Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

popups pc perfromance utilitys

Started by 314 , Jan 19 2014 04:38 PM

This topic is locked

#1
314

Posted 19 January 2014 - 04:38 PM

Member

Member
65 posts

OTL logfile created on: 1/19/2014 3:29:55 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 4.67 Gb Available Physical Memory | 58.75% Memory free
15.89 Gb Paging File | 12.23 Gb Available in Paging File | 76.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 33.11 Gb Free Space | 29.65% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 523.24 Gb Free Space | 37.45% Space Free | Partition Type: NTFS
Drive F: | 2.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 1863.01 Gb Total Space | 436.62 Gb Free Space | 23.44% Space Free | Partition Type: NTFS

Computer Name: 314-PC | User Name: 314 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/19 15:27:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
PRC - [2014/01/19 15:20:40 | 000,143,488 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
PRC - [2014/01/13 02:05:26 | 000,326,032 | ---- | M] (Outfox Tv Productions Pty Ltd) -- C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
PRC - [2014/01/11 03:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/09 14:05:54 | 000,311,696 | ---- | M] (Outfox Tv Productions Pty Ltd) -- C:\Program Files\OutfoxTV\OutfoxTvService.exe
PRC - [2014/01/09 01:01:20 | 000,063,168 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\MgAssist.exe
PRC - [2014/01/09 01:01:15 | 000,766,656 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
PRC - [2014/01/07 14:00:22 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/01/07 14:00:20 | 001,815,464 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/01/02 13:33:18 | 003,998,152 | ---- | M] () -- C:\Program Files (x86)\fst_ca_17\fst_ca_17.exe
PRC - [2014/01/02 13:33:18 | 003,153,904 | ---- | M] () -- C:\Users\314\AppData\Local\fst_ca_17\upfst_ca_17.exe
PRC - [2013/12/23 11:40:42 | 006,598,000 | ---- | M] (Systweak) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2013/12/22 14:40:38 | 000,021,024 | ---- | M] (Smartbar) -- C:\Users\314\AppData\Local\Smartbar\Application\SnapDo.exe
PRC - [2013/12/18 11:43:04 | 001,980,416 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/17 03:38:32 | 013,543,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2013/12/17 03:22:10 | 000,199,520 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2013/12/12 19:47:56 | 000,085,600 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/12/03 20:40:30 | 000,103,312 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
PRC - [2013/11/15 23:31:20 | 000,900,440 | ---- | M] (BitTorrent Inc.) -- C:\Users\314\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/11/15 07:50:42 | 001,472,816 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCOSystemCleaner.exe
PRC - [2013/11/15 07:50:40 | 001,520,432 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCOPrivacyProtector.exe
PRC - [2013/11/15 07:50:40 | 001,144,624 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCORegClean.exe
PRC - [2013/11/15 07:50:38 | 000,297,776 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODiskOptimizer.exe
PRC - [2013/11/15 07:50:36 | 011,527,984 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013/07/02 16:18:28 | 000,423,736 | ---- | M] (Smart PC Solutions) -- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2013/02/11 16:51:40 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/01/24 13:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013/01/17 09:48:44 | 000,737,600 | ---- | M] (US Tech Support LLC) -- C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe
PRC - [2012/08/23 01:09:34 | 000,403,328 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/08/23 01:08:50 | 006,010,264 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/07/24 15:13:58 | 000,941,440 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/19 15:20:38 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2014/01/19 15:20:38 | 000,146,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2014/01/19 15:06:20 | 001,153,024 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_ssl.pyd
MOD - [2014/01/19 15:06:20 | 000,811,008 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._windows_.pyd
MOD - [2014/01/19 15:06:20 | 000,805,888 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._gdi_.pyd
MOD - [2014/01/19 15:06:20 | 000,711,680 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_hashlib.pyd
MOD - [2014/01/19 15:06:20 | 000,110,080 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\PyWinTypes27.dll
MOD - [2014/01/19 15:06:20 | 000,087,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_ctypes.pyd
MOD - [2014/01/19 15:06:20 | 000,070,656 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._html2.pyd
MOD - [2014/01/19 15:06:20 | 000,038,912 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32inet.pyd
MOD - [2014/01/19 15:06:20 | 000,035,840 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32process.pyd
MOD - [2014/01/19 15:06:20 | 000,026,624 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_multiprocessing.pyd
MOD - [2014/01/19 15:06:20 | 000,025,600 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32pdh.pyd
MOD - [2014/01/19 15:06:20 | 000,024,064 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32pipe.pyd
MOD - [2014/01/19 15:06:19 | 001,175,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._core_.pyd
MOD - [2014/01/19 15:06:19 | 001,062,400 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._controls_.pyd
MOD - [2014/01/19 15:06:19 | 000,686,080 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\unicodedata.pyd
MOD - [2014/01/19 15:06:19 | 000,557,056 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\pysqlite2._sqlite.pyd
MOD - [2014/01/19 15:06:19 | 000,521,680 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\windows._lib_cacheinvalidation.pyd
MOD - [2014/01/19 15:06:19 | 000,320,512 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32com.shell.shell.pyd
MOD - [2014/01/19 15:06:19 | 000,128,512 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_elementtree.pyd
MOD - [2014/01/19 15:06:19 | 000,127,488 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\pyexpat.pyd
MOD - [2014/01/19 15:06:19 | 000,119,808 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32file.pyd
MOD - [2014/01/19 15:06:19 | 000,108,544 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32security.pyd
MOD - [2014/01/19 15:06:19 | 000,098,816 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32api.pyd
MOD - [2014/01/19 15:06:19 | 000,044,032 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_socket.pyd
MOD - [2014/01/19 15:06:19 | 000,022,528 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32ts.pyd
MOD - [2014/01/19 15:06:19 | 000,018,432 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32event.pyd
MOD - [2014/01/19 15:06:19 | 000,017,408 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32profile.pyd
MOD - [2014/01/19 15:06:19 | 000,010,240 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\select.pyd
MOD - [2014/01/19 15:06:18 | 000,735,232 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._misc_.pyd
MOD - [2014/01/19 15:06:18 | 000,364,544 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\pythoncom27.dll
MOD - [2014/01/19 15:06:18 | 000,122,368 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._wizard.pyd
MOD - [2014/01/19 15:06:18 | 000,011,264 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32crypt.pyd
MOD - [2014/01/11 03:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 03:29:19 | 013,615,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
MOD - [2014/01/11 03:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 03:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 03:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 03:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2014/01/09 01:01:15 | 000,766,656 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MOD - [2014/01/09 00:51:02 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DCR.dll
MOD - [2014/01/09 00:50:47 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\Device.dll
MOD - [2014/01/07 14:00:22 | 001,138,088 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/01/05 20:16:17 | 001,283,584 | ---- | M] () -- C:\Users\314\AppData\Roaming\newnext.me\nengine.dll
MOD - [2014/01/02 13:33:18 | 003,998,152 | ---- | M] () -- C:\Program Files (x86)\fst_ca_17\fst_ca_17.exe
MOD - [2014/01/02 13:33:18 | 003,153,904 | ---- | M] () -- C:\Users\314\AppData\Local\fst_ca_17\upfst_ca_17.exe
MOD - [2013/12/23 11:40:42 | 001,730,928 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\aspsys.dll
MOD - [2013/12/22 14:41:20 | 000,031,264 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srut.dll
MOD - [2013/12/22 14:41:16 | 000,020,512 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srsbs.dll
MOD - [2013/12/22 14:41:14 | 000,014,368 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srpdm.dll
MOD - [2013/12/22 14:41:12 | 000,248,352 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srns.dll
MOD - [2013/12/22 14:41:10 | 000,064,032 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srau.dll
MOD - [2013/12/22 14:41:08 | 000,048,672 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\sppsm.dll
MOD - [2013/12/22 14:41:06 | 000,055,840 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\spbl.dll
MOD - [2013/12/22 14:40:54 | 000,025,632 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/12/22 14:40:50 | 000,053,280 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/12/22 14:40:48 | 000,112,672 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/12/22 14:40:48 | 000,017,440 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/12/22 14:40:44 | 000,150,560 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/12/22 14:40:42 | 000,057,376 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/12/22 14:40:40 | 002,057,760 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/12/22 14:40:40 | 000,034,848 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/12/22 14:40:40 | 000,014,368 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/12/22 14:40:38 | 000,728,096 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/12/22 14:40:38 | 000,081,952 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/12/22 14:40:34 | 000,013,344 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\siem.dll
MOD - [2013/12/22 14:40:32 | 000,193,056 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\sgmu.dll
MOD - [2013/12/22 14:40:32 | 000,014,368 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\sgml.dll
MOD - [2013/12/22 14:39:42 | 000,048,160 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013/12/22 14:39:32 | 000,170,016 | ---- | M] () -- C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
MOD - [2013/12/22 14:39:28 | 000,068,640 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
MOD - [2013/12/12 15:19:40 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2013/12/12 15:04:18 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/12/12 15:04:14 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/11/15 07:50:36 | 000,568,520 | ---- | M] () -- C:\Program Files (x86)\USTechSupport\PC Optimizer\sqlite3.dll
MOD - [2013/11/15 07:50:30 | 000,325,936 | ---- | M] () -- C:\Program Files (x86)\USTechSupport\PC Optimizer\asohtm.dll
MOD - [2013/11/04 18:12:06 | 000,890,592 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-52.dll
MOD - [2013/10/31 16:06:54 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/31 15:25:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/31 15:25:43 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0a7b20934d7587787e7dae923d1614f4\System.Deployment.ni.dll
MOD - [2013/10/31 15:25:31 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/29 14:08:06 | 002,869,720 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
MOD - [2013/09/12 13:44:27 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll
MOD - [2013/09/12 13:44:25 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/08/18 18:48:38 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/18 18:48:08 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/08/18 18:00:07 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/18 17:59:54 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/18 17:59:54 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/18 17:59:53 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\5b239b4d0f9c334efdd06d399b4a9ba6\System.Data.ni.dll
MOD - [2013/08/18 17:59:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/18 17:59:10 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/18 17:59:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/18 17:58:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2013/06/14 16:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 16:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 16:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/23 00:32:28 | 001,525,120 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
MOD - [2012/07/25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
MOD - [2012/07/25 12:03:12 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\unrar.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 20:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/01/09 14:05:54 | 000,311,696 | ---- | M] (Outfox Tv Productions Pty Ltd) [Auto | Running] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV:64bit: - [2013/11/26 02:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/21 06:00:46 | 001,140,848 | ---- | M] (Paramount Software UK Ltd) [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV:64bit: - [2013/10/08 05:52:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/08/09 19:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/01/19 15:20:40 | 000,143,488 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe -- (70e6ca8c)
SRV - [2014/01/09 01:01:20 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobogenie\MgAssist.exe -- (MgAssistService)
SRV - [2014/01/07 14:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/07 10:43:12 | 000,123,384 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/11/15 07:50:38 | 000,283,952 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) [Auto | Running] -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe -- (USTSPCODiskOptimizer)
SRV - [2013/10/10 06:57:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 09:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013/09/19 15:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/21 11:24:12 | 000,222,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
SRV - [2013/02/28 18:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/02/11 16:51:40 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/01/24 13:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/17 09:48:44 | 000,737,600 | ---- | M] (US Tech Support LLC) [Auto | Running] -- C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe -- (USTSScheduler)
SRV - [2012/10/11 15:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/08/23 01:11:48 | 001,126,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/28 15:16:54 | 000,128,640 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/05/17 00:25:20 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/08 06:58:42 | 012,534,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/10/08 05:27:46 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/17 15:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/09/17 15:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/09/17 15:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013/09/17 15:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/09/17 15:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013/08/09 19:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 19:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/05 01:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/07/04 14:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/26 01:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/02/26 01:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/02/26 01:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/02/26 01:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/02/26 01:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013/02/11 16:51:40 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/02/11 16:51:39 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/02/11 16:51:39 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/02/11 16:51:38 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/02/11 16:51:38 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013/02/11 16:51:36 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/02/11 16:51:36 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/02/08 00:21:19 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/01/31 23:47:52 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 13:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 13:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/11 15:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/10/11 15:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/28 15:17:28 | 000,551,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/06/28 15:17:24 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/06/28 15:17:24 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/06/28 15:17:24 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/06/28 15:17:24 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/06/28 15:17:22 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/06/28 15:17:22 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/06/28 15:17:22 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/06/14 01:23:12 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/02/23 19:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/25 15:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/05/25 15:59:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/05/25 15:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/04/27 10:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/27 10:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/27 10:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/11/24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/09/15 03:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/29 03:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV:64bit: - [1999/12/31 17:00:00 | 000,553,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2013/12/18 19:50:29 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/11/20 13:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=19/01/2014
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 E3 CD 57 41 03 CE 01 [binary data]
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\314\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\314\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\314\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/01/14 23:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/12/12 22:05:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{f1d02156-7557-4942-96ce-a3bf730e8941}: C:\Program Files (x86)\Show-Password\150.xpi [2014/01/19 15:04:25 | 000,008,505 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/10/23 13:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\314\AppData\Roaming\Mozilla\Extensions
[2013/03/13 16:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=19/01/2014
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://feed.snapdo.c...Date=19/01/2014
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Snap.Do = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Google Drive = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Video Downloader professional = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.38_0\
CHR - Extension: Feven 1.8 = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhnbkenepdnmckmkdfeaoabboadnodnc\1.26.27_0\crossrider
CHR - Extension: Feven 1.8 = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhnbkenepdnmckmkdfeaoabboadnodnc\1.26.27_0\
CHR - Extension: FVD Downloader = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: Show-Password = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg\1.150_0\
CHR - Extension: LogMeIn = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1029_0\
CHR - Extension: Google Wallet = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Amazon 1Button App for Chrome = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\4.2013.1203.0_0\

O1 HOSTS File: ([2013/03/15 11:19:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Feven 1.8) - {11111111-1111-1111-1111-110411901104} - C:\Program Files (x86)\Feven 1.8\Feven 1.8-bho64.dll (Feven)
O2:64bit: - BHO: (The Amazon 1Button App for IE) - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll (Amazon Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Feven 1.8) - {11111111-1111-1111-1111-110411901104} - C:\Program Files (x86)\Feven 1.8\Feven 1.8-bho.dll (Feven)
O2 - BHO: (The Amazon 1Button App for IE) - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Show-Password) - {e200b27e-bb19-4276-8da0-e1e690639278} - C:\Program Files (x86)\Show-Password\150.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [fst_ca_17] C:\Program Files (x86)\fst_ca_17\fst_ca_17.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Browser Infrastructure Helper] C:\Users\314\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [GoogleChromeAutoLaunch_5C49AA91341C41418C8C4F5BFCF76462] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [NextLive] C:\Users\314\AppData\Roaming\newnext.me\nengine.dll ()
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe ()
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe (Outfox Tv Productions Pty Ltd)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [PC Speed Maximizer] C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe (Smart PC Solutions)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [uTorrent] C:\Users\314\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\RunOnce: [upfst_ca_17.exe] C:\Users\314\AppData\Local\fst_ca_17\upfst_ca_17.exe ()
O4 - Startup: C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36ACD0DB-866F-4DC4-9394-7CA78F81EA2F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFA1A9B-A46C-416E-8739-AABF8642AE12}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D5944C-622D-47DB-8AAA-CAF5CCF1D24B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL) - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\amazon\amazon~1\\amazon~3.dll) - c:\progra~2\amazon\amazon~1\\amazon~3.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/19 15:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
[2014/01/19 15:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC HealthBoost
[2014/01/19 15:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BoostSoftware
[2014/01/19 15:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/01/19 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\PC_Drivers_Headquarters
[2014/01/19 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/01/19 15:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/01/19 15:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/01/19 15:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2014/01/19 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\newplayer
[2014/01/19 15:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
[2014/01/19 15:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewPlayer
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\newnext.me
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- E:\Documents\Mobogenie
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Mobogenie
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\genienext
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\cache
[2014/01/19 15:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2014/01/19 15:20:44 | 000,000,000 | ---D | C] -- E:\Documents\Optimizer Pro
[2014/01/19 15:20:43 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Optimizer Pro
[2014/01/19 15:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/01/19 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\VOPackage
[2014/01/19 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/01/19 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Smartbar
[2014/01/19 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\fst_ca_17
[2014/01/19 15:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fst_ca_17
[2014/01/19 15:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
[2014/01/19 15:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.8
[2014/01/19 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Foresight Software
[2014/01/19 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\DriverCure
[2014/01/19 15:18:09 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Foresight Software
[2014/01/19 15:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2014/01/19 15:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Foresight Software
[2014/01/19 15:16:42 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Amazon Browser Bar
[2014/01/19 15:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/01/19 15:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/01/19 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2014/01/19 15:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2014/01/19 15:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/01/19 15:15:31 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\systweak
[2014/01/19 15:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/01/19 15:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2014/01/19 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\USTechSupport
[2014/01/19 15:15:20 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/01/19 15:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC
[2014/01/19 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USTechSupport
[2014/01/19 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\USTechSupport
[2014/01/19 15:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\USTechSupport
[2014/01/19 15:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2014/01/19 15:13:30 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/01/19 15:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/01/19 15:13:28 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Uniblue
[2014/01/19 15:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2014/01/19 15:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
[2014/01/19 15:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlvPlayer
[2014/01/19 15:06:27 | 000,000,000 | R--D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/01/19 15:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2014/01/19 15:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
[2014/01/19 15:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Show-Password
[2014/01/19 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2014/01/19 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\FilesFrog Update Checker
[2014/01/19 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\libimobiledevice
[2014/01/19 13:50:24 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OutfoxTV
[2014/01/19 13:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\OutfoxTV
[2014/01/19 13:20:12 | 000,000,000 | ---D | C] -- E:\Documents\Wondershare
[2014/01/19 13:09:30 | 000,000,000 | ---D | C] -- E:\Documents\Wondershare Dr.Fone for iOS
[2014/01/19 12:57:43 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Apple Computer
[2014/01/19 12:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/19 12:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/19 12:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/19 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/19 12:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/01/19 12:57:01 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Apple
[2014/01/19 12:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/01/19 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/19 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/01/19 12:51:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2014/01/19 12:51:30 | 000,076,384 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2014/01/19 12:51:30 | 000,052,832 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\drivers\libusb0.sys
[2014/01/19 12:51:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Dr.Fone_Temp
[2014/01/19 12:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2013/12/24 04:05:25 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Mael
[2013/12/24 04:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[2013/12/24 04:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD
[2013/12/23 23:27:49 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2013/12/23 23:27:49 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2013/12/23 23:27:49 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2013/12/23 23:27:49 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2013/12/23 23:27:32 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2013/12/23 23:27:32 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2013/12/23 23:27:32 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2013/12/23 23:27:32 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2013/12/23 23:27:32 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2013/12/23 23:27:32 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2013/12/23 23:27:32 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2013/12/23 23:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/12/23 23:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/12/23 00:25:12 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\BetterDS3
[2013/12/22 01:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z3X
[2013/12/21 19:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2013/12/21 19:33:23 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Wondershare
[2013/12/21 19:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2013/12/21 19:33:22 | 000,000,000 | ---D | C] -- C:\Users\314\.android
[2013/12/21 19:27:18 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Wondershare
[2013/12/21 19:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/19 15:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000UA.job
[2014/01/19 15:30:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/19 15:25:48 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\PC HealthBoost.lnk
[2014/01/19 15:23:33 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/01/19 15:21:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/01/19 15:20:36 | 000,001,324 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-updater.job
[2014/01/19 15:20:34 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-enabler.job
[2014/01/19 15:20:32 | 000,001,278 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-codedownloader.job
[2014/01/19 15:20:29 | 000,002,032 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-firefoxinstaller.job
[2014/01/19 15:20:27 | 000,002,110 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-chromeinstaller.job
[2014/01/19 15:18:13 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2014/01/19 15:18:09 | 000,000,892 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Helper 360.lnk
[2014/01/19 15:18:09 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\PC Helper 360 Startup.job
[2014/01/19 15:18:09 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\Foresight Software Update3.job
[2014/01/19 15:18:09 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Helper 360.job
[2014/01/19 15:16:34 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/01/19 15:15:39 | 000,001,097 | ---- | M] () -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/19 15:15:37 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/01/19 15:15:37 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/01/19 15:15:31 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/01/19 15:15:28 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2014/01/19 15:15:18 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
[2014/01/19 15:15:13 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2014/01/19 15:13:33 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Maintenance.job
[2014/01/19 15:13:33 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Startup.job
[2014/01/19 15:13:31 | 000,001,189 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2014/01/19 15:13:31 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2014/01/19 15:13:06 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 15:13:06 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 15:12:39 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\FlvPlayer.lnk
[2014/01/19 15:11:52 | 000,822,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/19 15:11:52 | 000,693,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/19 15:11:52 | 000,130,852 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/19 15:06:31 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Show-Password Update.job
[2014/01/19 15:06:25 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/19 15:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/19 13:13:45 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare TunesGo.lnk
[2014/01/19 13:03:53 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
[2014/01/19 10:32:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000Core.job
[2014/01/14 23:59:31 | 000,271,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/14 10:59:07 | 000,000,947 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/01/03 13:16:30 | 000,020,312 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/12/24 04:03:12 | 000,000,905 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.lnk
[2013/12/22 01:50:08 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Tool.lnk
[2013/12/21 19:50:35 | 000,002,236 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
[2013/12/21 19:50:35 | 000,002,193 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare MobileGo for Android.lnk
[2013/12/21 19:50:35 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare MobileGo for Android.lnk
[2013/12/21 19:38:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_wsadb_01007.Wdf
[2013/12/21 19:33:25 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare MobileTrans.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/19 15:25:48 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\PC HealthBoost.lnk
[2014/01/19 15:23:33 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/01/19 15:21:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/01/19 15:20:55 | 000,002,564 | ---- | C] () -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/01/19 15:20:36 | 000,001,324 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-updater.job
[2014/01/19 15:20:34 | 000,001,150 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-enabler.job
[2014/01/19 15:20:32 | 000,001,278 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-codedownloader.job
[2014/01/19 15:20:29 | 000,002,032 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-firefoxinstaller.job
[2014/01/19 15:20:27 | 000,002,110 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-chromeinstaller.job
[2014/01/19 15:18:13 | 000,000,492 | ---- | C] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2014/01/19 15:18:09 | 000,000,892 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Helper 360.lnk
[2014/01/19 15:18:09 | 000,000,480 | ---- | C] () -- C:\Windows\tasks\PC Helper 360 Startup.job
[2014/01/19 15:18:09 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\Foresight Software Update3.job
[2014/01/19 15:18:09 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\PC Helper 360.job
[2014/01/19 15:16:34 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/01/19 15:16:33 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/01/19 15:16:05 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
[2014/01/19 15:15:37 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/01/19 15:15:37 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/01/19 15:15:31 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/01/19 15:15:28 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2014/01/19 15:15:18 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
[2014/01/19 15:15:13 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2014/01/19 15:13:33 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC Maintenance.job
[2014/01/19 15:13:33 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC Startup.job
[2014/01/19 15:13:31 | 000,001,189 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2014/01/19 15:13:31 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2014/01/19 15:13:30 | 000,001,097 | ---- | C] () -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/19 15:12:39 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\FlvPlayer.lnk
[2014/01/19 13:50:22 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\Show-Password Update.job
[2014/01/19 13:13:45 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare TunesGo.lnk
[2014/01/19 12:57:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/01/19 12:51:31 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
[2013/12/24 04:03:12 | 000,000,905 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.lnk
[2013/12/22 01:44:52 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Tool.lnk
[2013/12/21 19:50:35 | 000,002,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
[2013/12/21 19:50:35 | 000,002,193 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare MobileGo for Android.lnk
[2013/12/21 19:50:35 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare MobileGo for Android.lnk
[2013/12/21 19:38:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_wsadb_01007.Wdf
[2013/12/21 19:33:25 | 000,002,157 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare MobileTrans.lnk
[2013/12/18 19:56:20 | 000,000,486 | ---- | C] () -- C:\Windows\DEMO.INI
[2013/12/12 21:39:48 | 000,256,499 | ---- | C] () -- C:\ProgramData\1386908712.bdinstall.bin
[2013/11/03 00:33:10 | 000,583,385 | ---- | C] () -- C:\ProgramData\1383463688.bdinstall.bin
[2013/10/11 01:48:33 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013/10/08 12:24:18 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/10/08 09:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 06:39:08 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 06:39:08 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/10/08 05:56:12 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/10/08 05:56:12 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/07/06 03:35:05 | 000,000,122 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 22:49:43 | 000,000,540 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/04/12 02:39:21 | 000,814,980 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/14 23:49:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/14 23:49:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/14 23:49:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/14 23:49:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/14 23:49:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/24 22:29:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/02/16 23:13:45 | 000,000,994 | ---- | C] () -- C:\Windows\winamp.ini
[2012/12/31 03:15:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/12/30 12:11:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/12/30 12:11:16 | 000,018,832 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/11 16:52:02 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Acronis
[2013/12/22 02:23:59 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Audacity
[2014/01/19 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\DriverCure
[2013/12/12 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ESET
[2014/01/14 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\FileZilla
[2014/01/19 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foresight Software
[2013/10/08 12:24:32 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foxit Software
[2013/11/20 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\HandBrake
[2013/01/30 12:53:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Hard Disk Sentinel
[2013/07/06 15:26:17 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ImgBurn
[2013/11/27 00:18:51 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Litecoin
[2013/06/10 20:50:18 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\LockHunter
[2013/12/24 04:05:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Mael
[2013/01/31 23:45:50 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\MotioninJoy
[2013/03/21 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Motorola
[2013/03/18 22:12:40 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Motorola Mobility
[2014/01/19 15:21:14 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\newnext.me
[2013/10/23 10:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Notepad++
[2014/01/19 15:20:43 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Optimizer Pro
[2013/03/14 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\QuickScan
[2013/06/25 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\redsn0w
[2014/01/19 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\systweak
[2013/10/24 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\TeamViewer
[2013/08/30 22:10:58 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\TeraCopy
[2013/10/23 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Thunderbird
[2014/01/19 15:13:28 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Uniblue
[2013/08/18 23:25:46 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Unity
[2014/01/19 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\USTechSupport
[2014/01/19 15:34:42 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\uTorrent
[2014/01/19 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\VOPackage
[2013/06/07 02:10:21 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\WindSolutions
[2014/01/19 13:13:44 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Wondershare

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 466 bytes -> C:\ProgramData\TEMP:9A870F8B
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:F8D65F32
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9638A27E

< End of report >

#2
godawgs

Posted 19 January 2014 - 10:52 PM

Teacher

Retired Staff
8,228 posts

Hello 314, :wave:

Welcome back to the forums!
:welcome:

. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Our diagnostic tools are designed to be run from the drive with the Windows operating system on it. In this case the C:\ drive.
We need to remove OTL from the D:\ drive and install a copy to the C:\ drive. Then get new scans.

OTL Cleanup
1. Please re-open Posted Image

on your desktop.

Be sure all other programs are closed as this step will require a reboot.
Click on
You will be prompted to reboot your system. Please do so.

The above process will remove OTL.

Step-1.

Posted Image

OTL Custom Scan

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
rpcss.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C

2. Open

on the desktop. To do that:

Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

You will see a console like the one below:
Click the box beside Scan All Users at the top of the console
Click the box beside Include 64bit Scans at the top of the console.
Make sure the Output box at the top is set to Standard Output.
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the desktop. These files are also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of these files and paste them into your reply.

Step-2.

Run aswMBR

Download aswMBR.exe to your desktop.
Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Be sure the A/V Scan: is set to QuickScan
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The new OTL.txt log
2. The new Extras.txt log
3. The aswMBR log

#3
314

Posted 19 January 2014 - 11:38 PM

Member

Topic Starter
Member
65 posts

OTL logfile created on: 1/19/2014 10:26:35 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 21.36% Memory free
15.89 Gb Paging File | 8.60 Gb Available in Paging File | 54.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 34.62 Gb Free Space | 31.00% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 523.24 Gb Free Space | 37.45% Space Free | Partition Type: NTFS
Drive F: | 2.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 1863.01 Gb Total Space | 436.62 Gb Free Space | 23.44% Space Free | Partition Type: NTFS

Computer Name: 314-PC | User Name: 314 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/19 15:27:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
PRC - [2014/01/19 15:20:40 | 000,143,488 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
PRC - [2014/01/13 02:05:26 | 000,326,032 | ---- | M] (Outfox Tv Productions Pty Ltd) -- C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
PRC - [2014/01/11 03:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/09 14:05:54 | 000,311,696 | ---- | M] (Outfox Tv Productions Pty Ltd) -- C:\Program Files\OutfoxTV\OutfoxTvService.exe
PRC - [2014/01/09 08:32:38 | 008,271,216 | ---- | M] () -- C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
PRC - [2014/01/09 01:01:20 | 000,063,168 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\MgAssist.exe
PRC - [2014/01/09 01:01:15 | 000,766,656 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
PRC - [2014/01/07 14:00:22 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/01/07 14:00:20 | 001,815,464 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/01/02 13:33:18 | 003,998,152 | ---- | M] () -- C:\Program Files (x86)\fst_ca_17\fst_ca_17.exe
PRC - [2014/01/02 13:33:18 | 003,153,904 | ---- | M] () -- C:\Users\314\AppData\Local\fst_ca_17\upfst_ca_17.exe
PRC - [2013/12/23 11:40:42 | 006,598,000 | ---- | M] (Systweak) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2013/12/22 14:40:38 | 000,021,024 | ---- | M] (Smartbar) -- C:\Users\314\AppData\Local\Smartbar\Application\SnapDo.exe
PRC - [2013/12/18 11:43:04 | 001,980,416 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/17 03:38:32 | 013,543,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2013/12/17 03:22:10 | 000,199,520 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2013/12/12 19:47:56 | 000,085,600 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/12/03 20:40:30 | 000,103,312 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
PRC - [2013/11/15 23:31:20 | 000,900,440 | ---- | M] (BitTorrent Inc.) -- C:\Users\314\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/11/15 07:50:42 | 001,472,816 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCOSystemCleaner.exe
PRC - [2013/11/15 07:50:40 | 001,520,432 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCOPrivacyProtector.exe
PRC - [2013/11/15 07:50:40 | 001,144,624 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCORegClean.exe
PRC - [2013/11/15 07:50:38 | 000,297,776 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODiskOptimizer.exe
PRC - [2013/11/15 07:50:36 | 011,527,984 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013/07/02 16:18:28 | 000,423,736 | ---- | M] (Smart PC Solutions) -- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2013/02/11 16:51:40 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/01/24 13:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013/01/17 09:48:44 | 000,737,600 | ---- | M] (US Tech Support LLC) -- C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe
PRC - [2012/08/23 01:09:34 | 000,403,328 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/08/23 01:08:50 | 006,010,264 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/07/24 15:13:58 | 000,941,440 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/19 15:20:38 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2014/01/19 15:20:38 | 000,146,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2014/01/19 15:06:20 | 001,153,024 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_ssl.pyd
MOD - [2014/01/19 15:06:20 | 000,811,008 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._windows_.pyd
MOD - [2014/01/19 15:06:20 | 000,805,888 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._gdi_.pyd
MOD - [2014/01/19 15:06:20 | 000,711,680 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_hashlib.pyd
MOD - [2014/01/19 15:06:20 | 000,110,080 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\PyWinTypes27.dll
MOD - [2014/01/19 15:06:20 | 000,087,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_ctypes.pyd
MOD - [2014/01/19 15:06:20 | 000,070,656 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._html2.pyd
MOD - [2014/01/19 15:06:20 | 000,038,912 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32inet.pyd
MOD - [2014/01/19 15:06:20 | 000,035,840 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32process.pyd
MOD - [2014/01/19 15:06:20 | 000,026,624 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_multiprocessing.pyd
MOD - [2014/01/19 15:06:20 | 000,025,600 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32pdh.pyd
MOD - [2014/01/19 15:06:20 | 000,024,064 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32pipe.pyd
MOD - [2014/01/19 15:06:19 | 001,175,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._core_.pyd
MOD - [2014/01/19 15:06:19 | 001,062,400 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._controls_.pyd
MOD - [2014/01/19 15:06:19 | 000,686,080 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\unicodedata.pyd
MOD - [2014/01/19 15:06:19 | 000,557,056 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\pysqlite2._sqlite.pyd
MOD - [2014/01/19 15:06:19 | 000,521,680 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\windows._lib_cacheinvalidation.pyd
MOD - [2014/01/19 15:06:19 | 000,320,512 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32com.shell.shell.pyd
MOD - [2014/01/19 15:06:19 | 000,128,512 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_elementtree.pyd
MOD - [2014/01/19 15:06:19 | 000,127,488 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\pyexpat.pyd
MOD - [2014/01/19 15:06:19 | 000,119,808 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32file.pyd
MOD - [2014/01/19 15:06:19 | 000,108,544 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32security.pyd
MOD - [2014/01/19 15:06:19 | 000,098,816 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32api.pyd
MOD - [2014/01/19 15:06:19 | 000,044,032 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\_socket.pyd
MOD - [2014/01/19 15:06:19 | 000,022,528 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32ts.pyd
MOD - [2014/01/19 15:06:19 | 000,018,432 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32event.pyd
MOD - [2014/01/19 15:06:19 | 000,017,408 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32profile.pyd
MOD - [2014/01/19 15:06:19 | 000,010,240 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\select.pyd
MOD - [2014/01/19 15:06:18 | 000,735,232 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._misc_.pyd
MOD - [2014/01/19 15:06:18 | 000,364,544 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\pythoncom27.dll
MOD - [2014/01/19 15:06:18 | 000,122,368 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\wx._wizard.pyd
MOD - [2014/01/19 15:06:18 | 000,011,264 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI45722\win32crypt.pyd
MOD - [2014/01/11 03:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 03:29:19 | 013,615,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
MOD - [2014/01/11 03:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 03:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 03:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 03:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2014/01/09 08:32:38 | 008,271,216 | ---- | M] () -- C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
MOD - [2014/01/09 01:01:15 | 000,766,656 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MOD - [2014/01/09 00:51:02 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DCR.dll
MOD - [2014/01/09 00:50:47 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\Device.dll
MOD - [2014/01/07 14:00:22 | 001,138,088 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/01/05 20:16:17 | 001,283,584 | ---- | M] () -- C:\Users\314\AppData\Roaming\newnext.me\nengine.dll
MOD - [2014/01/02 13:33:18 | 003,998,152 | ---- | M] () -- C:\Program Files (x86)\fst_ca_17\fst_ca_17.exe
MOD - [2014/01/02 13:33:18 | 003,153,904 | ---- | M] () -- C:\Users\314\AppData\Local\fst_ca_17\upfst_ca_17.exe
MOD - [2013/12/23 11:40:42 | 001,730,928 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\aspsys.dll
MOD - [2013/12/22 14:41:20 | 000,031,264 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srut.dll
MOD - [2013/12/22 14:41:16 | 000,020,512 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srsbs.dll
MOD - [2013/12/22 14:41:14 | 000,014,368 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srpdm.dll
MOD - [2013/12/22 14:41:12 | 000,248,352 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srns.dll
MOD - [2013/12/22 14:41:10 | 000,064,032 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\srau.dll
MOD - [2013/12/22 14:41:08 | 000,048,672 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\sppsm.dll
MOD - [2013/12/22 14:41:06 | 000,055,840 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\spbl.dll
MOD - [2013/12/22 14:40:54 | 000,025,632 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/12/22 14:40:50 | 000,053,280 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/12/22 14:40:48 | 000,112,672 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/12/22 14:40:48 | 000,017,440 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/12/22 14:40:44 | 000,150,560 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/12/22 14:40:42 | 000,057,376 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/12/22 14:40:40 | 002,057,760 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/12/22 14:40:40 | 000,034,848 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/12/22 14:40:40 | 000,014,368 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/12/22 14:40:38 | 000,728,096 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/12/22 14:40:38 | 000,081,952 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/12/22 14:40:34 | 000,013,344 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\siem.dll
MOD - [2013/12/22 14:40:32 | 000,193,056 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\sgmu.dll
MOD - [2013/12/22 14:40:32 | 000,014,368 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\sgml.dll
MOD - [2013/12/22 14:39:42 | 000,048,160 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013/12/22 14:39:32 | 000,170,016 | ---- | M] () -- C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
MOD - [2013/12/22 14:39:28 | 000,068,640 | ---- | M] () -- C:\Users\314\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
MOD - [2013/12/12 15:19:40 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2013/12/12 15:04:18 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/12/12 15:04:14 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/11/15 07:50:36 | 000,568,520 | ---- | M] () -- C:\Program Files (x86)\USTechSupport\PC Optimizer\sqlite3.dll
MOD - [2013/11/15 07:50:30 | 000,325,936 | ---- | M] () -- C:\Program Files (x86)\USTechSupport\PC Optimizer\asohtm.dll
MOD - [2013/11/04 18:12:06 | 000,890,592 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-52.dll
MOD - [2013/10/31 16:06:54 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/31 15:25:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/31 15:25:43 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0a7b20934d7587787e7dae923d1614f4\System.Deployment.ni.dll
MOD - [2013/10/31 15:25:31 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/29 14:08:06 | 002,869,720 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
MOD - [2013/10/13 09:22:18 | 000,048,128 | ---- | M] () -- C:\Program Files (x86)\PC HealthBoost\libEGL.dll
MOD - [2013/10/13 09:22:06 | 000,728,576 | ---- | M] () -- C:\Program Files (x86)\PC HealthBoost\libGLESv2.dll
MOD - [2013/09/12 13:44:27 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll
MOD - [2013/09/12 13:44:25 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/08/18 18:48:38 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/18 18:48:08 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/08/18 18:00:07 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/18 17:59:54 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/18 17:59:54 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/18 17:59:53 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\5b239b4d0f9c334efdd06d399b4a9ba6\System.Data.ni.dll
MOD - [2013/08/18 17:59:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/18 17:59:10 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/18 17:59:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/18 17:58:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2013/06/15 09:34:40 | 000,833,024 | ---- | M] () -- C:\Program Files (x86)\PC HealthBoost\platforms\qwindows.dll
MOD - [2013/06/15 09:34:24 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\PC HealthBoost\imageformats\qgif.dll
MOD - [2013/06/15 09:34:24 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\PC HealthBoost\imageformats\qico.dll
MOD - [2013/06/14 16:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 16:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 16:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/23 00:32:28 | 001,525,120 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
MOD - [2012/07/25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
MOD - [2012/07/25 12:03:12 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\unrar.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 20:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/01/09 14:05:54 | 000,311,696 | ---- | M] (Outfox Tv Productions Pty Ltd) [Auto | Running] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV:64bit: - [2013/11/26 02:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/21 06:00:46 | 001,140,848 | ---- | M] (Paramount Software UK Ltd) [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV:64bit: - [2013/10/08 05:52:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/08/09 19:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/01/19 15:20:40 | 000,143,488 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe -- (70e6ca8c)
SRV - [2014/01/09 01:01:20 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobogenie\MgAssist.exe -- (MgAssistService)
SRV - [2014/01/07 14:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/07 10:43:12 | 000,123,384 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/11/15 07:50:38 | 000,283,952 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) [Auto | Running] -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe -- (USTSPCODiskOptimizer)
SRV - [2013/10/10 06:57:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 09:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013/09/19 15:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/21 11:24:12 | 000,222,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
SRV - [2013/02/28 18:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/02/11 16:51:40 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/01/24 13:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/17 09:48:44 | 000,737,600 | ---- | M] (US Tech Support LLC) [Auto | Running] -- C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe -- (USTSScheduler)
SRV - [2012/10/11 15:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/08/23 01:11:48 | 001,126,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/28 15:16:54 | 000,128,640 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/05/17 00:25:20 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/08 06:58:42 | 012,534,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/10/08 05:27:46 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/17 15:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/09/17 15:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/09/17 15:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013/09/17 15:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/09/17 15:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013/08/09 19:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 19:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/05 01:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/07/04 14:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/26 01:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/02/26 01:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/02/26 01:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/02/26 01:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/02/26 01:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013/02/11 16:51:40 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/02/11 16:51:39 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/02/11 16:51:39 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/02/11 16:51:38 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/02/11 16:51:38 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013/02/11 16:51:36 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/02/11 16:51:36 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/02/08 00:21:19 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/01/31 23:47:52 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 13:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 13:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/11 15:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/10/11 15:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/28 15:17:28 | 000,551,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/06/28 15:17:24 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/06/28 15:17:24 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/06/28 15:17:24 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/06/28 15:17:24 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/06/28 15:17:22 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/06/28 15:17:22 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/06/28 15:17:22 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/06/14 01:23:12 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/02/23 19:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/25 15:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/05/25 15:59:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/05/25 15:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/04/27 10:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/27 10:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/27 10:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/11/24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/09/15 03:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/29 03:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV:64bit: - [1999/12/31 17:00:00 | 000,553,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2013/12/18 19:50:29 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/11/20 13:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=19/01/2014
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://feed.snapdo.com/?publisher= [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.outfox.tv?referid=176
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 E3 CD 57 41 03 CE 01 [binary data]
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\314\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\314\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\314\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/01/14 23:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/12/12 22:05:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{f1d02156-7557-4942-96ce-a3bf730e8941}: C:\Program Files (x86)\Show-Password\150.xpi [2014/01/19 15:04:25 | 000,008,505 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/10/23 13:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\314\AppData\Roaming\Mozilla\Extensions
[2013/03/13 16:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=19/01/2014
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://feed.snapdo.c...Date=19/01/2014
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Snap.Do = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Google Drive = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Video Downloader professional = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.38_0\
CHR - Extension: Feven 1.8 = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhnbkenepdnmckmkdfeaoabboadnodnc\1.26.27_0\crossrider
CHR - Extension: Feven 1.8 = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhnbkenepdnmckmkdfeaoabboadnodnc\1.26.27_0\
CHR - Extension: FVD Downloader = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: Show-Password = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg\1.150_0\
CHR - Extension: LogMeIn = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1029_0\
CHR - Extension: Google Wallet = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Amazon 1Button App for Chrome = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\4.2013.1203.0_0\

O1 HOSTS File: ([2013/03/15 11:19:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Feven 1.8) - {11111111-1111-1111-1111-110411901104} - C:\Program Files (x86)\Feven 1.8\Feven 1.8-bho64.dll (Feven)
O2:64bit: - BHO: (The Amazon 1Button App for IE) - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll (Amazon Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Feven 1.8) - {11111111-1111-1111-1111-110411901104} - C:\Program Files (x86)\Feven 1.8\Feven 1.8-bho.dll (Feven)
O2 - BHO: (The Amazon 1Button App for IE) - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Show-Password) - {e200b27e-bb19-4276-8da0-e1e690639278} - C:\Program Files (x86)\Show-Password\150.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [fst_ca_17] C:\Program Files (x86)\fst_ca_17\fst_ca_17.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Browser Infrastructure Helper] C:\Users\314\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [GoogleChromeAutoLaunch_5C49AA91341C41418C8C4F5BFCF76462] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [NextLive] C:\Users\314\AppData\Roaming\newnext.me\nengine.dll ()
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe ()
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe (Outfox Tv Productions Pty Ltd)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [PC Speed Maximizer] C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe (Smart PC Solutions)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [uTorrent] C:\Users\314\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\RunOnce: [upfst_ca_17.exe] C:\Users\314\AppData\Local\fst_ca_17\upfst_ca_17.exe ()
O4 - Startup: C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36ACD0DB-866F-4DC4-9394-7CA78F81EA2F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFA1A9B-A46C-416E-8739-AABF8642AE12}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D5944C-622D-47DB-8AAA-CAF5CCF1D24B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL) - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\amazon\amazon~1\\amazon~3.dll) - c:\progra~2\amazon\amazon~1\\amazon~3.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/19 15:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
[2014/01/19 15:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC HealthBoost
[2014/01/19 15:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BoostSoftware
[2014/01/19 15:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/01/19 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\PC_Drivers_Headquarters
[2014/01/19 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/01/19 15:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/01/19 15:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/01/19 15:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2014/01/19 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\newplayer
[2014/01/19 15:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
[2014/01/19 15:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewPlayer
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\newnext.me
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- E:\Documents\Mobogenie
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Mobogenie
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\genienext
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\cache
[2014/01/19 15:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2014/01/19 15:20:44 | 000,000,000 | ---D | C] -- E:\Documents\Optimizer Pro
[2014/01/19 15:20:43 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Optimizer Pro
[2014/01/19 15:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/01/19 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\VOPackage
[2014/01/19 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/01/19 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Smartbar
[2014/01/19 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\fst_ca_17
[2014/01/19 15:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fst_ca_17
[2014/01/19 15:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
[2014/01/19 15:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.8
[2014/01/19 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Foresight Software
[2014/01/19 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\DriverCure
[2014/01/19 15:18:09 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Foresight Software
[2014/01/19 15:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2014/01/19 15:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Foresight Software
[2014/01/19 15:16:42 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Amazon Browser Bar
[2014/01/19 15:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/01/19 15:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/01/19 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2014/01/19 15:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2014/01/19 15:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/01/19 15:15:31 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\systweak
[2014/01/19 15:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/01/19 15:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2014/01/19 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\USTechSupport
[2014/01/19 15:15:20 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/01/19 15:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC
[2014/01/19 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USTechSupport
[2014/01/19 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\USTechSupport
[2014/01/19 15:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\USTechSupport
[2014/01/19 15:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2014/01/19 15:13:30 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/01/19 15:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/01/19 15:13:28 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Uniblue
[2014/01/19 15:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2014/01/19 15:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
[2014/01/19 15:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlvPlayer
[2014/01/19 15:06:27 | 000,000,000 | R--D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/01/19 15:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2014/01/19 15:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
[2014/01/19 15:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Show-Password
[2014/01/19 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2014/01/19 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\FilesFrog Update Checker
[2014/01/19 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\libimobiledevice
[2014/01/19 13:50:24 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OutfoxTV
[2014/01/19 13:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\OutfoxTV
[2014/01/19 13:20:12 | 000,000,000 | ---D | C] -- E:\Documents\Wondershare
[2014/01/19 13:09:30 | 000,000,000 | ---D | C] -- E:\Documents\Wondershare Dr.Fone for iOS
[2014/01/19 12:57:43 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Apple Computer
[2014/01/19 12:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/19 12:57:37 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/01/19 12:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/19 12:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/19 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/19 12:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/01/19 12:57:01 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Apple
[2014/01/19 12:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/01/19 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/19 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/01/19 12:51:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2014/01/19 12:51:31 | 000,091,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devcon.exe
[2014/01/19 12:51:30 | 000,076,384 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2014/01/19 12:51:30 | 000,052,832 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\drivers\libusb0.sys
[2014/01/19 12:51:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Dr.Fone_Temp
[2014/01/19 12:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2014/01/14 15:20:24 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/14 15:20:24 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/14 15:20:22 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/12/24 04:05:25 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Mael
[2013/12/24 04:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[2013/12/24 04:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD
[2013/12/23 23:27:49 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2013/12/23 23:27:49 | 000,036,328 | ---- | C] (Google Inc) -- C:\Windows\SysNative\drivers\ssadadb.sys
[2013/12/23 23:27:49 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2013/12/23 23:27:49 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2013/12/23 23:27:49 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2013/12/23 23:27:32 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2013/12/23 23:27:32 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2013/12/23 23:27:32 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2013/12/23 23:27:32 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2013/12/23 23:27:32 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2013/12/23 23:27:32 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2013/12/23 23:27:32 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2013/12/23 23:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/12/23 23:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/12/23 00:25:12 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\BetterDS3
[2013/12/22 01:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z3X
[2013/12/21 19:37:43 | 001,489,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2013/12/21 19:37:43 | 000,040,736 | ---- | C] (Google Inc) -- C:\Windows\SysNative\drivers\wsadb.sys
[2013/12/21 19:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2013/12/21 19:33:23 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Wondershare
[2013/12/21 19:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2013/12/21 19:33:22 | 000,000,000 | ---D | C] -- C:\Users\314\.android
[2013/12/21 19:27:18 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Wondershare
[2013/12/21 19:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/19 22:30:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/19 22:00:00 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Maintenance.job
[2014/01/19 21:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000UA.job
[2014/01/19 21:25:00 | 000,002,110 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-chromeinstaller.job
[2014/01/19 21:20:01 | 000,002,032 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-firefoxinstaller.job
[2014/01/19 21:20:01 | 000,001,324 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-updater.job
[2014/01/19 21:20:00 | 000,001,278 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-codedownloader.job
[2014/01/19 21:20:00 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-enabler.job
[2014/01/19 20:30:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/19 18:00:08 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2014/01/19 15:25:48 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\PC HealthBoost.lnk
[2014/01/19 15:23:33 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/01/19 15:21:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/01/19 15:18:09 | 000,000,892 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Helper 360.lnk
[2014/01/19 15:18:09 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\PC Helper 360 Startup.job
[2014/01/19 15:18:09 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\Foresight Software Update3.job
[2014/01/19 15:18:09 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Helper 360.job
[2014/01/19 15:16:34 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/01/19 15:15:39 | 000,001,097 | ---- | M] () -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/19 15:15:37 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/01/19 15:15:37 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/01/19 15:15:31 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/01/19 15:15:28 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2014/01/19 15:15:18 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
[2014/01/19 15:15:13 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2014/01/19 15:13:33 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Startup.job
[2014/01/19 15:13:31 | 000,001,189 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2014/01/19 15:13:31 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2014/01/19 15:13:06 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 15:13:06 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/19 15:12:39 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\FlvPlayer.lnk
[2014/01/19 15:11:52 | 000,822,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/19 15:11:52 | 000,693,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/19 15:11:52 | 000,130,852 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/19 15:06:31 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Show-Password Update.job
[2014/01/19 15:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/19 13:13:45 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare TunesGo.lnk
[2014/01/19 13:03:53 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
[2014/01/19 10:32:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000Core.job
[2014/01/14 23:59:31 | 000,271,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/14 10:59:07 | 000,000,947 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/01/03 13:16:30 | 000,020,312 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/12/24 04:03:12 | 000,000,905 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.lnk
[2013/12/22 01:50:08 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Tool.lnk
[2013/12/21 19:50:35 | 000,002,236 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
[2013/12/21 19:50:35 | 000,002,193 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare MobileGo for Android.lnk
[2013/12/21 19:50:35 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare MobileGo for Android.lnk
[2013/12/21 19:38:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_wsadb_01007.Wdf
[2013/12/21 19:37:43 | 001,489,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2013/12/21 19:37:43 | 000,040,736 | ---- | M] (Google Inc) -- C:\Windows\SysNative\drivers\wsadb.sys
[2013/12/21 19:33:25 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare MobileTrans.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/19 15:25:48 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\PC HealthBoost.lnk
[2014/01/19 15:23:33 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/01/19 15:21:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/01/19 15:20:55 | 000,002,564 | ---- | C] () -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/01/19 15:20:36 | 000,001,324 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-updater.job
[2014/01/19 15:20:34 | 000,001,150 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-enabler.job
[2014/01/19 15:20:32 | 000,001,278 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-codedownloader.job
[2014/01/19 15:20:29 | 000,002,032 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-firefoxinstaller.job
[2014/01/19 15:20:27 | 000,002,110 | ---- | C] () -- C:\Windows\tasks\Feven 1.8-chromeinstaller.job
[2014/01/19 15:18:13 | 000,000,492 | ---- | C] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2014/01/19 15:18:09 | 000,000,892 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Helper 360.lnk
[2014/01/19 15:18:09 | 000,000,480 | ---- | C] () -- C:\Windows\tasks\PC Helper 360 Startup.job
[2014/01/19 15:18:09 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\Foresight Software Update3.job
[2014/01/19 15:18:09 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\PC Helper 360.job
[2014/01/19 15:16:34 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/01/19 15:16:33 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/01/19 15:16:05 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
[2014/01/19 15:15:37 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/01/19 15:15:37 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/01/19 15:15:31 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/01/19 15:15:28 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2014/01/19 15:15:18 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
[2014/01/19 15:15:13 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2014/01/19 15:13:33 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC Maintenance.job
[2014/01/19 15:13:33 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC Startup.job
[2014/01/19 15:13:31 | 000,001,189 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2014/01/19 15:13:31 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2014/01/19 15:13:30 | 000,001,097 | ---- | C] () -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/19 15:12:39 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\FlvPlayer.lnk
[2014/01/19 13:50:22 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\Show-Password Update.job
[2014/01/19 13:13:45 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare TunesGo.lnk
[2014/01/19 12:57:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/01/19 12:51:31 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
[2013/12/24 04:03:12 | 000,000,905 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.lnk
[2013/12/22 01:44:52 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Tool.lnk
[2013/12/21 19:50:35 | 000,002,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
[2013/12/21 19:50:35 | 000,002,193 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare MobileGo for Android.lnk
[2013/12/21 19:50:35 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare MobileGo for Android.lnk
[2013/12/21 19:38:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_wsadb_01007.Wdf
[2013/12/21 19:33:25 | 000,002,157 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare MobileTrans.lnk
[2013/12/18 19:56:20 | 000,000,486 | ---- | C] () -- C:\Windows\DEMO.INI
[2013/12/12 21:39:48 | 000,256,499 | ---- | C] () -- C:\ProgramData\1386908712.bdinstall.bin
[2013/11/03 00:33:10 | 000,583,385 | ---- | C] () -- C:\ProgramData\1383463688.bdinstall.bin
[2013/10/11 01:48:33 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013/10/08 12:24:18 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/10/08 09:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 06:39:08 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 06:39:08 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/10/08 05:56:12 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/10/08 05:56:12 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/07/06 03:35:05 | 000,000,122 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 22:49:43 | 000,000,540 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/04/12 02:39:21 | 000,814,980 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/14 23:49:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/14 23:49:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/14 23:49:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/14 23:49:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/14 23:49:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/24 22:29:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/02/16 23:13:45 | 000,000,994 | ---- | C] () -- C:\Windows\winamp.ini
[2012/12/31 03:15:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/12/30 12:11:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/12/30 12:11:16 | 000,018,832 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/11 16:52:02 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Acronis
[2013/12/22 02:23:59 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Audacity
[2014/01/19 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\DriverCure
[2013/12/12 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ESET
[2014/01/14 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\FileZilla
[2014/01/19 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foresight Software
[2013/10/08 12:24:32 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foxit Software
[2013/11/20 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\HandBrake
[2013/01/30 12:53:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Hard Disk Sentinel
[2013/07/06 15:26:17 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ImgBurn
[2013/11/27 00:18:51 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Litecoin
[2013/06/10 20:50:18 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\LockHunter
[2013/12/24 04:05:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Mael
[2013/01/31 23:45:50 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\MotioninJoy
[2013/03/21 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Motorola
[2013/03/18 22:12:40 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Motorola Mobility
[2014/01/19 21:21:32 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\newnext.me
[2013/10/23 10:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Notepad++
[2014/01/19 15:20:43 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Optimizer Pro
[2013/03/14 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\QuickScan
[2013/06/25 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\redsn0w
[2014/01/19 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\systweak
[2013/10/24 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\TeamViewer
[2013/08/30 22:10:58 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\TeraCopy
[2013/10/23 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Thunderbird
[2014/01/19 15:13:28 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Uniblue
[2013/08/18 23:25:46 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Unity
[2014/01/19 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\USTechSupport
[2014/01/19 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\uTorrent
[2014/01/19 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\VOPackage
[2013/06/07 02:10:21 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\WindSolutions
[2014/01/19 13:13:44 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Wondershare

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 20:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 20:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: RPCSS.DLL >
[2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
[2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 3018-4C70
Directory of C:\
07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\314
12/30/2012 12:05 PM <JUNCTION> Application Data [C:\Users\314\AppData\Roaming]
12/30/2012 12:05 PM <JUNCTION> Cookies [C:\Users\314\AppData\Roaming\Microsoft\Windows\Cookies]
12/30/2012 12:05 PM <JUNCTION> Local Settings [C:\Users\314\AppData\Local]
12/30/2012 12:05 PM <JUNCTION> My Documents [C:\Users\314\Documents]
12/30/2012 12:05 PM <JUNCTION> NetHood [C:\Users\314\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/30/2012 12:05 PM <JUNCTION> PrintHood [C:\Users\314\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/30/2012 12:05 PM <JUNCTION> Recent [C:\Users\314\AppData\Roaming\Microsoft\Windows\Recent]
12/30/2012 12:05 PM <JUNCTION> SendTo [C:\Users\314\AppData\Roaming\Microsoft\Windows\SendTo]
12/30/2012 12:05 PM <JUNCTION> Start Menu [C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu]
12/30/2012 12:05 PM <JUNCTION> Templates [C:\Users\314\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\314\AppData\Local
12/30/2012 12:05 PM <JUNCTION> Application Data [C:\Users\314\AppData\Local]
12/30/2012 12:05 PM <JUNCTION> History [C:\Users\314\AppData\Local\Microsoft\Windows\History]
12/30/2012 12:05 PM <JUNCTION> Temporary Internet Files [C:\Users\314\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool
02/13/2013 02:30 AM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Roaming]
02/13/2013 02:30 AM <JUNCTION> Cookies [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Cookies]
02/13/2013 02:30 AM <JUNCTION> Local Settings [C:\Users\DefaultAppPool\AppData\Local]
02/13/2013 02:30 AM <JUNCTION> My Documents [C:\Users\DefaultAppPool\Documents]
02/13/2013 02:30 AM <JUNCTION> NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/13/2013 02:30 AM <JUNCTION> PrintHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/13/2013 02:30 AM <JUNCTION> Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent]
02/13/2013 02:30 AM <JUNCTION> SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]
02/13/2013 02:30 AM <JUNCTION> Start Menu [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
02/13/2013 02:30 AM <JUNCTION> Templates [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\AppData\Local
02/13/2013 02:30 AM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Local]
02/13/2013 02:30 AM <JUNCTION> History [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History]
02/13/2013 02:30 AM <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\Documents
02/13/2013 02:30 AM <JUNCTION> My Music [C:\Users\DefaultAppPool\Music]
02/13/2013 02:30 AM <JUNCTION> My Pictures [C:\Users\DefaultAppPool\Pictures]
02/13/2013 02:30 AM <JUNCTION> My Videos [C:\Users\DefaultAppPool\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
03/13/2013 02:03 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/13/2013 02:03 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/13/2013 02:03 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
03/13/2013 02:03 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/13/2013 02:03 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/13/2013 02:03 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/13/2013 02:03 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/13/2013 02:03 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/13/2013 02:03 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
03/13/2013 02:03 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/13/2013 02:03 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/13/2013 02:03 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
03/13/2013 02:03 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
03/13/2013 02:03 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
03/13/2013 02:03 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
03/13/2013 02:03 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/13/2013 02:03 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/13/2013 02:03 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
03/13/2013 02:03 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/13/2013 02:03 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/13/2013 02:03 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/13/2013 02:03 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/13/2013 02:03 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/13/2013 02:03 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
03/13/2013 02:03 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/13/2013 02:03 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/13/2013 02:03 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
03/13/2013 02:03 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
03/13/2013 02:03 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
03/13/2013 02:03 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
92 Dir(s) 37,529,673,728 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 466 bytes -> C:\ProgramData\TEMP:9A870F8B
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:F8D65F32
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9638A27E

< End of report >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no extras.txt file was created
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-19 22:37:23
-----------------------------
22:37:23.764 OS Version: Windows x64 6.1.7601 Service Pack 1
22:37:23.764 Number of processors: 6 586 0x102
22:37:23.765 ComputerName: 314-PC UserName: 314
22:37:24.086 Initialize success
22:37:31.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:37:31.615 Disk 0 Vendor: OCZ-VERTEX3 2.22 Size: 114473MB BusType: 11
22:37:31.617 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
22:37:31.618 Disk 1 Vendor: ST1500DL003-9VT16L CC32 Size: 1430799MB BusType: 11
22:37:31.621 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
22:37:31.623 Disk 2 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476940MB BusType: 11
22:37:31.631 Disk 0 MBR read successfully
22:37:31.634 Disk 0 MBR scan
22:37:31.636 Disk 0 unknown MBR code
22:37:31.638 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:37:31.641 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
22:37:31.649 Disk 0 scanning C:\Windows\system32\drivers
22:37:32.964 Service scanning
22:37:35.761 Modules scanning
22:37:35.768 Disk 0 trace - called modules:
22:37:35.775 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vidsflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:37:35.780 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800757a060]
22:37:35.784 3 CLASSPNP.SYS[fffff880019c343f] -> nt!IofCallDriver -> [0xfffffa80074a38d0]
22:37:35.787 5 vidsflt.sys[fffff88000e235cd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006e42680]
22:37:35.791 Scan finished successfully
22:37:49.909 Disk 0 MBR has been saved successfully to "E:\Desktop\MBR.dat"
22:37:49.915 The log file has been saved successfully to "E:\Desktop\aswMBR.txt"

thank you again for your time

#4
godawgs

Posted 20 January 2014 - 01:22 AM

Teacher

Retired Staff
8,228 posts

thank you again for your time

You are welcome.

Have you moved the desktop from the C:\ drive to the E:\ drive? OTL is still running from the E:\Desktop folder.

#5
314

Posted 20 January 2014 - 01:35 AM

Member

Topic Starter
Member
65 posts

Yes i have. C:\ is my ssd. My E:\ is my standard data drive

#6
godawgs

Posted 20 January 2014 - 01:44 AM

Teacher

Retired Staff
8,228 posts

OK. We'll see what we can do from there. I need an Extras.txt log. OTL only generates that log the first time if is run. So let's force it to give us the log.

Posted Image

OTL Scan

Please re-open Posted Image

on the desktop. To do that:

Vista /7 users: right click the icon and click Run as Administrator.

Make sure all other windows are closed .

You will see a console like the one below:
At the top of the console click the greyed out None button<---Important
At the top of the console, click the box beside Scan All Users and Include 64bit Scans
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section click the radio button beside Use Safelist.<---Important (This is what will give us the Extras.txt log)
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open two notepad windows, OTL.Txt on the desktop and Extras.Txt willbe minimized on the taskbar. These are saved in the same location as OTL.
I don't need the OTL.txt log so close it out and open the Extras.txt log and post it in your next reply.

Once I have the Extras.txt log we'll take it from there

#7
314

Posted 20 January 2014 - 02:00 AM

Member

Topic Starter
Member
65 posts

OTL Extras logfile created on: 1/20/2014 12:58:54 AM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 18.47% Memory free
15.89 Gb Paging File | 8.30 Gb Available in Paging File | 52.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 34.81 Gb Free Space | 31.17% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 523.24 Gb Free Space | 37.45% Space Free | Partition Type: NTFS
Drive F: | 2.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 1863.01 Gb Total Space | 436.62 Gb Free Space | 23.44% Space Free | Partition Type: NTFS

Computer Name: 314-PC | User Name: 314 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{150841C6-BFBD-4550-B1CF-41EED86C9459}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{187D659E-840F-48BA-8658-CFD0533448EC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1A7D707E-01CE-4592-88AA-25768DBDD51B}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B7E01EC-4DCB-4EB8-AF26-2F0E5258B90B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25D7A3EF-5FC0-4DB9-A7A4-0E9A3F126F85}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E803BD8-2FD3-4921-AA58-65BB01E6249B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{331F9F18-DA63-423A-8FFC-5967041FEC94}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{55855854-A372-44F4-94AA-6104FA36537D}" = rport=445 | protocol=6 | dir=out | app=system |
"{5AD6328B-5ED9-4648-9E1A-0144ACFA3528}" = lport=445 | protocol=6 | dir=in | app=system |
"{6DD41490-D6A3-47F7-9910-8AABF5F06FD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FC6E425-CEC8-42EE-89B0-2A662313353A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76F3118D-C303-4B54-81F4-0C197C9B8247}" = rport=137 | protocol=17 | dir=out | app=system |
"{7A0BD0E1-AAC6-4071-BA49-A4BF0C0A69B0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{850EBA82-9704-46BF-982E-DEC733D65DC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9D516DA-3F28-44E8-996B-1550247801A2}" = lport=139 | protocol=6 | dir=in | app=system |
"{C4C05879-A3BD-4B24-B2F2-5BD2EF14A1B3}" = lport=137 | protocol=17 | dir=in | app=system |
"{C4EAB0F9-3C7F-4890-8228-8E5E1F3CF078}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D2BB8D44-5259-4F58-BBB0-824F29CD09FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7096FBF-CBCD-4463-9814-2AB232D072F6}" = lport=138 | protocol=17 | dir=in | app=system |
"{FEC54D57-86FA-4BE0-9F8D-3B0D49DAB758}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF5B28F1-735F-4890-BDDA-3F8B9B5E99FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023BCDA5-C577-47D4-B66B-C62C5684961A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{0627207B-A1C1-4122-B7C5-1CC6198FE417}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{083BA7B1-1006-4211-AE93-9EFBF85073C4}" = protocol=1 | dir=in | [email protected],-28543 |
"{1158BF9A-F7AC-424A-A3E5-3951CE240AAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{194E699C-1A8F-445F-9FE4-4E329456BFDA}" = protocol=17 | dir=in | app=e:\steamlibrary\steamapps\common\ridge racer driftopia\ridge racer driftopia_46358301.exe |
"{1ED155DB-E60A-42F4-8D96-FB9AFD01F88C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{1F01121D-7150-4AA8-9917-0993B05C25B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21D3F4B7-23A6-43ED-8DFF-8D423826AE26}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{267D6D41-35C4-486F-A32F-B8475476F46F}" = protocol=17 | dir=in | app=c:\users\314\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{27AF8D01-91E8-4A64-A661-092E1FFE38D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{290FC5C4-50E8-4441-B7B0-9D94AFFE6686}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{296CA3B9-830B-4E49-B0A8-06C95F95D254}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{29C3F8C7-290B-4564-BEA9-E4668B23AFD5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{2B328ED7-009F-4592-AA82-C070EDB81A23}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{2D9586F8-A07E-4C10-99D8-A64D0AA95BEE}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\harddisksentinelupdate.exe |
"{36B17B42-1212-4CCE-8565-D4B421D35BC1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{37DE8224-1F38-4C76-837C-6D888B3A3E16}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C2FACB2-0320-4AB0-8A11-A797ECE39A93}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\hdsaction.exe |
"{3DA08DF0-0243-4EBD-9809-594A0AA026E5}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\hdsctrl.exe |
"{3E666D52-137D-46F6-9953-BA5E5483F2E9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{3EF87830-5C6C-475D-8BA0-2E8629002574}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{3FC2DA27-8595-469A-8B23-EEFD7A82AD2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{4309C09A-308A-4E9C-A200-7639A47992E1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{47A76440-4C1A-4666-B4ED-E6EDD100A13E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{49DCC5FC-3802-4A6C-A448-24E497CABEE6}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\hdsentineltray.exe |
"{4B42C839-0A6A-4034-A9FF-AF7781D5BB1A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{4BABC18D-76F9-4ADB-99AB-49FDDB8D9021}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{5565E478-A0A6-4045-8533-29CAC9DADE15}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5588C43F-8547-4F7E-9190-9DB62920C6F3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{55B28BE4-ADC8-47F8-8A34-E4653C3468FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{57CD7A39-8DB5-46B9-96E4-6499611C9FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5A217DC6-887D-4F77-8A0C-5E1E09E0944A}" = protocol=6 | dir=in | app=e:\steamlibrary\steamapps\common\ridge racer driftopia\ridge racer driftopia_46358301.exe |
"{5B9F908C-4674-445E-B3E7-CD44783F9C57}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{5C8ED1C4-E394-4279-8805-F984FEC7B395}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{5ED805D3-3D55-4C41-8620-8B58397B90B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6317F30F-DE0A-4276-8967-1322F8C0DF38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{65D66C00-64CD-4500-9138-4CAA7B199AA3}" = protocol=6 | dir=in | app=c:\users\314\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{665F967A-93B6-453B-AD5B-5D213D69D330}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6716428A-1282-430A-B2FD-6C1B064E4A3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{690920ED-BB2A-4FB6-A722-E092942BA5B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{6F19AA01-A9DF-434F-8637-9930718E9997}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{7B8155AC-A712-42D8-80B7-7FFC85B6A086}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{7BDECAB1-6533-4BB9-A4EE-5299ECF1C4AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{7E978C38-4D49-4617-82E0-B51D086871CF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{7E9C9A00-DDB6-4FED-9D4D-9E59C4522F0A}" = protocol=6 | dir=in | app=c:\users\314\appdata\roaming\utorrent\utorrent.exe |
"{825AF23B-E2CB-4CC7-95AD-00C7422BB151}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B7D5DDB-14DD-49BA-A1F4-0B893DB9AC09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{91525C86-B610-4627-823A-EA0A4C1BCFA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{924FA89B-6A37-45DF-AFED-DD09A7429F8F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{93462D68-BC7C-4FA6-A2AF-DCBBA683798A}" = dir=in | app=en_conquer2.0_5672_p2p.exe |
"{9A24BF32-F408-4249-8BA5-43BE5C550AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{9F348065-F3F1-4C79-BF2A-4EBF76C56C4F}" = protocol=17 | dir=in | app=c:\users\314\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A3DD9A80-47C4-461C-85DD-D4D5172B331E}" = protocol=6 | dir=in | app=c:\users\314\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A527C9F1-07D6-405E-96F4-346B8B4CE847}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6EA2236-5404-4966-AB74-E9AA9211E85D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller [bleep] & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{A9A08E2E-E907-46F4-87F0-CC97AA7CDAD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{AAA2C4D7-8B1C-437B-9985-48985A07B2EA}" = dir=in | app=e:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AB6A192F-4F92-4B15-9ABB-45BBC87EDEED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ACB07F07-1199-4779-B8A0-F8CF01632574}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{AFCEF335-1C71-4D4F-886A-3F7F00216B4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{B1FEA0DC-B92B-4621-A95D-185A882A4ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{B8DBE5E2-D2AA-4448-863E-3A4FF9D516CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BFA5B3F6-6AE0-4B5B-A072-E1C1CAD181B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller [bleep] & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{C151468A-CE50-4671-A045-84EB328E87B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{C2402185-A25B-418F-BC97-115F96A1C976}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7561946-847B-465B-96EB-8ADA31D582DE}" = dir=in | app=e:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{C90C6485-C172-4ACD-AAF5-CC0E50B13B29}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CAACBBAC-5202-4253-B29A-E995B5BEADB6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD724252-47A1-480D-8EF4-7602DFF04FD8}" = protocol=6 | dir=out | app=system |
"{D1042DCE-BD03-4DBD-B9F3-8C5ECF794611}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{D48000A7-3B8E-4A7C-9C1E-DD0CEE13170D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{D9DFE2FD-4979-419C-8CC9-E61921B8B266}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E013F598-39F0-4461-A87C-779EA91040AA}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\hdsentinel.exe |
"{E45698DA-A38C-4981-ACEA-D46CB232AF7F}" = dir=in | app=e:\program files (x86)\itunes\itunes.exe |
"{EA5C1FA3-1A61-4EFF-A6F4-4A2671753B86}" = protocol=58 | dir=in | [email protected],-28545 |
"{F0FF4E47-362D-46F6-B70D-69909C732182}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1C64442-62BA-41E2-ADEF-B5DC1D213966}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{F7124571-60EC-4A53-AD3E-82DD8A0F95E7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F9A2DE3C-0367-44AB-94FC-CADC255C195C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{FA4DB5FA-0C49-416A-A46B-A9A38F20DD81}" = protocol=17 | dir=in | app=c:\users\314\appdata\roaming\utorrent\utorrent.exe |
"{FE516213-6DFA-404B-AB04-948169D4F1B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe |
"{FF368598-BCFB-4B2B-942B-4C98796D7D5E}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{0084E5AE-BAB8-462C-A3C2-461305C3AB84}C:\pxe\binl\binlsrv.exe" = protocol=6 | dir=in | app=c:\pxe\binl\binlsrv.exe |
"TCP Query User{616B1D28-690B-4F19-8CD6-2F36942F242F}C:\users\314\downloads\en_conquer2.0_5672_p2p.exe" = protocol=6 | dir=in | app=c:\users\314\downloads\en_conquer2.0_5672_p2p.exe |
"TCP Query User{B6DF694E-BEBD-489B-95C7-BEC589D70A70}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{DA266034-55EE-4F10-9D02-727F5F717D00}C:\pxe\tftpd32\tftpd32.exe" = protocol=6 | dir=in | app=c:\pxe\tftpd32\tftpd32.exe |
"TCP Query User{F846867A-16A5-4F8B-A558-D803B67C9EBB}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{17CAE1D9-121B-4CF2-8E75-859B734602C4}C:\pxe\binl\binlsrv.exe" = protocol=17 | dir=in | app=c:\pxe\binl\binlsrv.exe |
"UDP Query User{388EAADF-C160-4CE8-B7CF-3A0862FDB079}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{416EBF09-7C36-4E8C-ACB9-C8B39ABF78F0}C:\pxe\tftpd32\tftpd32.exe" = protocol=17 | dir=in | app=c:\pxe\tftpd32\tftpd32.exe |
"UDP Query User{A710945A-C9EF-4AFA-A201-49E2511EAE2C}C:\users\314\downloads\en_conquer2.0_5672_p2p.exe" = protocol=17 | dir=in | app=c:\users\314\downloads\en_conquer2.0_5672_p2p.exe |
"UDP Query User{F33FA70A-3259-4CE2-ADDD-6EAA38880D0C}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0CBA44-B2AB-4028-9545-CBE2BFC560D1}" = AMD APP SDK Developer
"{0FC717D1-25FB-4015-908C-2E9E2124D0FE}" = AMD APP CPU SDK Runtime
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.0000
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41172E4B-FE77-42A8-8E31-F241BFB1C449}" = Macrium Reflect Free Edition
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CC3444D-7279-4E83-984F-18E9A7B2E803}" = Oracle VM VirtualBox 4.2.16
"{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}" = AMD Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7D2019DF-713F-B6ED-8C87-14363B081FB2}" = AMD Drag and Drop Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB933A1-603C-5B22-3D56-19593698C41A}" = AMD Fuel
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ADCB5F9E-EF88-6D61-EE2F-99F51DF1B6EF}" = AMD Media Foundation Decoders
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E57289A3-B314-F00A-F0D0-7CB63E588CFF}" = AMD Accelerated Video Transcoding
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F7C525E7-659A-47F6-A25A-7A63FA10E767}" = ESET Smart Security
"{FEB22B7A-7B05-4A49-3BA3-D24815D37FAE}" = ccc-utility64
"Blender" = Blender
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67.1
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"MacriumReflect" = Macrium Reflect Free Edition
"MyPC Backup" = MyPC Backup
"TeraCopy_is1" = TeraCopy 2.27

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B31C808-8274-460D-8846-C711D40544A0}_is1" = Wondershare TunesGo ( Version 4.0.0 )
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{170236F2-1F88-A116-DA64-3FEED17B9387}" = CCC Help Italian
"{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1" = Wondershare MobileTrans ( Version 3.3.0 )
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo for Android ( Version 4.2.0 )
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2178EDD8-A3A6-50E3-407B-6629EA8E6ECE}" = AMD Catalyst Control Center
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{254006BC-97DE-4C82-A1A1-A2BAD2520083}" = Snap.Do
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{32957F2B-A371-151F-9DA1-7BCA54BA2C71}" = CCC Help Danish
"{3372F3D8-B82F-47F1-8F72-115810568D91}_is1" = Active@ UNDELETE Professional 8.6
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{398004A7-6198-B8AB-443A-D250FFA57446}" = CCC Help Greek
"{3A29665B-2304-A9F7-601D-86340BD29D57}" = CCC Help Korean
"{3F36F1F6-D55E-4C60-A9DD-809FED24CED7}_is1" = Active@ KillDisk 7.5
"{41FD1774-B26D-4E02-A6C7-C3F28DF04953}" = LCARS x32
"{4310E447-8AF3-020C-06D0-CB317D1BC92B}" = CCC Help Spanish
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4734A746-A503-4B8E-A4FA-7B7C84A18D79}" = US Tech Support Framework
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF0CAAC-F479-1673-EE92-03FFB9A05C1A}" = CCC Help English
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5179641A-DC14-3A2E-BD53-480D4136C368}" = Google Talk Plugin
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54AA7C11-54B7-4BD8-84B2-85873B5C7A04}" = Amazon 1Button App
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{597FB4A5-DD86-4316-A410-7E8074CC2CCE}" = Driver Support
"{6670AE0A-83FD-C514-C4EC-51618BEDCF04}" = Catalyst Control Center InstallProxy
"{6AAEB4CB-0573-41ec-89B0-0FE0D5134A8B}_is1" = MyCleanPC PC Optimizer
"{6DD76706-759A-1D77-9D1B-39FFFEC203BE}" = CCC Help Hungarian
"{6DF3C5B5-AEA5-198E-289C-CAADC4A17C04}" = CCC Help Dutch
"{6F9B3984-08EB-19EE-5E93-E79FD0854596}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5E940E-017E-47F8-9D0D-62D49C8D18ED}" = Active@ KillDisk
"{82DA3D5E-0041-D8F7-6ACD-53A06C863FD4}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88B23390-B08B-4514-8A9C-3E1FE0C6E84B}" = AMD APP SDK Samples
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8E63AD00-6BEB-9E98-739E-C8EE42CF0419}" = CCC Help Norwegian
"{9584BE1B-2FBE-4F45-13EA-6567F3E2D9A2}" = CCC Help Chinese Traditional
"{993609E5-B0A7-0270-BA78-385016D5A4FA}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD Edition
"{9C50B767-48BA-A567-0CFE-31620AE8FC97}" = CCC Help German
"{9E94C6F8-2B4E-D900-E73C-E7BCC7653188}" = CCC Help Japanese
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1" = Wondershare Dr.Fone for iOS(Build 4.0.0.69)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{ADAEEC53-24AF-4A49-B872-75FCBDA59916}" = True Image 2013
"{ADAEEC53-24AF-4A49-B872-75FCBDA59916}Visible" = True Image 2013
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{BEFD4139-C684-DBF8-33F2-7963161E2F10}" = CCC Help Russian
"{CED0FE94-7795-42b5-978C-B247EB3EDE66}" = PC Helper 360
"{CFBC3C9F-C781-4A0A-4AC9-BEBDE9850C16}" = CCC Help Turkish
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D17BE572-CBFB-2AA4-759B-E21F04093001}" = CCC Help Thai
"{D3C44AE6-7A77-6CB3-0708-C970C53E8136}" = Catalyst Control Center Localization All
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
"{E9E87CFE-894C-8FFB-31C2-61C6B640F2B2}" = CCC Help Finnish
"{E9F63F5F-00EF-516C-C7F6-ABD3DC174B5E}" = CCC Help Polish
"{EA3960CB-883C-5B18-FA85-7C36C320E4BC}" = Catalyst Control Center Graphics Previews Common
"{ED62231A-B71D-C39A-7CE0-B2C8388A67C2}" = CCC Help French
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FBC9A8BD-C74D-86B3-7818-D584C9174F48}" = CCC Help Portuguese
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"44676886-FD7F-4C53-B188-BC86EED9BBC1_is1" = Samsung Tool 16.7
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon Browser Settings" = Amazon Browser Settings
"Audacity_is1" = Audacity 2.0.2
"b4290db6-7dac-4a1b-9995-3f1c119689bb" = Show-Password
"Belarc Advisor" = Belarc Advisor 8.3
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2012-12-30
"DMUninstaller" = DMUninstaller
"Feven 1.8" = Feven 1.8
"FileASSASSIN" = FileASSASSIN
"FileSearchEX" = FileSearchEX
"FilesFrog Update Checker" = FilesFrog Update Checker
"FileZilla Client" = FileZilla Client 3.6.0.2
"FlvPlayer" = FlvPlayer
"Foxit Reader_is1" = Foxit Reader
"fst_ca_17_is1" = fst_ca_17
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.9.1
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"HIS iTurbo" = HIS iTurbo
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"ImgBurn" = ImgBurn
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mobogenie" = Mobogenie
"Mozilla Thunderbird 24.0.1 (x86 en-US)" = Mozilla Thunderbird 24.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewPlayer" = NewPlayer
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"nLite_is1" = nLite 1.4.9.1
"Notepad++" = Notepad++
"Optimizer Pro_is1" = Optimizer Pro v3.2
"OutfoxTV" = OutfoxTV
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.2
"PCHealthBoost" = PCHealthBoost 3.0.5
"PS3 Media Server" = PS3 Media Server
"RegClean Pro_is1" = RegClean Pro
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 202170" = Sleeping Dogs™
"Steam App 203160" = Tomb Raider
"Steam App 212070" = Star Conflict
"Steam App 226410" = RIDGE RACER™ Driftopia
"Steam App 9900" = Star Trek Online
"TeamViewer 9" = TeamViewer 9
"VLC media player" = VLC media player 2.1.1
"VMware_Player" = VMware Player
"VOPackage" = VO Package
"Winamp" = Winamp
"Windows Updates Downloader" = Windows Updates Downloader
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5ad2e34e-8435-4ab3-80c1-a2fff37cb9b0}" = Snap.Do Engine
"Litecoin" = Litecoin
"Mozilla Thunderbird 24.2.0 (x86 en-US)" = Mozilla Thunderbird 24.2.0 (x86 en-US)
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/15/2014 3:30:26 AM | Computer Name = 314-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\ATI\CIM\Bin64\SetACL64.exe".Error
in manifest or policy file "c:\program files\ATI\CIM\Bin64\Microsoft.VC80.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 1/16/2014 3:30:31 AM | Computer Name = 314-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\ATI\CIM\Bin64\SetACL64.exe".Error
in manifest or policy file "c:\program files\ATI\CIM\Bin64\Microsoft.VC80.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 1/17/2014 3:30:31 AM | Computer Name = 314-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\ATI\CIM\Bin64\SetACL64.exe".Error
in manifest or policy file "c:\program files\ATI\CIM\Bin64\Microsoft.VC80.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 1/18/2014 3:30:30 AM | Computer Name = 314-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\ATI\CIM\Bin64\SetACL64.exe".Error
in manifest or policy file "c:\program files\ATI\CIM\Bin64\Microsoft.VC80.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 1/19/2014 3:30:30 AM | Computer Name = 314-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\ATI\CIM\Bin64\SetACL64.exe".Error
in manifest or policy file "c:\program files\ATI\CIM\Bin64\Microsoft.VC80.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 1/19/2014 5:57:52 AM | Computer Name = 314-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2014 4:51:06 PM | Computer Name = 314-PC | Source = Application Hang | ID = 1002
Description = The program biclient.exe version 1.0.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 51c Start
Time: 01cf155808c703ec Termination Time: 14 Application Path: C:\Users\314\AppData\Local\Temp\biclient.exe

Report
Id:

Error - 1/19/2014 5:59:10 PM | Computer Name = 314-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2014 6:07:44 PM | Computer Name = 314-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2014 6:14:47 PM | Computer Name = 314-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "E:\Downloads\MyCleanPC.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 1/20/2014 3:30:48 AM | Computer Name = 314-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\ATI\CIM\Bin64\SetACL64.exe".Error
in manifest or policy file "c:\program files\ATI\CIM\Bin64\Microsoft.VC80.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 1/19/2014 4:16:13 PM | Computer Name = 314-PC | Source = DCOM | ID = 10010
Description =

Error - 1/19/2014 4:50:23 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7030
Description = The OutfoxTvService service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 1/19/2014 5:57:23 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7000
Description = The Motorola Device Manager Service service failed to start due to
the following error: %%2

Error - 1/19/2014 5:57:49 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 1/19/2014 5:57:49 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 1/19/2014 6:05:57 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7000
Description = The Motorola Device Manager Service service failed to start due to
the following error: %%2

Error - 1/19/2014 6:20:21 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 1/19/2014 6:20:42 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7034
Description = The Updater Service for AMZN service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/19/2014 6:21:02 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7030
Description = The MgAssist Service service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 1/19/2014 6:22:21 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Installer service,
but this action failed with the following error: %%1056

< End of report >

#8
godawgs

Posted 20 January 2014 - 12:09 PM

Teacher

Retired Staff
8,228 posts

The aswMBR scan didn't show any problems with the Master Boot Record. OK. Let's talk a little about the programs I have found on the system.

PC Optimizing Programs Information

The following programs are all supposed to speed up the pc or optimize the pc. A lot of them come bundled with other software that has been downloaded so your not even aware that they have been installed. Most of them report problems that aren't really there or problems that aren't really problems. Then they want you to either pay a fee or buy the professional edition so it can clean the system. We feel that they are a waste of system resources and money and do very little good. And almost all of them have a Registry cleaning module that can do a great deal of harm. We will be uninstalling these.

PC Helper 360
SpeedUpMyPC
Advanced System Protector
PCHealthBoost 3.0.5
Optimizer Pro v3.2
PC Speed Maximizer v3.2

MyPC Backup Information

MyPCBackup is an online backup service. It is bundled with ad- and malware and can be installed fraudulently. It is not clear before installation that the service costs a monthly fee. By showing annoying dialogs it tries to make the user pay for the service. Payment is in advance for several months, default is 2 years. Initial backup cannot be controlled, it just runs and saves some restore point files.

I would recommend that you uninstall MYPC Backup, and the C:\Program Files (x86)\MyPC Backup folder.

The following Peer-to-Peer program(s) is installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors.

All of these programs are malware, adware, foistware, viruses or out of date programs.
The RegCleanPro program is a Registry cleaner. GeeksToGo does not use nor do we recommend any Registry cleaners for the reasons mentioned above. We will be uninstalling these also.

DMUninstaller
Snap.Do
Snap.Do Engine
Feven 1.8
fst_ca_17
Mobogenie
RegClean Pro
OutfoxTV

Step-1.

Uninstall Programs and Optional Removals

1. Please click the Start Orb

, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

PC Helper 360
SpeedUpMyPC
Advanced System Protector
PCHealthBoost 3.0.5
Optimizer Pro v3.2
PC Speed Maximizer v3.2
DMUninstaller
Snap.Do
Snap.Do Engine
Feven 1.8
fst_ca_17
Mobogenie
RegClean Pro
OutfoxTV
uTorrent

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Users\314\AppData\Roaming\uTorrent

2. Close Windows Explorer.

NOTE: If some of the programs wouldn't uninstall, then boot into Safe Mode and try to uninstall them.
We will remove the other folders with an OTL fix.

Step-2.

Posted Image

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/01/19 15:20:40 | 000,143,488 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
PRC - [2014/01/13 02:05:26 | 000,326,032 | ---- | M] (Outfox Tv Productions Pty Ltd) -- C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
PRC - [2014/01/09 14:05:54 | 000,311,696 | ---- | M] (Outfox Tv Productions Pty Ltd) -- C:\Program Files\OutfoxTV\OutfoxTvService.exe
PRC - [2014/01/09 08:32:38 | 008,271,216 | ---- | M] () -- C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
PRC - [2014/01/09 01:01:20 | 000,063,168 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\MgAssist.exe
PRC - [2014/01/09 01:01:15 | 000,766,656 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
PRC - [2014/01/02 13:33:18 | 003,998,152 | ---- | M] () -- C:\Program Files (x86)\fst_ca_17\fst_ca_17.exe
PRC - [2014/01/02 13:33:18 | 003,153,904 | ---- | M] () -- C:\Users\314\AppData\Local\fst_ca_17\upfst_ca_17.exe
PRC - [2013/12/23 11:40:42 | 006,598,000 | ---- | M] (Systweak) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2013/12/22 14:40:38 | 000,021,024 | ---- | M] (Smartbar) -- C:\Users\314\AppData\Local\Smartbar\Application\SnapDo.exe
PRC - [2013/07/02 16:18:28 | 000,423,736 | ---- | M] (Smart PC Solutions) -- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
SRV:64bit: - [2014/01/09 14:05:54 | 000,311,696 | ---- | M] (Outfox Tv Productions Pty Ltd) [Auto | Running] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV - [2014/01/19 15:20:40 | 000,143,488 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe -- (70e6ca8c)
SRV - [2014/01/09 01:01:20 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobogenie\MgAssist.exe -- (MgAssistService)
SRV - [2013/03/21 11:24:12 | 000,222,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://feed.snapdo.com/?publisher= [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.outfox.tv?referid=176
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=19/01/2014
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=19/01/2014
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/01/14 23:58:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{f1d02156-7557-4942-96ce-a3bf730e8941}: C:\Program Files (x86)\Show-Password\150.xpi [2014/01/19 15:04:25 | 000,008,505 | ---- | M] ()
O2:64bit: - BHO: (Feven 1.8) - {11111111-1111-1111-1111-110411901104} - C:\Program Files (x86)\Feven 1.8\Feven 1.8-bho64.dll (Feven)
O2:64bit: - BHO: (The Amazon 1Button App for IE) - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll (Amazon Inc.)
O2 - BHO: (Feven 1.8) - {11111111-1111-1111-1111-110411901104} - C:\Program Files (x86)\Feven 1.8\Feven 1.8-bho.dll (Feven)
O2 - BHO: (The Amazon 1Button App for IE) - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
O2 - BHO: (Show-Password) - {e200b27e-bb19-4276-8da0-e1e690639278} - C:\Program Files (x86)\Show-Password\150.dll ()
O4:64bit: - HKLM..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4 - HKLM..\Run: [fst_ca_17] C:\Program Files (x86)\fst_ca_17\fst_ca_17.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Browser Infrastructure Helper] C:\Users\314\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [NextLive] C:\Users\314\AppData\Roaming\newnext.me\nengine.dll ()
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe ()
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe (Outfox Tv Productions Pty Ltd)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [PC Speed Maximizer] C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe (Smart PC Solutions)
O4 - HKLM..\RunOnce: [upfst_ca_17.exe] C:\Users\314\AppData\Local\fst_ca_17\upfst_ca_17.exe ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\amazon\amazon~1\\amazon~3.dll) - c:\progra~2\amazon\amazon~1\\amazon~3.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
[2014/01/19 15:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
[2014/01/19 15:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC HealthBoost
[2014/01/19 15:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BoostSoftware
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\newnext.me
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- E:\Documents\Mobogenie
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Mobogenie
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\genienext
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\cache
[2014/01/19 15:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2014/01/19 15:20:44 | 000,000,000 | ---D | C] -- E:\Documents\Optimizer Pro
[2014/01/19 15:20:43 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Optimizer Pro
[2014/01/19 15:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/01/19 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\VOPackage
[2014/01/19 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/01/19 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Smartbar
[2014/01/19 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\fst_ca_17
[2014/01/19 15:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fst_ca_17
[2014/01/19 15:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
[2014/01/19 15:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.8
[2014/01/19 15:16:42 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Amazon Browser Bar
[2014/01/19 15:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/01/19 15:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/01/19 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2014/01/19 15:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2014/01/19 15:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/01/19 15:15:31 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\systweak
[2014/01/19 15:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/01/19 15:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2014/01/19 15:15:20 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/01/19 15:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC
[2014/01/19 15:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2014/01/19 15:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
[2014/01/19 15:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Show-Password
[2014/01/19 13:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\OutfoxTV
[2014/01/19 15:20:36 | 000,001,324 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-updater.job
[2014/01/19 15:20:34 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-enabler.job
[2014/01/19 15:20:32 | 000,001,278 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-codedownloader.job
[2014/01/19 15:20:29 | 000,002,032 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-firefoxinstaller.job
[2014/01/19 15:20:27 | 000,002,110 | ---- | M] () -- C:\Windows\tasks\Feven 1.8-chromeinstaller.job
[2014/01/19 15:18:13 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2014/01/19 15:18:09 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\PC Helper 360 Startup.job
[2014/01/19 15:18:09 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\Foresight Software Update3.job
[2014/01/19 15:18:09 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Helper 360.job
[2014/01/19 15:16:34 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/01/19 15:15:39 | 000,001,097 | ---- | M] () -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/01/19 15:15:37 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/01/19 15:15:37 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/01/19 15:15:31 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/01/19 15:15:28 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2014/01/19 15:15:18 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
[2014/01/19 15:13:33 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Maintenance.job
[2014/01/19 15:13:33 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Startup.job
[2014/01/19 15:13:31 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2014/01/19 15:06:31 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Show-Password Update.job
[2013/12/12 21:39:48 | 000,256,499 | ---- | C] () -- C:\ProgramData\1386908712.bdinstall.bin
[2013/11/03 00:33:10 | 000,583,385 | ---- | C] () -- C:\ProgramData\1383463688.bdinstall.bin

:FILES
C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OutfoxTV
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image

on your desktop. To do that:

Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image

button. Post the log it produces in your next reply.

Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
Click the Report button to get the log.
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you had any problems uninstalling the programs.
2. The OTL fixes log
3. The new OTL.txt log
4. The AdwCleaner[R0].txt log

#9
314

Posted 23 January 2014 - 05:36 PM

Member

Topic Starter
Member
65 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sorry for the long wait was very busy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named OptProCrash.exe was found!
No active process named DesktopContainer.exe was found!
No active process named OutfoxTvService.exe was found!
No active process named PCHealthBoost.exe was found!
No active process named MgAssist.exe was found!
No active process named DaemonProcess.exe was found!
No active process named fst_ca_17.exe was found!
No active process named upfst_ca_17.exe was found!
No active process named AdvancedSystemProtector.exe was found!
No active process named SnapDo.exe was found!
No active process named SPMSmartScan.exe was found!
Service OutfoxTvService stopped successfully!
Service OutfoxTvService deleted successfully!
File C:\Program Files\OutfoxTV\OutfoxTvService.exe not found.
Error: No service named 70e6ca8c was found to stop!
Service\Driver key 70e6ca8c not found.
File c:\Program Files (x86)\Optimizer Pro\OptProCrash.exe not found.
Error: No service named MgAssistService was found to stop!
Service\Driver key MgAssistService not found.
C:\Program Files (x86)\Mobogenie\MgAssist.exe moved successfully.
Service Updater Service for AMZN stopped successfully!
Service Updater Service for AMZN deleted successfully!
C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/SAFFPlugin\ deleted successfully.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\ not found.
Folder move failed. C:\Program Files (x86)\McAfee\SiteAdvisor\x64 scheduled to be moved on reboot.
C:\Program Files (x86)\McAfee\SiteAdvisor\Scripts folder moved successfully.
C:\Program Files (x86)\McAfee\SiteAdvisor\Download folder moved successfully.
Folder move failed. C:\Program Files (x86)\McAfee\SiteAdvisor scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{f1d02156-7557-4942-96ce-a3bf730e8941} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1d02156-7557-4942-96ce-a3bf730e8941}\ not found.
File C:\Program Files (x86)\Show-Password\150.xpi [2014/01/19 15:04:25 | 000,008,505 | ---- | M] not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901104}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901104}\ deleted successfully.
File C:\Program Files (x86)\Feven 1.8\Feven 1.8-bho64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}\ deleted successfully.
C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901104}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901104}\ not found.
File C:\Program Files (x86)\Feven 1.8\Feven 1.8-bho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}\ deleted successfully.
C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e200b27e-bb19-4276-8da0-e1e690639278}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e200b27e-bb19-4276-8da0-e1e690639278}\ deleted successfully.
C:\Program Files (x86)\Show-Password\150.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\InstallerLauncher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_ca_17 not found.
File C:\Program Files (x86)\fst_ca_17\fst_ca_17.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
File C:\Program Files (x86)\Mobogenie\DaemonProcess.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Application Agent deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Application Agent not found.
Registry value HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper deleted successfully.
C:\Users\314\AppData\Local\Smartbar\Application\SnapDo.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive deleted successfully.
File move failed. C:\Users\314\AppData\Roaming\newnext.me\nengine.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro not found.
File C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe not found.
Registry value HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV deleted successfully.
File C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe not found.
Registry value HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PC Speed Maximizer not found.
File C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\upfst_ca_17.exe not found.
File C:\Users\314\AppData\Local\fst_ca_17\upfst_ca_17.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL deleted successfully.
File C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\amazon\amazon~1\\amazon~3.dll deleted successfully.
File move failed. c:\progra~2\amazon\amazon~1\\amazon~3.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\optimi~1\optpro~1.dll deleted successfully.
File c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost\ not found.
Folder C:\Program Files (x86)\PC HealthBoost\ not found.
C:\ProgramData\BoostSoftware folder moved successfully.
C:\Users\314\AppData\Roaming\newnext.me\cache folder moved successfully.
Folder move failed. C:\Users\314\AppData\Roaming\newnext.me scheduled to be moved on reboot.
E:\Documents\Mobogenie folder moved successfully.
Folder C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie\ not found.
C:\Users\314\AppData\Local\Mobogenie\Version\OldVersion folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\Version\NewVersion folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\Version\CacheVersion folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\Version folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\driver folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\Download\Video folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\Download\Picture folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\Download\Music folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\Download\Apk folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\Download folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\device folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\Data folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie\backup folder moved successfully.
C:\Users\314\AppData\Local\Mobogenie folder moved successfully.
Folder move failed. C:\Users\314\AppData\Local\genienext scheduled to be moved on reboot.
C:\Users\314\AppData\Local\cache\prepared folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\f folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\e folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\d folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\c folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\b folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\a folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\9 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\8 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\7 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\6 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\5 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\4 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\3 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\2 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\1 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7\0 folder moved successfully.
C:\Users\314\AppData\Local\cache\data7 folder moved successfully.
C:\Users\314\AppData\Local\cache folder moved successfully.
C:\Program Files (x86)\Mobogenie folder moved successfully.
E:\Documents\Optimizer Pro folder moved successfully.
Folder C:\Users\314\AppData\Roaming\Optimizer Pro\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\ not found.
C:\Users\314\AppData\Roaming\VOPackage folder moved successfully.
Folder C:\Program Files (x86)\Optimizer Pro\ not found.
C:\Users\314\AppData\Local\Smartbar\SnapDo.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\10.239.1.14117 folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\SnapDo.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\DistributionFiles\RollBack\Profiles folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\DistributionFiles\RollBack folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\DistributionFiles\Profiles folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\DistributionFiles\Configs folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\DistributionFiles folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Common\ServicesPlugins folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Common\iconsWide folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Common\icons folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Common\Configs folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Common folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\tr folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\ru folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\pt folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\nl folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\it folder moved successfully.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\[email protected]\components scheduled to be moved on reboot.
C:\Users\314\AppData\Local\Smartbar\Application\[email protected]\chrome\PublisherImages folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\[email protected]\chrome\images folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\[email protected]\chrome folder moved successfully.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\[email protected] scheduled to be moved on reboot.
C:\Users\314\AppData\Local\Smartbar\Application\he folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\fr folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\es folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\de folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\Configs folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\ar folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\PublisherImages folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images folder moved successfully.
C:\Users\314\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\CSS folder moved successfully.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar scheduled to be moved on reboot.
Folder C:\Users\314\AppData\Local\fst_ca_17\ not found.
Folder C:\Program Files (x86)\fst_ca_17\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY\ not found.
Folder C:\Program Files (x86)\Feven 1.8\ not found.
C:\Users\314\AppData\Local\Amazon Browser Bar folder moved successfully.
Folder C:\ProgramData\Systweak\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\ not found.
Folder C:\Program Files (x86)\Advanced System Protector\ not found.
C:\Program Files (x86)\Amazon Browser Bar folder moved successfully.
C:\Program Files (x86)\Amazon\Amazon1ButtonApp folder moved successfully.
C:\Program Files (x86)\Amazon\ABB folder moved successfully.
C:\Program Files (x86)\Amazon folder moved successfully.
C:\Users\314\AppData\Roaming\systweak\ssd folder moved successfully.
C:\Users\314\AppData\Roaming\systweak\BeforeUninstall folder moved successfully.
C:\Users\314\AppData\Roaming\systweak folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\ not found.
Folder C:\Program Files (x86)\RegClean Pro\ not found.
C:\Windows\SysNative\roboot64.exe moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC\PC Optimizer folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer\ not found.
Folder C:\Program Files (x86)\PC Speed Maximizer\ not found.
C:\Program Files (x86)\Show-Password folder moved successfully.
Folder C:\Program Files\OutfoxTV\ not found.
File C:\Windows\tasks\Feven 1.8-updater.job not found.
File C:\Windows\tasks\Feven 1.8-enabler.job not found.
File C:\Windows\tasks\Feven 1.8-codedownloader.job not found.
File C:\Windows\tasks\Feven 1.8-firefoxinstaller.job not found.
File C:\Windows\tasks\Feven 1.8-chromeinstaller.job not found.
File C:\Windows\tasks\Foresight Software Registration3.job not found.
File C:\Windows\tasks\PC Helper 360 Startup.job not found.
File C:\Windows\tasks\Foresight Software Update3.job not found.
File C:\Windows\tasks\PC Helper 360.job not found.
File C:\Users\Public\Desktop\Advanced System Protector.lnk not found.
C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk moved successfully.
File C:\Windows\tasks\RegClean Pro_UPDATES.job not found.
File C:\Windows\tasks\RegClean Pro_DEFAULT.job not found.
File C:\Users\Public\Desktop\RegClean Pro.lnk not found.
C:\Windows\Tasks\USTSPCO-USTSPCOOneClickCare.job moved successfully.
C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk moved successfully.
C:\Windows\Tasks\SpeedUpMyPC Maintenance.job moved successfully.
C:\Windows\Tasks\SpeedUpMyPC Startup.job moved successfully.
File C:\Users\Public\Desktop\SpeedUpMyPC.lnk not found.
C:\Windows\Tasks\Show-Password Update.job moved successfully.
C:\ProgramData\1386908712.bdinstall.bin moved successfully.
C:\ProgramData\1383463688.bdinstall.bin moved successfully.
========== FILES ==========
File\Folder C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OutfoxTV not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\Desktop\cmd.bat deleted successfully.
E:\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
E:\Desktop\cmd.bat deleted successfully.
E:\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
E:\Desktop\cmd.bat deleted successfully.
E:\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 314
->Temp folder emptied: 507540596 bytes
->Temporary Internet Files folder emptied: 177145629 bytes
->Java cache emptied: 10640466 bytes
->Google Chrome cache emptied: 387953588 bytes
->Flash cache emptied: 1747 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1048180 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42411683 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,075.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01232014_161446

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files (x86)\McAfee\SiteAdvisor\x64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\SiteAdvisor\x64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\SiteAdvisor scheduled to be moved on reboot.
File move failed. C:\Users\314\AppData\Roaming\newnext.me\nengine.dll scheduled to be moved on reboot.
File\Folder c:\progra~2\amazon\amazon~1\\amazon~3.dll not found!
Folder move failed. C:\Users\314\AppData\Roaming\newnext.me scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\genienext scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\[email protected] scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\[email protected] scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\[email protected]\components scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\[email protected] scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar\Application scheduled to be moved on reboot.
Folder move failed. C:\Users\314\AppData\Local\Smartbar scheduled to be moved on reboot.
C:\Users\314\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\314\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-5724.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 1/23/2014 4:25:47 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 72.85% Memory free
15.89 Gb Paging File | 13.56 Gb Available in Paging File | 85.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 36.30 Gb Free Space | 32.50% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 517.88 Gb Free Space | 37.06% Space Free | Partition Type: NTFS
Drive F: | 2.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 1863.01 Gb Total Space | 436.62 Gb Free Space | 23.44% Space Free | Partition Type: NTFS

Computer Name: 314-PC | User Name: 314 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/19 15:27:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
PRC - [2014/01/11 03:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/18 11:43:04 | 001,980,416 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/17 03:38:32 | 013,543,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2013/12/17 03:22:10 | 000,199,520 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2013/12/12 19:47:56 | 000,085,600 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/12/03 20:40:30 | 000,103,312 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2013/02/11 16:51:40 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/01/24 13:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013/01/17 09:48:44 | 000,737,600 | ---- | M] (US Tech Support LLC) -- C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe
PRC - [2012/08/23 01:09:34 | 000,403,328 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/08/23 01:08:50 | 006,010,264 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/07/24 15:13:58 | 000,941,440 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2006/10/23 01:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/23 16:22:22 | 001,153,024 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\_ssl.pyd
MOD - [2014/01/23 16:22:22 | 000,811,008 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\wx._windows_.pyd
MOD - [2014/01/23 16:22:22 | 000,805,888 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\wx._gdi_.pyd
MOD - [2014/01/23 16:22:22 | 000,711,680 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\_hashlib.pyd
MOD - [2014/01/23 16:22:22 | 000,110,080 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\PyWinTypes27.dll
MOD - [2014/01/23 16:22:22 | 000,070,656 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\wx._html2.pyd
MOD - [2014/01/23 16:22:22 | 000,035,840 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32process.pyd
MOD - [2014/01/23 16:22:22 | 000,026,624 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\_multiprocessing.pyd
MOD - [2014/01/23 16:22:22 | 000,024,064 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32pipe.pyd
MOD - [2014/01/23 16:22:21 | 001,062,400 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\wx._controls_.pyd
MOD - [2014/01/23 16:22:21 | 000,686,080 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\unicodedata.pyd
MOD - [2014/01/23 16:22:21 | 000,521,680 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\windows._lib_cacheinvalidation.pyd
MOD - [2014/01/23 16:22:21 | 000,128,512 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\_elementtree.pyd
MOD - [2014/01/23 16:22:21 | 000,127,488 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\pyexpat.pyd
MOD - [2014/01/23 16:22:21 | 000,119,808 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32file.pyd
MOD - [2014/01/23 16:22:21 | 000,108,544 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32security.pyd
MOD - [2014/01/23 16:22:21 | 000,098,816 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32api.pyd
MOD - [2014/01/23 16:22:21 | 000,087,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\_ctypes.pyd
MOD - [2014/01/23 16:22:21 | 000,044,032 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\_socket.pyd
MOD - [2014/01/23 16:22:21 | 000,038,912 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32inet.pyd
MOD - [2014/01/23 16:22:21 | 000,025,600 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32pdh.pyd
MOD - [2014/01/23 16:22:21 | 000,018,432 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32event.pyd
MOD - [2014/01/23 16:22:21 | 000,017,408 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32profile.pyd
MOD - [2014/01/23 16:22:21 | 000,010,240 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\select.pyd
MOD - [2014/01/23 16:22:20 | 001,175,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\wx._core_.pyd
MOD - [2014/01/23 16:22:20 | 000,735,232 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\wx._misc_.pyd
MOD - [2014/01/23 16:22:20 | 000,557,056 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\pysqlite2._sqlite.pyd
MOD - [2014/01/23 16:22:20 | 000,364,544 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\pythoncom27.dll
MOD - [2014/01/23 16:22:20 | 000,320,512 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32com.shell.shell.pyd
MOD - [2014/01/23 16:22:20 | 000,122,368 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\wx._wizard.pyd
MOD - [2014/01/23 16:22:20 | 000,022,528 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32ts.pyd
MOD - [2014/01/23 16:22:20 | 000,011,264 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI11322\win32crypt.pyd
MOD - [2014/01/11 03:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 03:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 03:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 03:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 03:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/10/31 15:25:31 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/08/18 17:59:10 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/18 17:59:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/18 17:58:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/29 14:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/08/23 00:32:28 | 001,525,120 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 02:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/21 06:00:46 | 001,140,848 | ---- | M] (Paramount Software UK Ltd) [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV:64bit: - [2013/10/08 05:52:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/08/09 19:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/01/07 14:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/07 10:43:12 | 000,123,384 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/11/15 07:50:38 | 000,283,952 | ---- | M] (USTechSupport, LLC (www.ustechsupport.com)) [Auto | Running] -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe -- (USTSPCODiskOptimizer)
SRV - [2013/10/10 06:57:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 09:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013/09/19 15:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/02/11 16:51:40 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/01/24 13:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/17 09:48:44 | 000,737,600 | ---- | M] (US Tech Support LLC) [Auto | Running] -- C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe -- (USTSScheduler)
SRV - [2012/10/11 15:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/08/23 01:11:48 | 001,126,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/28 15:16:54 | 000,128,640 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/05/17 00:25:20 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/08 06:58:42 | 012,534,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/10/08 05:27:46 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/17 15:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/09/17 15:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/09/17 15:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013/09/17 15:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/09/17 15:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013/08/09 19:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 19:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/05 01:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/07/04 14:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/26 01:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/02/26 01:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/02/26 01:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/02/26 01:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/02/26 01:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013/02/11 16:51:40 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/02/11 16:51:39 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/02/11 16:51:39 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/02/11 16:51:38 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/02/11 16:51:38 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013/02/11 16:51:36 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/02/11 16:51:36 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/02/08 00:21:19 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/01/31 23:47:52 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 13:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 13:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/11 15:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/10/11 15:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/28 15:17:28 | 000,551,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/06/28 15:17:24 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/06/28 15:17:24 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/06/28 15:17:24 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/06/28 15:17:24 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/06/28 15:17:22 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/06/28 15:17:22 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/06/28 15:17:22 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/06/14 01:23:12 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/02/23 19:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/25 15:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/05/25 15:59:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/05/25 15:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/04/27 10:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/27 10:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/27 10:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/11/24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/09/15 03:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/29 03:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV:64bit: - [1999/12/31 17:00:00 | 000,553,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2013/12/18 19:50:29 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/11/20 13:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 E3 CD 57 41 03 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\314\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\314\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\314\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/12/12 22:05:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/10/23 13:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\314\AppData\Roaming\Mozilla\Extensions
[2013/03/13 16:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=19/01/2014
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://feed.snapdo.c...Date=19/01/2014
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Snap.Do = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Google Drive = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Video Downloader professional = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.38_0\
CHR - Extension: FVD Downloader = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: LogMeIn = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1029_0\
CHR - Extension: Google Wallet = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2013/03/15 11:19:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5C49AA91341C41418C8C4F5BFCF76462] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36ACD0DB-866F-4DC4-9394-7CA78F81EA2F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFA1A9B-A46C-416E-8739-AABF8642AE12}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D5944C-622D-47DB-8AAA-CAF5CCF1D24B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/23 16:22:28 | 000,000,000 | R--D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/01/20 20:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2014/01/19 15:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/01/19 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\PC_Drivers_Headquarters
[2014/01/19 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/01/19 15:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/01/19 15:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/01/19 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\newplayer
[2014/01/19 15:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
[2014/01/19 15:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewPlayer
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\newnext.me
[2014/01/19 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\genienext
[2014/01/19 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Smartbar
[2014/01/19 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Foresight Software
[2014/01/19 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\DriverCure
[2014/01/19 15:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2014/01/19 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\USTechSupport
[2014/01/19 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USTechSupport
[2014/01/19 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\USTechSupport
[2014/01/19 15:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\USTechSupport
[2014/01/19 15:13:30 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/01/19 15:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/01/19 15:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
[2014/01/19 15:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlvPlayer
[2014/01/19 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2014/01/19 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\FilesFrog Update Checker
[2014/01/19 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\libimobiledevice
[2014/01/19 13:20:12 | 000,000,000 | ---D | C] -- E:\Documents\Wondershare
[2014/01/19 13:09:30 | 000,000,000 | ---D | C] -- E:\Documents\Wondershare Dr.Fone for iOS
[2014/01/19 12:57:43 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Apple Computer
[2014/01/19 12:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/19 12:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/19 12:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/19 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/19 12:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/01/19 12:57:01 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Apple
[2014/01/19 12:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/01/19 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/19 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/01/19 12:51:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2014/01/19 12:51:30 | 000,076,384 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2014/01/19 12:51:30 | 000,052,832 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\drivers\libusb0.sys
[2014/01/19 12:51:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Dr.Fone_Temp
[2014/01/19 12:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare

========== Files - Modified Within 30 Days ==========

[2014/01/23 16:25:45 | 000,822,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/23 16:25:45 | 000,693,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/23 16:25:45 | 000,130,852 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/23 16:21:39 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2014/01/23 16:21:27 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/23 16:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/23 15:50:33 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 15:50:33 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 15:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000UA.job
[2014/01/23 15:30:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/23 10:32:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000Core.job
[2014/01/19 15:23:33 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/01/19 15:21:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/01/19 15:15:13 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2014/01/19 15:12:39 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\FlvPlayer.lnk
[2014/01/19 13:13:45 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare TunesGo.lnk
[2014/01/19 13:03:53 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
[2014/01/14 23:59:31 | 000,271,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/14 10:59:07 | 000,000,947 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

========== Files Created - No Company Name ==========

[2014/01/23 16:21:39 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2014/01/19 15:23:33 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/01/19 15:21:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/01/19 15:20:55 | 000,002,564 | ---- | C] () -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/01/19 15:16:05 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
[2014/01/19 15:15:13 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2014/01/19 15:12:39 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\FlvPlayer.lnk
[2014/01/19 13:13:45 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare TunesGo.lnk
[2014/01/19 12:57:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/01/19 12:51:31 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
[2013/12/18 19:56:20 | 000,000,486 | ---- | C] () -- C:\Windows\DEMO.INI
[2013/10/11 01:48:33 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013/10/08 12:24:18 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/10/08 09:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 06:39:08 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 06:39:08 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/10/08 05:56:12 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/10/08 05:56:12 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/07/06 03:35:05 | 000,000,122 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 22:49:43 | 000,000,540 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/04/12 02:39:21 | 000,814,980 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/14 23:49:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/14 23:49:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/14 23:49:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/14 23:49:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/14 23:49:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/24 22:29:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/02/16 23:13:45 | 000,000,994 | ---- | C] () -- C:\Windows\winamp.ini
[2012/12/31 03:15:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/12/30 12:11:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/12/30 12:11:16 | 000,018,832 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/11 16:52:02 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Acronis
[2013/12/22 02:23:59 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Audacity
[2014/01/19 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\DriverCure
[2013/12/12 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ESET
[2014/01/14 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\FileZilla
[2014/01/19 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foresight Software
[2013/10/08 12:24:32 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foxit Software
[2013/11/20 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\HandBrake
[2013/01/30 12:53:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Hard Disk Sentinel
[2013/07/06 15:26:17 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ImgBurn
[2013/11/27 00:18:51 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Litecoin
[2013/06/10 20:50:18 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\LockHunter
[2013/12/24 04:05:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Mael
[2013/01/31 23:45:50 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\MotioninJoy
[2013/03/21 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Motorola
[2013/03/18 22:12:40 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Motorola Mobility
[2014/01/23 16:22:11 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\newnext.me
[2013/10/23 10:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Notepad++
[2013/03/14 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\QuickScan
[2013/06/25 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\redsn0w
[2013/10/24 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\TeamViewer
[2013/08/30 22:10:58 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\TeraCopy
[2013/10/23 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Thunderbird
[2013/08/18 23:25:46 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Unity
[2014/01/19 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\USTechSupport
[2014/01/20 19:41:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\uTorrent
[2013/06/07 02:10:21 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\WindSolutions
[2014/01/19 13:13:44 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Wondershare

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 466 bytes -> C:\ProgramData\TEMP:9A870F8B
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:F8D65F32
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD022376

< End of report >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.017 - Report created 23/01/2014 at 16:33:05
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : 314 - 314-PC
# Running from : E:\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack

***** [ Files / Folders ] *****

File Found : E:\Desktop\MyPC Backup.lnk
File Found : E:\Desktop\MyPC Backup.lnk
Folder Found : C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Users\314\AppData\Local\FilesFrog Update Checker
Folder Found C:\Users\314\AppData\Local\genienext
Folder Found C:\Users\314\AppData\Local\Smartbar
Folder Found C:\Users\314\AppData\Roaming\DriverCure
Folder Found C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Found C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\314\AppData\Roaming\newnext.me

***** [ Shortcuts ] *****

Shortcut Found : E:\Desktop\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=CA&userid=57e80b0d-0c06-912f-7450-fb0b9b6104eb&searchtype=sc&installDate=19/01/2014 )
Shortcut Found : C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=CA&userid=57e80b0d-0c06-912f-7450-fb0b9b6104eb&searchtype=sc&installDate=19/01/2014 )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Show-Password
Key Found : HKCU\Software\distromatic
Key Found : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKCU\Software\Somoto
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\Vittalia
Key Found : [x64] HKCU\Software\distromatic
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\smartbarbackup
Key Found : [x64] HKCU\Software\smartbarlog
Key Found : [x64] HKCU\Software\Somoto
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\Vittalia
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905504}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906604}
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904404}
Key Found : HKLM\Software\FreeSoftToday
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Tutorials
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905504}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906604}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=CA&userid=57e80b0d-0c06-912f-7450-fb0b9b6104eb&searchtype=ds&q={searchTerms}&installDate=19/01/2014
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=CA&userid=57e80b0d-0c06-912f-7450-fb0b9b6104eb&searchtype=ds&q={searchTerms}&installDate=19/01/2014

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [6632 octets] - [23/01/2014 16:33:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6692 octets] ##########

#10
godawgs

Posted 23 January 2014 - 06:55 PM

Teacher

Retired Staff
8,228 posts

Thanks for the logs.
Did you uninstall uTorrent and MyPCBackup or no?

After this run please let me know if the pop ups are gone.

Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner

Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan to complete.
When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
Click the Clean button.
Everything checked will be deleted.
When the program has finished cleaning a report appears.
Once done it will ask to reboot, allow this
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Posted Image

Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Right click the JRT icon and click Run as Administrator to run the application.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

NOTE: Reboot the machine and ensure that all security software is now enabled.

Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.

Right click the SecurityCheck icon and click Run as Administrator to run the application. Allow any UAC warnings.
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Step-4

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. The checkup.txt log

#11
314

Posted 23 January 2014 - 11:24 PM

Member

Topic Starter
Member
65 posts

# AdwCleaner v3.017 - Report created 23/01/2014 at 21:48:51
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : 314 - 314-PC
# Running from : E:\Desktop\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack

***** [ Files / Folders ] *****

[#] Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\314\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\Users\314\AppData\Local\genienext
Folder Deleted : C:\Users\314\AppData\Local\Smartbar
Folder Deleted : C:\Users\314\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\314\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
File Deleted : E:\Desktop\MyPC Backup.lnk

***** [ Shortcuts ] *****

Shortcut Disinfected : E:\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905504}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906604}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904404}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905504}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906604}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Vittalia
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Show-Password
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\FreeSoftToday
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R1].txt - [6852 octets] - [23/01/2014 16:33:05]
AdwCleaner[R2].txt - [6912 octets] - [23/01/2014 21:48:05]
AdwCleaner[S1].txt - [5985 octets] - [23/01/2014 21:48:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6045 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by 314 on Thu 01/23/2014 at 21:55:53.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] ustspcodiskoptimizer
Successfully deleted: [Service] ustspcodiskoptimizer
Successfully stopped: [Service] ustsscheduler
Successfully deleted: [Service] ustsscheduler

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ustechsupport
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ustechsupport
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\boostsoftware
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon-toolbar-on-ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon-toolbar-on-ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\babylon-toolbar-on-ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\babylon-toolbar-on-ie_RASMANCS

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\ProgramData\ustechsupport"
Successfully deleted: [Folder] "C:\Users\314\AppData\Roaming\ustechsupport"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Failed to delete: [Folder] "C:\Program Files (x86)\ustechsupport"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\ustechsupport"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\314\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/23/2014 at 22:02:13.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Smart Security 7.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.0.3
Java 7 Update 45
Java version out of Date!
Mozilla Thunderbird (24.0.1)
Google Chrome 31.0.1650.63
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````

did not uninstall utorrent dont want to, i use it to share my bands mp3 files
could not install my pcbackup

#12
godawgs

Posted 24 January 2014 - 11:06 AM

Teacher

Retired Staff
8,228 posts

did not uninstall utorrent dont want to, i use it to share my bands mp3 files

Fair enough. If I could ask you though, please try not to use it until we are through. Which shouldn't be too much longer.

could not install my pcbackup

Acknowledged. AdwCleaner and JRT got rid of most of it. I'll get a fresh OTL scan in this run and we will remove any leftover bits in the next OTL fix.

Also, I didn't see an answer to the question about the pop ups. Are you still having that issue?

Before running steps 1 and 2 please disable any screen saver you have running.

Step-1.

Posted Image

Malwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

Right click the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue button on the UAC window. You will now be at the main program as shown below.
Click the Update tab and update the program in necessary.
Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.

You should click on the OK button to close the message box and continue with the removal process.
You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.
Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step-2.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
When prompted double click on the icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
A new window will open:
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install. The following window will open:
- Uncheck the box beside Remove Found Threats
- Check the box Scan archives.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

A.
If No Threats Were Found:

Put a checkmark in Uninstall application on close
Close the program
Report to me that nothing was found

B.
If Threats Were Found:

Click on list of threats found
Click on export to text file and save it to the desktop as ESET SCAN.txt
Click on Back
Put a checkmark in Uninstall application on close Be sure you have saved the file first
Click on Finish
Close the program

Don't forget to enable your Antivirus program and screen saver.

Step-3.

Run OTL again and click the Posted Image

button. Post the Otl.txt log it produces in your next reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question about the pop ups and let me know how the computer is running now.
2. The MalwareBytes log
3. The ESET scan log (IF ot found anything). If it didn't just let me know.
4. The new OTL.txt log

#13
314

Posted 24 January 2014 - 11:56 AM

Member

Topic Starter
Member
65 posts

No more popups as far as I can see, but my start page in chrome and the search is still hijacked. Also before I run the scans I use eset as my antivirus, so do I need to run the online scanner or is my antivirus still good. Because during removals it was prompting me to clean the infections. Also I am not using utorrent while we are cleaning my PC.

Edited by 314, 24 January 2014 - 11:58 AM.

#14
godawgs

Posted 24 January 2014 - 12:23 PM

Teacher

Retired Staff
8,228 posts

Hi,

That's good news about the popups. We will probably have to change the start and search pages in chrome manually. The next OTL log will give me the info I need.
And even though you use the ESET antivirus I still want you to run the ESET on line scan please. Then post the MalwareBytes, ESET and OTL logs.

#15
314

Posted 26 January 2014 - 01:52 PM

Member

Topic Starter
Member
65 posts

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
314 :: 314-PC [administrator]

Protection: Enabled

1/24/2014 11:34:07 AM
mbam-log-2014-01-24 (11-34-07).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 763169
Time elapsed: 1 hour(s), 41 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\logekkkdbdidmmcgkonmmonclldogceg (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 31
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\FilesFrog Update Checker\uninstall.exe.vir (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FlvPlayer\FLVPlayerApp.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\314\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\00AE80DA52739B8A711FA497A7CB08E5B900000000007EABB0.exe (Adware.KorAd) -> Quarantined and deleted successfully.
C:\Windows\Installer\d7044.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
E:\Aarons_shit\to sort\main\documents\Downloads\brutus-aet2.zip (HackTool.Brutus) -> Quarantined and deleted successfully.
E:\Downloads\Audacity_RocketFuelInstaller (1).exe (PUP.Optional.Verti) -> Quarantined and deleted successfully.
E:\Downloads\Audacity_RocketFuelInstaller (2).exe (PUP.Optional.Verti) -> Quarantined and deleted successfully.
E:\Downloads\Audacity_RocketFuelInstaller.exe (PUP.Optional.Verti) -> Quarantined and deleted successfully.
E:\Downloads\cgminer-3.6.6-1-windows.7z (Trojan.Bitcoin) -> Quarantined and deleted successfully.
E:\Downloads\Descent_downloader_by_dosgamesarchive.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
E:\Downloads\Evasi0n_downloader_by_Evasi0n.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
E:\Downloads\FlvPlayerSetup (1).exe (PUP.Optional.CoolAppsDownload.A) -> Quarantined and deleted successfully.
E:\Downloads\FlvPlayerSetup.exe (PUP.Optional.CoolAppsDownload.A) -> Quarantined and deleted successfully.
E:\Downloads\installer_avg-anti-virus_English.exe (PUP.Optional.Freemium.A) -> Quarantined and deleted successfully.
E:\Downloads\installer_java_English.exe (PUP.Optional.Freemium.A) -> Quarantined and deleted successfully.
E:\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
E:\Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
E:\Downloads\SleepD+20Tr-LNG_v2.1.437044.rar (VirTool.Obfuscator) -> Quarantined and deleted successfully.
E:\Downloads\Unconfirmed 137999.crdownload (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
E:\Downloads\Unconfirmed 652170.crdownload (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
E:\Downloads\winamp565_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Program Files (x86)\LSoft Technologies\Active@ UNDELETE Professional\recovered\GameHouse-Installer_am-familyvacationcalifornia_gamehouse_.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Program Files (x86)\LSoft Technologies\Active@ UNDELETE Professional\recovered\GameHouse-Installer_am-familyvacationcalifornia_gamehouse_.Renamed_0001.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\sort\Applications\daemon403-x86.exe (Adware.WhenU) -> Quarantined and deleted successfully.
E:\sort\zUndicided\Downloads\winamp5623_full_emusic-7plus_all (1).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\sort\zUndicided\Downloads\winamp5623_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\_OTL\MovedFiles\01232014_161446\C_Program Files (x86)\Amazon Browser Bar\search_protect.exe (PUP.Optional.Searchprotect) -> Quarantined and deleted successfully.
E:\_OTL\MovedFiles\01232014_161446\C_Users\314\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.

(end)

C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir a variant of Win32/Somoto.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_20.dll.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_21.dll.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_22.dll.vir a variant of Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_23.dll.vir a variant of Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_24.dll.vir a variant of Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_25.dll.vir a variant of Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_26.dll.vir a variant of Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\314\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A application
E:\!!@\ccsetup406.exe Win32/Bundled.Toolbar.Google.D application
E:\!!@\WirelessKeyView.exe a variant of Win64/WirelessKeyView.B application
E:\500re4\Users\Aaron\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
E:\500re4\Users\Aaron\Downloads\AA_v3.exe a variant of Win32/RemoteAdmin.Ammyy.B application
E:\500re4\Users\Aaron\Downloads\FoxitReader542.0901_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\Aarons_shit\to sort\main\documents\Downloads\cmdow.zip Win32/CMDOW.143 application
E:\Aarons_shit\to sort\main\documents\Downloads\PFPortChecker.exe a variant of Win32/Bundled.Toolbar.Ask.A application
E:\Blue[bleep]\PXE\tftpboot\winxp\$OEM$\$$\System32\cmdow.exe Win32/CMDOW.143 application
E:\Blue[bleep]\PXE\tftpd32\tftpd32.exe a variant of Win32/TFTPD32.A application
E:\Desktop\Programs\Hiren's.BootCD.10.1.iso a variant of Win32/RemoteAdmin.RemoteExec.AA application
E:\Desktop\Programs\HBCD_105\konboot.gz Win32/PSWTool.KonBoot.A application
E:\Desktop\Programs\HBCD_105\WinTools\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA application
E:\Downloads\AA_v3 (1).exe a variant of Win32/RemoteAdmin.Ammyy.B application
E:\Downloads\AA_v3.2 (1).exe a variant of Win32/RemoteAdmin.Ammyy.B application
E:\Downloads\AA_v3.2.exe a variant of Win32/RemoteAdmin.Ammyy.B application
E:\Downloads\AA_v3.exe a variant of Win32/RemoteAdmin.Ammyy.B application
E:\Downloads\rcpsetup_vmed (1).exe Win32/Systweak.B application
E:\Downloads\rcpsetup_vmed.exe Win32/Systweak.B application
E:\Downloads\SuperOneClickv2.2-ShortFuse.zip multiple threats
E:\Downloads\SuperOneClickv2.3.1-ShortFuse - Copy.zip multiple threats
E:\Downloads\SuperOneClickv2.3.1-ShortFuse.zip multiple threats
E:\Downloads\FalconFour's Ultimate Boot CD v4.5\F4UBCD-4.5.ISO a variant of Win32/RemoteAdmin.RemoteExec.AA application
E:\Downloads\Hiren's BootCD 15.2 Rebuild All in One Bootable CD\12.Hiren.s.Boot.CD.15.2.iso multiple threats
E:\LiteCoin\guiminer-scrypt_win32_binaries_v0.03.zip a variant of Win32/BitCoinMiner.AF application
E:\LiteCoin\GuiMiner\cgminer.exe a variant of Win32/BitCoinMiner.AF application
E:\LiteCoin\GuiMiner\cgminer\cgminer-fpgaonly.exe a variant of Win32/BitCoinMiner.AF application
E:\LiteCoin\GuiMiner\cgminer\cgminer-nogpu.exe a variant of Win32/BitCoinMiner.AF application
E:\LiteCoin\GuiMiner\cgminer\cgminer.exe a variant of Win32/BitCoinMiner.AF application
E:\Re4_500\Downloads\AA_v3.exe a variant of Win32/RemoteAdmin.Ammyy.B application
E:\Re4_500\Downloads\FoxitReader542.0901_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\Repair\Work\CPU-Z\cpu-z_1.62-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.D application
E:\Repair\Work\Magic Jelly Bean\KeyFinderInstaller.exe Win32/OpenCandy application
E:\sort\zUndicided\Downloads\AA_v3.exe a variant of Win32/RemoteAdmin.Ammyy.B application
E:\sort\zUndicided\Downloads\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\sort\zUndicided\FTP\TCP-IP Limits\EventID 4226 Patcher Version 2.12\EvID4226Patch212-en.zip Win32/Tool.EvID4226 application
E:\t3\New folder\tbw_trial.exe a variant of Win32/TFTPD32.A application
E:\Uniway\ISOs\Hiren's.BootCD.10.5.iso multiple threats
E:\Wayne\AMMYY_Admin(2).exe a variant of Win32/RemoteAdmin.Ammyy.B application
E:\Wayne\AMMYY_Admin.exe a variant of Win32/RemoteAdmin.Ammyy.B application
E:\Wayne\tftpd32.351.zip a variant of Win32/TFTPD32.A application
E:\Wayne\WinLite2.iso a variant of Win32/Bundled.Toolbar.Ask application
E:\_OTL\MovedFiles\01232014_161446\C_Program Files (x86)\Amazon Browser Bar\uninstaller.exe a variant of Win32/Distromatic.B application
E:\_OTL\MovedFiles\01232014_161446\C_Users\314\AppData\Local\Smartbar\Application\BrowserHelper.exe a variant of MSIL/Toolbar.Linkury.A application
E:\_OTL\MovedFiles\01232014_161446\C_Users\314\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll a variant of Win32/Toolbar.Linkury.B application
E:\_OTL\MovedFiles\01232014_161446\C_Users\314\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll a variant of Win32/Toolbar.Linkury.B application
E:\_OTL\MovedFiles\01232014_161446\C_Users\314\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll a variant of MSIL/Toolbar.Linkury.D application
E:\_OTL\MovedFiles\01232014_161446\C_Users\314\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll a variant of MSIL/Toolbar.Linkury.D application
E:\_OTL\MovedFiles\01232014_161446\C_Users\314\AppData\Local\Smartbar\Application\SnapDo.exe a variant of Win32/Toolbar.Linkury.A application
E:\_OTL\MovedFiles\01232014_161446\C_Users\314\AppData\Local\Smartbar\Application\srbs.dll a variant of MSIL/Toolbar.Linkury.C application

OTL logfile created on: 1/26/2014 12:46:46 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.41 Gb Available Physical Memory | 68.10% Memory free
15.89 Gb Paging File | 13.27 Gb Available in Paging File | 83.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 31.96 Gb Free Space | 28.62% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 517.95 Gb Free Space | 37.07% Space Free | Partition Type: NTFS
Drive F: | 2.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 1863.01 Gb Total Space | 436.62 Gb Free Space | 23.44% Space Free | Partition Type: NTFS

Computer Name: 314-PC | User Name: 314 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/19 15:27:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
PRC - [2014/01/11 03:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/07 14:00:22 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/01/07 14:00:20 | 001,815,464 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/12/18 11:43:04 | 001,980,416 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/17 03:38:32 | 013,543,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2013/12/17 03:22:10 | 000,199,520 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2013/12/12 19:47:56 | 000,085,600 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/12/03 20:40:30 | 000,103,312 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2013/02/11 16:51:40 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/01/24 13:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/08/23 01:09:34 | 000,403,328 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/08/23 01:08:50 | 006,010,264 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/07/24 15:13:58 | 000,941,440 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/25 16:41:28 | 001,153,024 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\_ssl.pyd
MOD - [2014/01/25 16:41:28 | 000,811,008 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\wx._windows_.pyd
MOD - [2014/01/25 16:41:28 | 000,805,888 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\wx._gdi_.pyd
MOD - [2014/01/25 16:41:28 | 000,711,680 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\_hashlib.pyd
MOD - [2014/01/25 16:41:28 | 000,110,080 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\PyWinTypes27.dll
MOD - [2014/01/25 16:41:28 | 000,087,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\_ctypes.pyd
MOD - [2014/01/25 16:41:28 | 000,070,656 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\wx._html2.pyd
MOD - [2014/01/25 16:41:28 | 000,038,912 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32inet.pyd
MOD - [2014/01/25 16:41:28 | 000,035,840 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32process.pyd
MOD - [2014/01/25 16:41:28 | 000,026,624 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\_multiprocessing.pyd
MOD - [2014/01/25 16:41:28 | 000,025,600 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32pdh.pyd
MOD - [2014/01/25 16:41:28 | 000,024,064 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32pipe.pyd
MOD - [2014/01/25 16:41:27 | 001,062,400 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\wx._controls_.pyd
MOD - [2014/01/25 16:41:27 | 000,686,080 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\unicodedata.pyd
MOD - [2014/01/25 16:41:27 | 000,557,056 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\pysqlite2._sqlite.pyd
MOD - [2014/01/25 16:41:27 | 000,521,680 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\windows._lib_cacheinvalidation.pyd
MOD - [2014/01/25 16:41:27 | 000,320,512 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32com.shell.shell.pyd
MOD - [2014/01/25 16:41:27 | 000,128,512 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\_elementtree.pyd
MOD - [2014/01/25 16:41:27 | 000,127,488 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\pyexpat.pyd
MOD - [2014/01/25 16:41:27 | 000,119,808 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32file.pyd
MOD - [2014/01/25 16:41:27 | 000,108,544 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32security.pyd
MOD - [2014/01/25 16:41:27 | 000,098,816 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32api.pyd
MOD - [2014/01/25 16:41:27 | 000,044,032 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\_socket.pyd
MOD - [2014/01/25 16:41:27 | 000,022,528 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32ts.pyd
MOD - [2014/01/25 16:41:27 | 000,018,432 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32event.pyd
MOD - [2014/01/25 16:41:27 | 000,017,408 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32profile.pyd
MOD - [2014/01/25 16:41:27 | 000,010,240 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\select.pyd
MOD - [2014/01/25 16:41:26 | 001,175,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\wx._core_.pyd
MOD - [2014/01/25 16:41:26 | 000,735,232 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\wx._misc_.pyd
MOD - [2014/01/25 16:41:26 | 000,364,544 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\pythoncom27.dll
MOD - [2014/01/25 16:41:26 | 000,122,368 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\wx._wizard.pyd
MOD - [2014/01/25 16:41:26 | 000,011,264 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI42242\win32crypt.pyd
MOD - [2014/01/11 03:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 03:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 03:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 03:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 03:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2014/01/07 14:00:22 | 001,138,088 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/12/12 15:19:40 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2013/12/12 15:04:18 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/12/12 15:04:14 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/11/04 18:12:06 | 000,890,592 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-52.dll
MOD - [2013/10/31 15:25:31 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/08/18 17:59:10 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/18 17:59:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/18 17:58:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2013/06/14 16:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 16:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 16:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/23 00:32:28 | 001,525,120 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 02:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/21 06:00:46 | 001,140,848 | ---- | M] (Paramount Software UK Ltd) [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV:64bit: - [2013/10/08 05:52:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/08/09 19:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/01/07 14:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/07 10:43:12 | 000,123,384 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/10/10 06:57:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 09:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/02/11 16:51:40 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/01/24 13:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/10/11 15:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/08/23 01:11:48 | 001,126,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/28 15:16:54 | 000,128,640 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/05/17 00:25:20 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- E:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/08 06:58:42 | 012,534,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/10/08 05:27:46 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/17 15:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/09/17 15:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/09/17 15:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013/09/17 15:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/09/17 15:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013/08/09 19:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 19:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/05 01:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/07/04 14:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/26 01:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/02/26 01:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/02/26 01:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/02/26 01:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/02/26 01:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013/02/11 16:51:40 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/02/11 16:51:39 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/02/11 16:51:39 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/02/11 16:51:38 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/02/11 16:51:38 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013/02/11 16:51:36 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/02/11 16:51:36 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/02/08 00:21:19 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/01/31 23:47:52 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 13:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 13:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/11 15:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/10/11 15:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/28 15:17:28 | 000,551,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/06/28 15:17:24 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/06/28 15:17:24 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/06/28 15:17:24 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/06/28 15:17:24 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/06/28 15:17:22 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/06/28 15:17:22 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/06/28 15:17:22 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/06/14 01:23:12 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/02/23 19:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/25 15:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/05/25 15:59:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/05/25 15:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/04/27 10:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/27 10:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/27 10:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/11/24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/09/15 03:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/29 03:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV:64bit: - [1999/12/31 17:00:00 | 000,553,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2013/12/18 19:50:29 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/11/20 13:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 E3 CD 57 41 03 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\314\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\314\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\314\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/12/12 22:05:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/10/23 13:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\314\AppData\Roaming\Mozilla\Extensions
[2013/03/13 16:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=19/01/2014
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Video Downloader professional = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.38_0\
CHR - Extension: FVD Downloader = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: LogMeIn = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1029_0\
CHR - Extension: Google Wallet = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2013/03/15 11:19:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5C49AA91341C41418C8C4F5BFCF76462] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36ACD0DB-866F-4DC4-9394-7CA78F81EA2F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFA1A9B-A46C-416E-8739-AABF8642AE12}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D5944C-622D-47DB-8AAA-CAF5CCF1D24B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/25 16:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/01/25 16:41:30 | 000,000,000 | R--D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/01/23 16:33:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/20 20:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2014/01/19 15:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/01/19 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\PC_Drivers_Headquarters
[2014/01/19 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/01/19 15:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/01/19 15:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/01/19 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\newplayer
[2014/01/19 15:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
[2014/01/19 15:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewPlayer
[2014/01/19 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Foresight Software
[2014/01/19 15:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2014/01/19 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USTechSupport
[2014/01/19 15:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
[2014/01/19 15:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlvPlayer
[2014/01/19 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\libimobiledevice
[2014/01/19 13:20:12 | 000,000,000 | ---D | C] -- E:\Documents\Wondershare
[2014/01/19 13:09:30 | 000,000,000 | ---D | C] -- E:\Documents\Wondershare Dr.Fone for iOS
[2014/01/19 12:57:43 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Apple Computer
[2014/01/19 12:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/19 12:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/19 12:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/19 12:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/19 12:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/01/19 12:57:01 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Apple
[2014/01/19 12:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/01/19 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/19 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/01/19 12:51:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2014/01/19 12:51:30 | 000,076,384 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2014/01/19 12:51:30 | 000,052,832 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\drivers\libusb0.sys
[2014/01/19 12:51:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Dr.Fone_Temp
[2014/01/19 12:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare

========== Files - Modified Within 30 Days ==========

[2014/01/26 12:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000UA.job
[2014/01/26 12:30:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/26 10:38:40 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000Core.job
[2014/01/25 20:30:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/25 16:48:21 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/25 16:48:21 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/25 16:47:08 | 000,822,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/25 16:47:08 | 000,693,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/25 16:47:08 | 000,130,852 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/25 16:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/23 21:51:45 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2014/01/19 15:23:33 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/01/19 15:21:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/01/19 15:15:13 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2014/01/19 15:12:39 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\FlvPlayer.lnk
[2014/01/19 13:13:45 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare TunesGo.lnk
[2014/01/19 13:03:53 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
[2014/01/14 23:59:31 | 000,271,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/14 10:59:07 | 000,000,947 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

========== Files Created - No Company Name ==========

[2014/01/23 16:21:39 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2014/01/19 15:23:33 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/01/19 15:21:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/01/19 15:20:55 | 000,001,354 | ---- | C] () -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/01/19 15:16:05 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
[2014/01/19 15:15:13 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2014/01/19 15:12:39 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\FlvPlayer.lnk
[2014/01/19 13:13:45 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare TunesGo.lnk
[2014/01/19 12:57:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/01/19 12:51:31 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
[2013/12/18 19:56:20 | 000,000,486 | ---- | C] () -- C:\Windows\DEMO.INI
[2013/10/11 01:48:33 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013/10/08 12:24:18 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/10/08 09:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 06:39:08 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 06:39:08 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/10/08 05:56:12 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/10/08 05:56:12 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/07/06 03:35:05 | 000,000,122 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 22:49:43 | 000,000,540 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/04/12 02:39:21 | 000,814,980 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/14 23:49:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/14 23:49:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/14 23:49:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/14 23:49:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/14 23:49:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/24 22:29:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/02/16 23:13:45 | 000,000,994 | ---- | C] () -- C:\Windows\winamp.ini
[2012/12/31 03:15:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/12/30 12:11:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/12/30 12:11:16 | 000,018,832 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/11 16:52:02 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Acronis
[2013/12/22 02:23:59 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Audacity
[2013/12/12 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ESET
[2014/01/14 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\FileZilla
[2014/01/19 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foresight Software
[2013/10/08 12:24:32 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foxit Software
[2013/11/20 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\HandBrake
[2013/01/30 12:53:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Hard Disk Sentinel
[2013/07/06 15:26:17 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ImgBurn
[2013/11/27 00:18:51 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Litecoin
[2013/06/10 20:50:18 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\LockHunter
[2013/12/24 04:05:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Mael
[2013/01/31 23:45:50 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\MotioninJoy
[2013/03/21 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Motorola
[2013/03/18 22:12:40 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Motorola Mobility
[2013/10/23 10:18:12 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Notepad++
[2013/03/14 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\QuickScan
[2013/06/25 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\redsn0w
[2013/10/24 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\TeamViewer
[2013/08/30 22:10:58 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\TeraCopy
[2013/10/23 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Thunderbird
[2013/08/18 23:25:46 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Unity
[2014/01/20 19:41:56 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\uTorrent
[2013/06/07 02:10:21 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\WindSolutions
[2014/01/19 13:13:44 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Wondershare

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 466 bytes -> C:\ProgramData\TEMP:9A870F8B
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:F8D65F32
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD022376

< End of report >