Safelist.<---Very Important
Click the box beside LOP Check and Purity Check
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
2. The Extras.txt log

#7
jsound19

Posted 09 November 2013 - 11:58 AM

Member

Topic Starter
Member
22 posts

The New OTL Log:
OTL logfile created on: 11/9/2013 12:37:28 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\New folder (3)
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 41.56% Memory free
8.00 Gb Paging File | 5.47 Gb Available in Paging File | 68.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 21.82 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive D: | 37.57 Gb Total Space | 10.45 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 931.41 Gb Total Space | 707.67 Gb Free Space | 75.98% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/09 12:35:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\New folder (3)\OTL.exe
PRC - [2013/10/11 12:08:31 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/25 11:03:13 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/05/23 06:32:08 | 000,632,352 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
PRC - [2013/04/21 20:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/18 09:17:36 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\USADISK\WEBHARD_Agent.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/18 00:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/06 22:44:12 | 007,091,200 | ---- | M] (The Audacity Team) -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\audacity.exe
PRC - [2010/05/20 15:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/08 19:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 19:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 19:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 19:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 19:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2012/06/29 13:10:52 | 000,836,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\version.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/01 00:32:08 | 000,054,000 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll
MOD - [2011/04/06 22:19:18 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Modules\mod-script-pipe.dll
MOD - [2011/04/04 10:07:32 | 000,943,345 | ---- | M] () -- C:\Program Files (x86)\Ffmpeg For Audacity\avformat-52.dll
MOD - [2011/04/04 10:07:14 | 006,682,635 | ---- | M] () -- C:\Program Files (x86)\Ffmpeg For Audacity\avcodec-52.dll
MOD - [2011/04/04 10:07:08 | 000,112,791 | ---- | M] () -- C:\Program Files (x86)\Ffmpeg For Audacity\avutil-50.dll
MOD - [2011/03/28 22:54:42 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\wxbase28u_net_vc_custom.dll
MOD - [2011/03/28 22:53:52 | 000,472,064 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\wxmsw28u_html_vc_custom.dll
MOD - [2011/03/28 22:52:04 | 000,678,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\wxmsw28u_adv_vc_custom.dll
MOD - [2011/03/28 22:47:48 | 002,782,720 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\wxmsw28u_core_vc_custom.dll
MOD - [2011/03/28 22:40:40 | 001,147,392 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\wxbase28u_vc_custom.dll
MOD - [2006/09/25 17:29:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\xfade_1915.dll
MOD - [2006/09/25 17:29:12 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\zm1_1428.dll
MOD - [2006/09/25 17:29:10 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\vynil_1905.dll
MOD - [2006/09/25 17:29:10 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\wave_terrain_1412.dll
MOD - [2006/09/25 17:29:10 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\valve_rect_1405.dll
MOD - [2006/09/25 17:29:10 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\valve_1209.dll
MOD - [2006/09/25 17:29:08 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\triple_para_1204.dll
MOD - [2006/09/25 17:29:08 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\svf_1214.dll
MOD - [2006/09/25 17:29:08 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\tape_delay_1211.dll
MOD - [2006/09/25 17:29:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\transient_1206.dll
MOD - [2006/09/25 17:29:06 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\sin_cos_1881.dll
MOD - [2006/09/25 17:29:06 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\surround_encoder_1401.dll
MOD - [2006/09/25 17:29:06 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\smooth_decimate_1414.dll
MOD - [2006/09/25 17:29:06 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\step_muxer_1212.dll
MOD - [2006/09/25 17:29:06 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\split_1406.dll
MOD - [2006/09/25 17:29:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\single_para_1203.dll
MOD - [2006/09/25 17:29:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\se4_1883.dll
MOD - [2006/09/25 17:29:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\shaper_1187.dll
MOD - [2006/09/25 17:29:04 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\sifter_1210.dll
MOD - [2006/09/25 17:29:04 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\sinus_wavewrapper_1198.dll
MOD - [2006/09/25 17:29:02 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\sc4m_1916.dll
MOD - [2006/09/25 17:29:02 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\sc4_1882.dll
MOD - [2006/09/25 17:29:02 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\sc3_1427.dll
MOD - [2006/09/25 17:29:02 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\sc2_1426.dll
MOD - [2006/09/25 17:29:00 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\sc1_1425.dll
MOD - [2006/09/25 17:29:00 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\revdelay_1605.dll
MOD - [2006/09/25 17:29:00 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\satan_maximiser_1408.dll
MOD - [2006/09/25 17:29:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\ringmod_1188.dll
MOD - [2006/09/25 17:28:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\plate_1423.dll
MOD - [2006/09/25 17:28:58 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\pointer_cast_1910.dll
MOD - [2006/09/25 17:28:58 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\pitch_scale_1194.dll
MOD - [2006/09/25 17:28:58 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\retro_flange_1208.dll
MOD - [2006/09/25 17:28:58 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\rate_shifter_1417.dll
MOD - [2006/09/25 17:28:56 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\multivoice_chorus_1201.dll
MOD - [2006/09/25 17:28:56 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\notch_iir_1894.dll
MOD - [2006/09/25 17:28:56 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\phasers_1217.dll
MOD - [2006/09/25 17:28:56 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\pitch_scale_1193.dll
MOD - [2006/09/25 17:28:54 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\mbeq_1197.dll
MOD - [2006/09/25 17:28:54 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\mod_delay_1419.dll
MOD - [2006/09/25 17:28:48 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\matrix_st_ms_1420.dll
MOD - [2006/09/25 17:28:46 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\lcr_delay_1436.dll
MOD - [2006/09/25 17:28:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\lowpass_iir_1891.dll
MOD - [2006/09/25 17:28:46 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\ls_filter_1908.dll
MOD - [2006/09/25 17:28:46 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\matrix_spatialiser_1422.dll
MOD - [2006/09/25 17:28:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\matrix_ms_st_1421.dll
MOD - [2006/09/25 17:28:44 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\imp_1199.dll
MOD - [2006/09/25 17:28:44 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\karaoke_1409.dll
MOD - [2006/09/25 17:28:44 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\latency_1914.dll
MOD - [2006/09/25 17:28:44 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\inv_1429.dll
MOD - [2006/09/25 17:28:44 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\ladspa-util.dll
MOD - [2006/09/25 17:28:42 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\highpass_iir_1890.dll
MOD - [2006/09/25 17:28:42 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\hilbert_1440.dll
MOD - [2006/09/25 17:28:42 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\impulse_1885.dll
MOD - [2006/09/25 17:28:40 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\gverb_1216.dll
MOD - [2006/09/25 17:28:40 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\hard_limiter_1413.dll
MOD - [2006/09/25 17:28:40 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\harmonic_gen_1220.dll
MOD - [2006/09/25 17:28:38 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\gong_beater_1439.dll
MOD - [2006/09/25 17:28:38 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\gong_1424.dll
MOD - [2006/09/25 17:28:36 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\gate_1410.dll
MOD - [2006/09/25 17:28:36 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\giant_flange_1437.dll
MOD - [2006/09/25 17:28:36 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\freq_tracker_1418.dll
MOD - [2006/09/25 17:28:36 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\foverdrive_1196.dll
MOD - [2006/09/25 17:28:34 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\fast_lookahead_limiter_1913.dll
MOD - [2006/09/25 17:28:34 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\dyson_compress_1403.dll
MOD - [2006/09/25 17:28:34 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\fad_delay_1192.dll
MOD - [2006/09/25 17:28:34 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\flanger_1191.dll
MOD - [2006/09/25 17:28:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\foldover_1213.dll
MOD - [2006/09/25 17:28:32 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\dj_eq_1901.dll
MOD - [2006/09/25 17:28:32 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\dj_flanger_1438.dll
MOD - [2006/09/25 17:28:32 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\diode_1185.dll
MOD - [2006/09/25 17:28:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\divider_1186.dll
MOD - [2006/09/25 17:28:30 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\delayorama_1402.dll
MOD - [2006/09/25 17:28:30 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\delay_1898.dll
MOD - [2006/09/25 17:28:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\declip_1195.dll
MOD - [2006/09/25 17:28:28 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\decimator_1202.dll
MOD - [2006/09/25 17:28:28 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\decay_1886.dll
MOD - [2006/09/25 17:28:28 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\comb_splitter_1411.dll
MOD - [2006/09/25 17:28:28 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\dc_remove_1207.dll
MOD - [2006/09/25 17:28:28 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\crossover_dist_1404.dll
MOD - [2006/09/25 17:28:28 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\const_1909.dll
MOD - [2006/09/25 17:28:26 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\butterworth_1902.dll
MOD - [2006/09/25 17:28:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\comb_1887.dll
MOD - [2006/09/25 17:28:26 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\comb_1190.dll
MOD - [2006/09/25 17:28:26 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\chebstortion_1430.dll
MOD - [2006/09/25 17:28:24 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\bandpass_iir_1892.dll
MOD - [2006/09/25 17:28:24 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\bode_shifter_cv_1432.dll
MOD - [2006/09/25 17:28:24 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\bode_shifter_1431.dll
MOD - [2006/09/25 17:28:22 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\bandpass_a_iir_1893.dll
MOD - [2006/09/25 17:28:22 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\amp_1181.dll
MOD - [2006/09/25 17:28:22 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\allpass_1895.dll
MOD - [2006/09/25 17:28:22 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\am_pitchshift_1433.dll
MOD - [2006/09/25 17:28:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\alias_1407.dll
MOD - [2006/07/04 00:29:32 | 001,382,280 | ---- | M] () -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\Plug-Ins\libfftw3f-3.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/04 01:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/08/19 16:43:23 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/08 15:43:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 09:57:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/23 06:32:08 | 000,632,352 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013/04/13 09:57:40 | 000,020,608 | ---- | M] (Mr. John aka japamd) [Auto | Stopped] -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/18 09:17:36 | 000,150,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USADISK\WEBHARD_Agent.exe -- (USADISK_AGENT)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/18 00:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/21 15:40:56 | 000,578,264 | ---- | M] (Pandora.TV) [Disabled | Stopped] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2011/11/10 17:12:00 | 003,869,640 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/20 06:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 06:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/27 17:06:42 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/17 06:22:26 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2012/10/10 08:05:20 | 000,023,384 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/11 18:34:34 | 000,426,816 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akaiacv0u.sys -- (AKAI_ACV0_USB)
DRV:64bit: - [2012/07/11 18:34:34 | 000,055,104 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akaiacv0m.sys -- (AKAI_ACV0_MIDI)
DRV:64bit: - [2012/07/11 18:34:34 | 000,050,496 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akaiacv0a.sys -- (AKAI_ACV0_WDM)
DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/14 01:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/19 10:31:38 | 000,018,776 | ---- | M] (Focusrite Audio Engineering Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\automap.sys -- (automap)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/11/14 22:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/05 11:46:36 | 000,053,080 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/13 22:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/04 21:22:30 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/08 14:31:26 | 000,062,960 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h648103.sys -- (h648103)
DRV:64bit: - [2008/08/08 14:31:22 | 000,065,776 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h648101.sys -- (h648101)
DRV:64bit: - [2008/08/08 14:31:20 | 000,063,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h647906.sys -- (h647906)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/08 14:31:18 | 000,043,192 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8101.sys -- (hid8101)
DRV - [2008/08/08 14:31:18 | 000,040,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8103.sys -- (hid8103)
DRV - [2008/08/08 14:31:16 | 000,041,272 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid7906.sys -- (hid7906)
DRV - [2005/01/03 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1615976838-929692116-233931786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 505352876
IE - HKU\S-1-5-21-1615976838-929692116-233931786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1615976838-929692116-233931786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1615976838-929692116-233931786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 0B C3 D4 B0 AB CC 01 [binary data]
IE - HKU\S-1-5-21-1615976838-929692116-233931786-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1615976838-929692116-233931786-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1615976838-929692116-233931786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1615976838-929692116-233931786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:0.7.7
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.6
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {4de46b94-1b91-474a-9ae5-6074f86ef7e9}:6.0 PR1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\User\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\iloen.com/MelOnWebLinker: C:\Windows\system32\npMelOnWebLinker.dll (LOEN Entertainment)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/14 19:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/04 19:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/08 10:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013/10/28 20:05:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pm7nseln.default\extensions
[2012/11/11 18:52:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pm7nseln.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/08 10:33:52 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pm7nseln.default\extensions\[email protected]
[2012/11/11 18:14:59 | 000,342,379 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pm7nseln.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/01/27 20:39:47 | 000,020,066 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pm7nseln.default\extensions\{4de46b94-1b91-474a-9ae5-6074f86ef7e9}.xpi
[2012/09/08 10:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\User\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_1\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.66_0\
CHR - Extension: XKit = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.2.3_0\
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Savevid = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liibpejlpebkfpddljfpipkpjhphifon\1.0_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/05 11:42:34 | 000,001,306 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost127.0.0.1 65.52.240.48
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1615976838-929692116-233931786-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-1615976838-929692116-233931786-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1615976838-929692116-233931786-1000..\Run: [DAEMON Tools Ultra Agent] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1615976838-929692116-233931786-1000..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1615976838-929692116-233931786-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1615976838-929692116-233931786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1615976838-929692116-233931786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1615976838-929692116-233931786-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1615976838-929692116-233931786-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1615976838-929692116-233931786-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1615976838-929692116-233931786-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D886696-C7CE-11D3-A175-08002BF17507} http://www.digimonrp.../digimonrpg.cab (DigimonRpg)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4E60FDC9-25C0-425F-B72B-04347474CFC4} http://conting.sbs.c...ice/Conting.CAB (Conting_S Down Control)
O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} http://bgweb.nowcdn....ownStarter2.cab (DownStarter2 Control)
O16 - DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} http://cdn.usadisk.c.../USAControl.CAB (USADISK File Share Control 5)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD6D630F-0ADA-4260-AB93-37846E3F6B0E}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C295CDD5-58B1-49E5-A481-8E779D04D3D9}: DhcpNameServer = 172.18.145.103 172.18.145.103
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/12 11:46:34 | 000,000,000 | ---- | M] () - C:\AutomapClients.ini -- [ NTFS ]
O32 - AutoRun File - [2012/07/27 10:14:09 | 000,000,052 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2013/01/15 20:50:46 | 000,000,000 | -H-D | M] - G:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/09 12:35:57 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (3)
[2013/11/08 16:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/08 16:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/08 16:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/08 16:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/08 16:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/08 16:44:10 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\TDSSKiller.exe
[2013/11/08 16:43:37 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
[2013/11/07 23:55:56 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/07 23:55:56 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/11/06 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\11613 MUSIC
[2013/11/06 17:52:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ECRSC
[2013/11/06 17:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESTsoft
[2013/11/06 17:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ESTsoft
[2013/11/06 17:52:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ESTsoft
[2013/11/06 17:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESTsoft
[2013/10/29 16:25:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/10/29 16:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2013/10/29 16:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2013/10/28 21:12:41 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm60e.dll
[2013/10/28 21:12:41 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCN.OCX
[2013/10/28 19:41:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/27 17:09:50 | 000,000,000 | ---D | C] -- C:\Windows\System32 (if 32bit) or SYSWOW64 (if 64bit)
[2013/10/26 20:44:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/26 20:42:38 | 001,858,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100d.dll
[2013/10/26 20:42:38 | 001,014,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100d.dll
[2013/10/26 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Exploit
[2013/10/26 18:39:42 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\cuban_data
[2013/10/24 22:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SKT Sync 3.0
[2013/10/24 22:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MelOn Player4
[2013/10/23 06:48:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (2)
[2013/10/19 11:30:15 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Update MPC Renaissance v1.10
[2013/10/11 17:31:11 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Hex on Steroids
[2013/10/11 16:53:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\HoS
[2013/10/11 16:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
[2013/10/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3
[2013/10/10 23:00:58 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/10 23:00:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/10 23:00:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/10 23:00:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/10 23:00:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/10 23:00:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/10 23:00:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/10 23:00:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/10 23:00:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/10 23:00:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/10 23:00:54 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/10 23:00:51 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/10 23:00:50 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/10 23:00:50 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 23:00:49 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/09 12:43:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/09 12:13:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/09 11:55:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1615976838-929692116-233931786-1000UA.job
[2013/11/09 11:17:25 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 11:17:25 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 11:06:46 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/09 11:01:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/09 11:01:05 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/09 00:39:07 | 000,431,847 | ---- | M] () -- C:\Users\User\Desktop\tumblr_mtiqnhDLq71srpb3po1_500.jpg
[2013/11/08 16:58:27 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/08 13:55:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1615976838-929692116-233931786-1000Core.job
[2013/11/07 18:30:31 | 001,349,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/07 18:30:31 | 000,664,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/07 18:30:31 | 000,435,152 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013/11/07 18:30:31 | 000,126,444 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/07 18:30:31 | 000,124,858 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013/10/26 18:23:20 | 021,409,122 | ---- | M] () -- C:\Users\User\Desktop\1165601865.mp3
[2013/10/25 20:38:18 | 000,001,456 | ---- | M] () -- C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/10/23 07:14:44 | 450,817,715 | ---- | M] () -- C:\Users\User\Desktop\New folder (2).zip
[2013/10/19 17:57:38 | 000,051,460 | ---- | M] () -- C:\Users\User\Desktop\tumblr_muxrfp8QHX1qlu8tno1_500.jpg
[2013/10/11 07:57:59 | 902,859,644 | ---- | M] () -- C:\Users\User\Desktop\SMoKE Patch v0.2.exe
[2013/10/11 06:52:12 | 005,587,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 22:57:28 | 001,336,678 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/09 00:39:04 | 000,431,847 | ---- | C] () -- C:\Users\User\Desktop\tumblr_mtiqnhDLq71srpb3po1_500.jpg
[2013/11/08 16:58:27 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/26 18:14:29 | 021,409,122 | ---- | C] () -- C:\Users\User\Desktop\1165601865.mp3
[2013/10/23 07:14:18 | 450,817,715 | ---- | C] () -- C:\Users\User\Desktop\New folder (2).zip
[2013/10/19 17:57:37 | 000,051,460 | ---- | C] () -- C:\Users\User\Desktop\tumblr_muxrfp8QHX1qlu8tno1_500.jpg
[2013/10/12 16:06:05 | 902,859,644 | ---- | C] () -- C:\Users\User\Desktop\SMoKE Patch v0.2.exe
[2013/10/06 14:09:56 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013/07/25 12:25:31 | 000,007,606 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/05/16 13:38:24 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2013/05/06 17:17:45 | 000,001,456 | ---- | C] () -- C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/05/06 17:00:25 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/04/18 12:34:44 | 000,000,311 | ---- | C] () -- C:\Windows\game.ini
[2013/04/07 14:16:37 | 000,000,085 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013/03/29 12:57:20 | 000,332,800 | ---- | C] () -- C:\Windows\wget.exe
[2013/03/29 12:57:20 | 000,167,936 | ---- | C] () -- C:\Windows\unzip.exe
[2013/03/12 15:29:56 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/01/07 19:24:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/07 19:24:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/07 19:24:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/07 19:24:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/07 19:24:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/11/28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/11/28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/11/28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/11/04 20:33:18 | 000,009,728 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/02 15:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012/05/25 22:58:38 | 000,196,648 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/25 22:03:08 | 001,336,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/17 16:17:49 | 000,054,000 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2012/05/15 16:19:59 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/05/13 14:30:10 | 000,000,412 | ---- | C] () -- C:\Users\User\.gta_sa_savegame_editor
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/08 23:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/08 23:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/02 22:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/18 12:28:06 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011/12/04 20:55:42 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2011/11/25 17:34:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2013/04/15 09:42:31 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$319f2830918ad7ccbb3c835ec2569aae\@
[2013/04/15 09:42:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$319f2830918ad7ccbb3c835ec2569aae\L
[2013/04/15 09:42:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$319f2830918ad7ccbb3c835ec2569aae\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/02 17:20:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\2K Sports
[2013/07/12 12:25:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ableton
[2011/11/27 19:43:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\acccore
[2013/05/24 22:49:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Activision
[2013/07/18 14:04:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Applied Acoustics Systems
[2013/11/06 07:50:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2013/05/16 20:48:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Avid
[2013/07/01 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\avidemux
[2013/10/05 14:49:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Celemony Software GmbH
[2013/06/27 17:10:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Ultra
[2012/04/09 14:57:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DiskAid
[2012/10/05 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2013/05/06 12:19:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlowStone
[2012/08/20 18:17:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Guitar Pro 6
[2013/05/06 12:20:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Image-Line
[2012/03/10 14:42:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ImgBurn
[2013/06/13 14:57:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012/04/17 18:38:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012/05/23 13:40:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2012/09/24 15:49:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mael
[2013/07/18 15:29:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Maize Sampler Player
[2013/10/26 20:08:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MPC
[2012/07/07 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MySQL
[2012/11/26 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NPLUTO Corporation
[2012/01/16 22:25:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ooVoo Details
[2012/04/07 10:31:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2013/05/16 21:32:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2012/05/17 16:19:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Proxifier
[2013/09/22 12:24:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RadeonPro
[2013/06/25 13:58:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RED MC
[2012/03/21 15:34:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\redsn0w
[2012/12/31 12:32:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2013/10/01 18:15:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2013/07/25 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/30 15:30:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Subversion
[2012/02/27 18:46:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2013/08/05 11:47:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TechSmith
[2011/11/25 16:28:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeraCopy
[2013/05/16 21:46:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trillium Lane
[2013/01/27 17:27:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2013/10/31 17:09:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2012/06/28 15:41:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VOWSoft
[2012/06/16 14:46:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/11/11 11:48:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/11 11:45:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/11 11:48:40 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/11 11:45:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/11 11:48:40 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/11/11 11:45:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/11/11 11:48:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/11/11 11:45:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/07/27 15:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.DLL >
[2010/10/21 10:11:14 | 004,465,432 | ---- | M] (SmartSound Software Inc.) MD5=09CFB48DF9A22C5B02A249778546422C -- C:\Program Files (x86)\SmartSound Software\Quicktracks 5\Services.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:08:24 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=424DA2137012397299C94B7342F3D19E -- C:\Windows\SysNative\ko-KR\services.exe.mui
[2009/07/13 19:08:24 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=424DA2137012397299C94B7342F3D19E -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_982c5da9ef5cfade\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.H >
[2011/12/16 20:52:08 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\Program Files\MySQL\MySQL Server 5.5\include\mysql\services.h

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/02/06 19:34:05 | 000,000,745 | ---- | M] () MD5=4486CD5E7FD9B06A7E7704967FB23255 -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\AN8X3FFM\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 19:05:18 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\SysNative\ko-KR\services.msc
[2009/07/13 18:49:38 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\SysWOW64\ko-KR\services.msc
[2009/07/13 19:05:18 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_d26e2d95c5c694d1\services.msc
[2009/07/13 18:49:38 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_764f92120d69239b\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SETTINGS >
[2012/02/20 13:18:48 | 000,001,622 | ---- | M] () MD5=36F72485C04D6C73C4926FD9112339C1 -- C:\Users\User\.netbeans\7.0\config\Windows2Local\Components\services.settings

< MD5 for: SERVICES.WSTCGRP >
[2012/07/07 16:17:00 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\User\.netbeans\7.0\config\Windows2Local\Groups\InitialLayout\services.wstcgrp
[2012/07/07 16:17:00 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\User\.netbeans\7.0\config\Windows2Local\Groups\OpenedProjects\services.wstcgrp

< MD5 for: SERVICES.WSTCREF >
[2012/07/07 16:17:00 | 000,000,179 | ---- | M] () MD5=7602524110CA4C646B84EBD3AA3E5998 -- C:\Users\User\.netbeans\7.0\config\Windows2Local\Modes\leftSlidingSide\services.wstcref

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/11/11 11:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/11 11:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 743D-B66F
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\FPC
05/06/2013 12:20 PM <SYMLINKD> Downloaded [C:\Users\User\Documents\Image-Line\Data\fpc\]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Harmor
05/06/2013 12:20 PM <SYMLINKD> Downloaded [C:\Users\User\Documents\Image-Line\Data\Harmor\]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Ogun
05/06/2013 12:20 PM <SYMLINKD> Downloaded [C:\Users\User\Documents\Image-Line\Data\ogun\]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\User
11/25/2011 05:47 PM <JUNCTION> Application Data [C:\Users\User\AppData\Roaming]
11/25/2011 05:47 PM <JUNCTION> Cookies [C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies]
11/25/2011 05:47 PM <JUNCTION> Local Settings [C:\Users\User\AppData\Local]
11/25/2011 05:47 PM <JUNCTION> My Documents [C:\Users\User\Documents]
11/25/2011 05:47 PM <JUNCTION> NetHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/25/2011 05:47 PM <JUNCTION> PrintHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/25/2011 05:47 PM <JUNCTION> Recent [C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent]
11/25/2011 05:47 PM <JUNCTION> SendTo [C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo]
11/25/2011 05:47 PM <JUNCTION> Start Menu [C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu]
11/25/2011 05:47 PM <JUNCTION> Templates [C:\Users\User\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\User\AppData\Local
11/25/2011 05:47 PM <JUNCTION> Application Data [C:\Users\User\AppData\Local]
11/25/2011 05:47 PM <JUNCTION> History [C:\Users\User\AppData\Local\Microsoft\Windows\History]
11/25/2011 05:47 PM <JUNCTION> Temporary Internet Files [C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 23,316,205,568 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 1284 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:XbQQUIPlGZTWzIDn3cafB
@Alternate Data Stream - 1270 bytes -> C:\ProgramData\Microsoft:4gTmJMiVmjkGPeUEoEYQdT
@Alternate Data Stream - 1229 bytes -> C:\ProgramData\Microsoft:bTZdOjqGT3IWfbCUAL8yf5x
@Alternate Data Stream - 1214 bytes -> C:\ProgramData\Microsoft:MlqghYyX1vxg2WgdEYRw
@Alternate Data Stream - 1195 bytes -> C:\ProgramData\Microsoft:1NNujqqIKbQDEJweYPHy1d

< End of report >

Extras
OTL Extras logfile created on: 11/9/2013 12:37:28 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\New folder (3)
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 41.56% Memory free
8.00 Gb Paging File | 5.47 Gb Available in Paging File | 68.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 21.82 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive D: | 37.57 Gb Total Space | 10.45 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 931.41 Gb Total Space | 707.67 Gb Free Space | 75.98% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1615976838-929692116-233931786-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D56B35-89FF-4EDF-94BD-98BB28BEAD0F}" = dir=in | app=c:\program files (x86)\melon player4\playback\pino-melon.exe |
"{055771BF-BF3C-48FD-9CD7-2D315E43E531}" = dir=in | app=%programfiles% (x86)\atari\tdu2\uplauncher.exe |
"{266F3303-8017-49BE-836F-58542A8DD72C}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{26705686-AFF5-4835-97B4-9D47208856E5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{33B16E18-D337-4156-A03F-7811256EC958}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k14\nba2k14.exe |
"{36CB5D0F-FD1D-410E-925C-7B97ACD582F6}" = dir=in | app=c:\program files (x86)\melon player4\system32\p3melonasvr2.exe |
"{445FA340-2109-4ECB-AB67-047EC44665E5}" = protocol=6 | dir=in | app=c:\program files (x86)\usadisk\webhard_agent.exe |
"{5339F99C-33BB-47A5-8ECF-E11C66D82650}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe |
"{547D6591-894A-496B-BF95-3A948DEEA652}" = protocol=17 | dir=in | app=c:\program files (x86)\usadisk\webhard_agent.exe |
"{6FB1A22B-D9AF-4D8E-B262-766E6ABC87B0}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{710157FF-DFD8-4C66-A0DA-C6A8D03900A4}" = protocol=17 | dir=in | app=c:\program files (x86)\usadisk\usadiskdown.exe |
"{79D1DBB6-6DD8-4A34-81DA-CB372CE2D5F7}" = protocol=6 | dir=in | app=c:\program files (x86)\usadisk\usadiskdown.exe |
"{7CBC8331-ED7F-492C-B3CF-AE8F7902F28E}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7E8DA427-DD37-4AF9-8AD7-E72088AC8E41}" = protocol=17 | dir=in | app=c:\program files (x86)\usadisk\usadiskdown.exe |
"{9818E43A-53EC-41C3-A255-238FBE430DDB}" = protocol=17 | dir=in | app=c:\program files (x86)\usadisk\webhard_agent.exe |
"{9D899881-BA54-48F2-8530-C968FCD39E46}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe |
"{9E953B31-957B-489D-AA48-C65B7EA2A0B4}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B33F2873-A16B-4470-9F78-0D45A7F63C02}" = protocol=6 | dir=in | app=c:\program files (x86)\usadisk\usadiskdown.exe |
"{B9589E4C-3291-4C85-97F6-3DF1337CC1C5}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{CA14994D-81DD-457A-AD28-30FFBEDC3C2D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CDA9F291-BD6B-4C2F-A93E-6196AAB56D4B}" = protocol=6 | dir=in | app=c:\editing tools\red mc\red_mc.exe |
"{CE102577-713E-4F1F-9A63-863A315DE113}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"{CF644CF1-DF48-429C-B40C-64931B7FA8F8}" = protocol=6 | dir=in | app=c:\program files (x86)\usadisk\webhard_agent.exe |
"{D0B7483B-D93A-412B-8DC9-534EDCB4F4F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5F049F2-6291-4323-8899-7D9EE2863A16}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k14\nba2k14.exe |
"{E8A8B6AE-9E09-4EAE-9C7E-65931298BDD9}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"{F4B853C3-AD87-418E-93AE-14F693E81D3F}" = protocol=17 | dir=in | app=c:\editing tools\red mc\red_mc.exe |
"{FB2548DE-3C13-4F01-97CB-B2DBA7CF438C}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{283EC961-4A21-4D8F-88D4-03099964A9AE}C:\program files (x86)\avid\pro tools\protools.exe" = protocol=6 | dir=in | app=c:\program files (x86)\avid\pro tools\protools.exe |
"TCP Query User{380994A1-4F0D-4F0B-B6F8-462F989764B1}C:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\_uplauncher.exe |
"TCP Query User{507FE301-F09F-4356-B220-06EA1616322F}C:\users\user\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{6EC34148-7A65-4E68-AEF0-1F4173146FFB}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe |
"TCP Query User{79F160FC-A930-41F2-9B1E-1BEF55644CBF}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{BF6DB5F4-917E-45C7-BBF9-176C720D61A3}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"TCP Query User{DB6AF896-19D1-46DA-A992-8A458C8C8302}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"UDP Query User{2D172E69-C6EF-431D-93AF-6579155F22D8}C:\program files (x86)\avid\pro tools\protools.exe" = protocol=17 | dir=in | app=c:\program files (x86)\avid\pro tools\protools.exe |
"UDP Query User{49F49144-D891-49B6-BF82-BD08A5D74C2C}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe |
"UDP Query User{5835991F-40D2-4F75-A5C9-6B6581A26691}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"UDP Query User{6753F339-6C93-47F3-BBE3-87422086ECD1}C:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\_uplauncher.exe |
"UDP Query User{78A027A3-3507-4D89-86C1-365C57DBE84A}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{BBB082A5-367B-406C-8171-370C22673DB4}C:\users\user\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{F0D03C75-FF78-4668-82D9-F69B6C358548}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{53EE2829-E9DB-4913-B3EA-96F10F84E98B}" = Melodyne Runtime 4.1 (x64)
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5C770DFD-6F38-4915-8FF5-C7C7555039A9}" = MySQL Server 5.5
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{658E112A-8776-4430-A275-D9248732DFB9}" = Avid HD Driver (x64)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Hex Editor Neo 5.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}" = Visual C++ 64-bit Redistributables
"Automap Universal_is1" = Automap 4.6
"CCleaner" = CCleaner
"com.akaipro.mpc.standard_is1" = MPC 1.5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 2.3
"USB_AUDIO_DEusb-audio.deAkaiACV0" = MPC Renaissance driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = Twin USB Vibration Gamepad
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3064587D-8C63-45CE-9889-F4E910316344}_is1" = SCARBEE D6-C Filter
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37BA50EE-C851-4394-93DD-A0A611891033}" = Nero 7 Essentials
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}" = Google Talk Plugin
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = 심즈 3 모두 잠든 후에
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}" = NBA 2K14
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5EFD3544-2371-4900-8ACA-F157BA80FB0C}" = Pro Evolution Soccer 2014
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{66ED8E01-C915-41F5-B33E-C5C31F27B885}" = USB Network Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = 심즈 3 하이엔드 엣지 홈
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{89572B72-F947-4B35-B75E-3207AE070A0C}_is1" = SCARBEE Vintage Keyboard FX
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E60BB71-7EF3-42ED-9F10-AA041F25841A}" = Avid Pro Tools
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FB91814-FE42-4B62-9B54-4B677A420715}_is1" = CLEO v3.0.950
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A37971C7-77B9-4441-9064-ACD19A78479F}_is1" = Nin Online version Alpha
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}" = Avid Effects
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}" = iPhone Configuration Utility
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AIM_7" = AIM 7
"Akai The809_is1" = Akai THE 809
"Akai TheBANK_is1" = Akai THE BANK
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip 8.51
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"DiskAid_is1" = DiskAid 5.09
"DVD Identifier_is1" = DVD Identifier
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.22.508
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.17.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"GoldWave v5.67" = GoldWave v5.67
"Google Chrome" = Google Chrome
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"iBackupBot for iTunes" = iBackupBot for iTunes 3.5.3
"iFunbox_is1" = iFunbox (v1.98.948.666), iFunbox DevTeam
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}" = Visual C++ 64-bit Redistributables
"KakaoTalk" = KakaoTalk
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Live 8.2.4" = Live 8.2.4
"Lounge Lizard EP-4" = AAS - Lounge Lizard EP-4
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Melon40" = MelOn Player4
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPC_is1" = MPC 1.3.1
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Nin Online" = Nin Online
"NoIPDUC" = No-IP DUC
"OpenITG" = OpenITG
"Origin" = Origin
"PowerISO" = PowerISO
"Proxifier_is1" = Proxifier version 3.0
"PSPad editor_is1" = PSPad editor
"RadeonPro_is1" = RadeonPro 1.0 (Build 1.1.1.0)
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"ST6UNST #1" = Hero Editor V1.04
"ST6UNST #2" = NFS Underground 2 Mega Trainer
"ST6UNST #3" = Need For Speed Most Wanted (Black Edition 1.3) Mega Trainer
"StepMania" = StepMania 3.9b (remove only)
"TeamViewer 7" = TeamViewer 7
"The KMPlayer" = The KMPlayer (remove only)
"USADISK" = 미주디스크 프로그램 삭제
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"WampServer 2_is1" = WampServer 2.2
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"winscp3_is1" = WinSCP 4.3.5
"WizTree_is1" = WizTree v1.07
"디지몬RPG FULL" = DigimonRPG

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1615976838-929692116-233931786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Nin Online" = Nin Online
"Savevid" = Savevid
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2013 12:30:23 PM | Computer Name = User-PC | Source = ESENT | ID = 489
Description = taskhost (1084) An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/5/2013 6:44:38 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 11

Error - 11/6/2013 8:00:02 AM | Computer Name = User-PC | Source = ESENT | ID = 489
Description = taskhost (2848) An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/6/2013 6:48:29 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 11

Error - 11/7/2013 7:23:24 PM | Computer Name = User-PC | Source = ESENT | ID = 489
Description = taskhost (1644) An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/8/2013 5:39:07 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 11

Error - 11/8/2013 6:07:05 PM | Computer Name = User-PC | Source = ESENT | ID = 489
Description = taskhost (2236) An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/8/2013 6:13:11 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 11

Error - 11/9/2013 12:06:31 PM | Computer Name = User-PC | Source = ESENT | ID = 489
Description = taskhost (1936) An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/9/2013 12:10:20 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 11

[ System Events ]
Error - 10/31/2013 11:14:55 PM | Computer Name = User-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR7, has a bad block.

Error - 10/31/2013 11:15:05 PM | Computer Name = User-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR7, has a bad block.

Error - 10/31/2013 11:15:15 PM | Computer Name = User-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR7, has a bad block.

Error - 10/31/2013 11:15:25 PM | Computer Name = User-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR7, has a bad block.

Error - 11/2/2013 2:03:21 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 11/8/2013 1:10:50 AM | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =

Error - 11/8/2013 6:13:12 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 11/9/2013 12:06:04 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7022
Description = The avast! Antivirus service hung on starting.

Error - 11/9/2013 12:07:15 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the RadeonPro
Support Service service to connect.

Error - 11/9/2013 12:07:15 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The RadeonPro Support Service service failed to start due to the following
error: %%1053

< End of report >

#8
godawgs

Posted 09 November 2013 - 05:45 PM

Teacher

Retired Staff
8,228 posts

Run CKScanner

Please click here to download CKScanner.

Important : Save it to your desktop.

Please DO NOT run the program more than once.
Right click the CKScanner.exe file and click Run as Administrator. OK any UAC prompts.
Click Search For Files
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The CKScanner log

#9
jsound19

Posted 09 November 2013 - 06:19 PM

Member

Topic Starter
Member
22 posts

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\common files\native instruments\kontakt 5\presets\effects\convolution\05 drum reverbs\0.4s firecracker snare orven.nkp
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\program files (x86)\common files\digidesign\dae\plug-in settings\mastererizer\mc dj yuppie cracker.tfx
c:\program files (x86)\image-line\fl studio 11\data\patches\plugin presets\generators\drumpad\sound fx\crack.fst
c:\program files (x86)\image-line\fl studio 11\plugins\fruity\effects\hardcore\presets\i cracked my tube!.hdprg
c:\program files (x86)\image-line\fl studio 11\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 11\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\rockstar games\gta san andreas\data\decision\craig\crack1.ped
c:\programdata\akai\mpc\content\thebank\synth 6 pads\08 the crackler.svx
c:\users\user\documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv
c:\users\user\documents\image-line\data\drumaxx\drum patches\sound fx\crack.dmpatch
c:\users\user\downloads\adobe photoshop cs6 extended crack .dll files\patch\readme or despair (at installing this).txt
c:\users\user\downloads\adobe photoshop cs6 extended crack .dll files\patch\32bit\amtlib.dll
c:\users\user\downloads\adobe photoshop cs6 extended crack .dll files\patch\64bit\amtlib.dll
c:\users\user\downloads\microsoft office crack\abre con el boton derecho de tu mouse donde dice mi equipo o my computer checa alli si tu computadora es windows 32 bit o 64 bit instalas de acuerdo el winrar 32 o 64 bit y con ese abres la fila de microsoft office 201.docx
c:\users\user\downloads\microsoft office crack\microsoft office crack.rar
c:\users\user\downloads\microsoft office crack\winrar 32 bit.exe
c:\users\user\downloads\microsoft office crack\winrar 64 bit.exe
c:\users\user\music\drake - take care 320k itunes\(tpb)-digital_crack_vol_31_-_ultimate_hip_hop_-_electro_mixtape.torrent
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
scanner sequence 3.ZZ.11.UQAPKZ
----- EOF -----

#10
godawgs

Posted 10 November 2013 - 12:59 AM

Teacher

Retired Staff
8,228 posts

I am sorry, but the scans show you have an illegal copy of Adobe products and Microsoft Office on your computer. This is a violation of our Terms of Use.

Go here to read Geekstogo Terms of Use and note in particular article 4 the items Illegal and Infringing of intellectual property rights (such as copyright and trademark rights).

The use of crack files and keygens means you have obtained your software illegally, and we will not help you. If you want help with installing any legal versions of software, we'd be happy to help you, but not with illegal copies. I will also warn you that the use of cracks/keygens is a very good way to infect your computer with malware.

Please remove all illegally obtained software from your computer if you want help from us.

#11
godawgs

Posted 14 November 2013 - 09:52 AM

Teacher

Retired Staff
8,228 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.