Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes won't install - rogue service [Solved]


  • This topic is locked This topic is locked

#1
Montery

Montery

    Member

  • Member
  • PipPip
  • 36 posts
Hello Team! Hope someone who is better at this than I can help out.

I foolishly downloaded and ran an application I shouldn't have (Google Earth Pro, from an illegitimate source), and now I'm unable to run/install Malwarebytes Anti-Malware.

I've run RKill and RogueKiller, which successfully manage to kill the running processes, but before I can install Malwarebytes, I get a Windows UAC Popup asking if I would like to install "google.earth.free2pro.v6.2.2.6613.patch-MPT.exe" - to which I respond No, or close the popup.

The UAC Popup points to "C:\Users\<name>\AppData\Local\Temp\google.earth.free2pro.v6.2.2.6613.patch-MPT.exe". I use Unlocker to delete the file.

Re-running Rkill I get the Windows UAC Popup again. Repeat until spirit is broken and come here with hat in hand for help. :)

Oh, I've also tried to boot into System Recovery Mode and re-created the MBR. Then booted into Safe-Mode and the Google Earth Patch had already started without user intervention.

Based on the Rkill log, I've also tried to delete the "C:\ProgramData\Application Services\appsvc.exe", but it keeps coming back immediately after being deleted (which can only be accomplished using Unlocker).

I do have backup and original disks, but I'd like to see if we can do this without doing the nuclear option first.

Kind thank-you's in advance.

Attached Files

  • Attached File  OTL.Txt   125.54KB   120 downloads
  • Attached File  Rkill.txt   2.78KB   92 downloads

  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
I'm just posting the logs into the thread for you.

OTL logfile created on: 25/02/2014 11:21:46 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.91 Gb Total Physical Memory | 13.29 Gb Available Physical Memory | 83.52% Memory free
31.82 Gb Paging File | 28.17 Gb Available in Paging File | 88.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.47 Gb Total Space | 58.14 Gb Free Space | 26.02% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 474.41 Gb Free Space | 50.93% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 7.39 Gb Total Space | 2.30 Gb Free Space | 31.13% Space Free | Partition Type: FAT32

Computer Name: ANTEC | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 11:28:42 | 001,093,632 | ---- | M] () -- C:\ProgramData\Application Services\appsvc.exe
PRC - [2014/02/20 22:30:20 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/15 16:42:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/14 11:42:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Downloads\OTL.exe
PRC - [2014/02/10 20:36:26 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2013/03/10 09:08:47 | 000,088,984 | ---- | M] (Elaborate Bytes AG) -- D:\Apps\VirtualCloneDrive\VCDDaemon.exe
PRC - [2012/10/17 09:29:53 | 000,684,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
PRC - [2011/02/22 08:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 08:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/25 20:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/06/11 14:11:48 | 001,349,632 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/20 22:30:19 | 016,265,096 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/15 16:42:44 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 03:31:50 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/12 03:27:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:27:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:27:24 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/12 03:27:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:27:13 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:27:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:27:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 03:27:08 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/12 03:27:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:27:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:26:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/15 03:36:35 | 008,866,472 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
MOD - [2012/10/17 09:30:22 | 000,062,968 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2010/06/08 09:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/16 20:33:49 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/12/19 11:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/15 12:03:14 | 009,695,744 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 22:30:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 16:42:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/09 17:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe -- (mi-raysat_3dsmax2014_64)
SRV - [2011/09/12 20:38:06 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/12 20:32:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/02/22 08:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 08:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/10 22:48:42 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/03 18:20:42 | 000,085,016 | -H-- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\PROCMON23.SYS -- (PROCMON23)
DRV:64bit: - [2013/03/10 16:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/07 12:36:18 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/03/07 12:36:16 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/03/04 04:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/19 12:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 11:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 03:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/17 09:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/10/17 09:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/12 16:36:02 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/10/12 16:36:02 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/10/12 16:36:00 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/10/12 16:36:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/09/28 23:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/06/30 13:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/30 13:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/04/08 03:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/09 11:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/01 09:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0A 34 61 AF 95 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0E8C44FC-15AD-493F-BA39-BE471CFD97AA}: "URL" = http://websearch.ask...1-029686B9C64A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://google.ca"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: viewabout%40rumblingedge.com:2.0.1
FF - prefs.js..extensions.enabledAddons: youtubequality%40rzll:1.2
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:11.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: D:\Apps\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ralph\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ralph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Components: D:\APPS\64BIT FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Plugins: D:\APPS\64BIT FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/18 18:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Extensions
[2014/02/25 08:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions
[2013/12/02 12:39:09 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/09 20:20:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/25 08:15:14 | 000,000,000 | ---D | M] (Hola Unblocker) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2012/07/05 06:54:39 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/06 10:23:14 | 000,104,966 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/09/18 08:30:16 | 000,021,977 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/10/21 22:29:35 | 000,009,961 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/01/16 11:54:00 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/07/31 10:45:46 | 000,000,968 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\searchplugins\scrapetorrent.xml
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 16:42:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = D:\Apps\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = D:\Apps\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/12 20:41:01 | 000,000,922 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Apps\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [EPSON6783D0 (Epson Stylus NX620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S5E3A.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download with BitKinex - D:\Apps\BitKinex\ieext_cp.htm File not found
O8:64bit: - Extra context menu item: &Register in BitKinex - D:\Apps\BitKinex\ieext_reg.htm File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Download with BitKinex - D:\Apps\BitKinex\ieext_cp.htm File not found
O8 - Extra context menu item: &Register in BitKinex - D:\Apps\BitKinex\ieext_reg.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941263B3-6134-4436-B8B2-922E30D62EFB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - ("C:\ProgramData\Application Services\appsvc.exe") - C:\ProgramData\Application Services\appsvc.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 01:29:38 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1ad2ebcd-5890-11e1-85db-002522cd7073}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad2ebcd-5890-11e1-85db-002522cd7073}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Launcher.exe
O33 - MountPoints2\H\Shell\configure\command - "" = H:\Launcher.exe
O33 - MountPoints2\H\Shell\install\command - "" = H:\Launcher.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\dvdcheck.exe
O33 - MountPoints2\I\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\I\Shell\setup\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/25 10:57:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\Application Services
[2014/02/25 09:06:00 | 000,000,000 | ---D | C] -- C:\Users\Ralph\Desktop\RK_Quarantine
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/02/24 15:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/02/24 15:31:22 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\SwvUpdater
[2014/02/24 15:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Services
[2014/02/19 10:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2014/02/18 17:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/18 17:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/16 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CADlogic Limited
[2014/02/16 17:24:09 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CADlogic Limited
[2014/02/16 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CADlogic Limited
[2014/02/16 15:59:06 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2014/02/16 15:59:06 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2014/02/16 15:59:06 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2014/02/16 15:59:06 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2014/02/16 15:59:06 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2014/02/16 15:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/02/16 15:52:21 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2014/02/16 15:52:21 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2014/02/16 15:52:21 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2014/02/16 15:52:21 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2014/02/16 15:52:21 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2014/02/16 15:52:21 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2014/02/16 15:52:10 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGAA.DLL
[2014/02/16 15:52:09 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGAA.DLL
[2014/02/16 15:51:21 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2014/02/16 15:51:21 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2014/02/16 15:51:21 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2014/02/16 15:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/02/15 16:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/13 22:30:02 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\35f34269e5y3
[2014/02/13 11:01:55 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\j55964tc13n5t
[2014/02/12 22:08:56 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\9w1fw18y7g
[2014/02/12 05:29:55 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\5684zks
[2014/02/12 03:01:58 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 03:01:40 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 03:01:40 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 03:01:40 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 03:01:40 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 03:01:39 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 03:01:39 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 03:01:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 03:01:39 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 03:01:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 03:01:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 03:01:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 03:01:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 03:01:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 03:01:38 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 03:01:38 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 03:01:38 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 03:01:38 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 03:01:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 03:01:38 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 03:01:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 03:01:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 03:01:37 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 03:01:35 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 01:12:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 01:12:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/12 01:12:07 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 01:12:07 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 01:12:07 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 01:12:07 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 01:12:07 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 01:12:06 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 01:12:06 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 01:12:06 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 01:12:06 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 01:12:06 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 01:12:06 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 01:12:06 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 01:12:06 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 01:12:06 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 01:12:06 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 01:12:06 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 01:12:06 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 01:12:04 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 01:12:04 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/11 05:01:30 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\f9brmfkt2z9g
[2014/02/06 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014/02/06 12:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/06 10:57:22 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Sun
[2014/02/06 10:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/05 15:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2014/02/05 15:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/02/05 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2014/02/05 15:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2014/02/05 15:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2014/02/05 15:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2014/02/04 03:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2014/02/04 03:46:04 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\lykqg
[2014/02/04 03:43:23 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2014/02/04 03:42:52 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\fkgrm
[2014/02/03 16:56:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{$1284-9213-2940-1289$}
[2014/02/03 16:56:02 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\hwvsu
[2014/02/03 11:37:08 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\inkscape
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/25 11:23:11 | 000,033,132 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\msconfig.ini
[2014/02/25 11:15:04 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 11:15:04 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 11:12:30 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/25 11:12:30 | 000,666,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/25 11:12:30 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/25 11:07:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/25 11:07:51 | 4222,160,894 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/24 15:41:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 15:38:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000UA.job
[2014/02/24 15:32:07 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/02/24 15:31:22 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/02/24 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/24 09:38:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000Core.job
[2014/02/23 22:17:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/20 22:30:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/20 22:30:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/20 16:25:20 | 000,004,365 | ---- | M] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/19 09:19:31 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | M] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 16:00:13 | 000,000,071 | ---- | M] () -- C:\Windows\ESNX625.ini
[2014/02/16 15:51:21 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/12 03:02:59 | 000,766,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/10 16:34:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 12:56:02 | 000,440,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/06 11:03:39 | 000,032,766 | ---- | M] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/06 03:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 03:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 03:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 02:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 02:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 02:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 02:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 02:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 02:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 02:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 02:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 02:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 01:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 01:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 01:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 01:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 01:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 01:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 01:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 01:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 00:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 00:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/24 15:31:22 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/02/24 15:28:17 | 000,032,876 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\msconfig.ini
[2014/02/20 16:25:20 | 000,004,365 | ---- | C] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | C] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 15:51:21 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/16 15:50:55 | 000,000,071 | ---- | C] () -- C:\Windows\ESNX625.ini
[2014/02/10 16:34:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/10 16:34:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 11:03:39 | 000,032,766 | ---- | C] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:07:00 | 000,000,652 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013/03/13 16:28:29 | 000,000,024 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Usage.ini
[2013/03/08 22:03:42 | 000,043,874 | ---- | C] () -- C:\Users\Ralph\Network_Meter_Data.js
[2013/02/11 21:00:00 | 000,017,895 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv
[2012/11/27 07:02:44 | 000,060,304 | ---- | C] () -- C:\Users\Ralph\g2mdlhlpx.exe
[2012/09/16 21:26:11 | 000,000,073 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane_drm.prf
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/05 17:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 17:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/01/06 20:09:44 | 000,001,108 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Settings.ini
[2011/10/11 21:58:45 | 000,000,000 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Temptable.xml
[2011/09/18 20:29:15 | 000,000,080 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane Installer.prf
[2011/07/18 18:03:56 | 000,007,791 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2014/02/13 22:30:01 | 002,110,314 | RHS- | M] () -- C:\Users\All Users\{$1284-9213-2940-1289$}\l.exe
[2014/02/12 22:08:56 | 002,110,013 | RHS- | M] () -- C:\Users\All Users\{$1284-9213-2940-1289$}\n.exe
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 300 bytes -> C:\ProgramData\TEMP:9A870F8B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A1EDB939
@Alternate Data Stream - 1137 bytes -> C:\Users\Ralph\AppData\Local\Temp:9QPWVmSsFNZNa21YD8bN
@Alternate Data Stream - 1135 bytes -> C:\Users\Ralph\AppData\Local\HXxyXQuydkjF:cAII5v5XrV27TFTekVwFdN5pg1t1C

< End of report >

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 02/25/2014 11:29:49 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\ProgramData\Application Services\appsvc.exe (PID: 1540) [AU-HEUR]
* C:\Users\Ralph\Downloads\OTL.exe (PID: 4504) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"C:\ProgramData\Application Services\appsvc.exe"

* No issues found.

Checking Windows Service Integrity:

* WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

Program finished at: 02/25/2014 11:29:56 AM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Welcome to GeeksToGo, Montery

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

I will come back with further instructions later.
  • 0

#4
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ah, Thanks!

I must have misread the instructions, I thought I was supposed to attach them.


My apologies. :)
  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
===== > Step 1: OTL Fix < =====

  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    IE - HKCU\..\SearchScopes\{0E8C44FC-15AD-493F-BA39-BE471CFD97AA}: "URL" = http://websearch.ask...1-029686B9C64A
    O4 - HKCU..\Run: [EPSON6783D0 (Epson Stylus NX620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S5E3A.tmp" /EF "HKCU" File not found
    O8:64bit: - Extra context menu item: &Download with BitKinex - D:\Apps\BitKinex\ieext_cp.htm File not found
    O8:64bit: - Extra context menu item: &Register in BitKinex - D:\Apps\BitKinex\ieext_reg.htm File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: &Download with BitKinex - D:\Apps\BitKinex\ieext_cp.htm File not found
    O8 - Extra context menu item: &Register in BitKinex - D:\Apps\BitKinex\ieext_reg.htm File not found
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O20 - HKCU Winlogon: Shell - ("C:\ProgramData\Application Services\appsvc.exe") - C:\ProgramData\Application Services\appsvc.exe ()
    O33 - MountPoints2\{1ad2ebcd-5890-11e1-85db-002522cd7073}\Shell - "" = AutoRun
    O33 - MountPoints2\{1ad2ebcd-5890-11e1-85db-002522cd7073}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Launcher.exe
    O33 - MountPoints2\H\Shell\configure\command - "" = H:\Launcher.exe
    O33 - MountPoints2\H\Shell\install\command - "" = H:\Launcher.exe
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\dvdcheck.exe
    O33 - MountPoints2\I\Shell\directx\command - "" = DirectX9\dxsetup.exe
    O33 - MountPoints2\I\Shell\setup\command - "" = I:\setup.exe
    [2014/02/25 10:57:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\Application Services
    [2014/02/24 15:31:22 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\SwvUpdater
    [2014/02/24 15:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Services
    [2014/02/13 22:30:02 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\35f34269e5y3
    [2014/02/13 11:01:55 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\j55964tc13n5t
    [2014/02/12 22:08:56 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\9w1fw18y7g
    [2014/02/12 05:29:55 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\5684zks
    [2014/02/11 05:01:30 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\f9brmfkt2z9g
    [2014/02/04 03:46:04 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\lykqg
    [2014/02/04 03:42:52 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\fkgrm
    [2014/02/03 16:56:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{$1284-9213-2940-1289$}
    [2014/02/03 16:56:02 | 000,000,000 | RHSD | C] -- C:\Users\Ralph\hwvsu
    [2014/02/25 11:23:11 | 000,033,132 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\msconfig.ini
    [2014/02/24 15:31:22 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
    [2014/02/13 22:30:01 | 002,110,314 | RHS- | M] () -- C:\Users\All Users\{$1284-9213-2940-1289$}\l.exe
    [2014/02/12 22:08:56 | 002,110,013 | RHS- | M] () -- C:\Users\All Users\{$1284-9213-2940-1289$}\n.exe
    @Alternate Data Stream - 300 bytes -> C:\ProgramData\TEMP:9A870F8B
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A1EDB939
    @Alternate Data Stream - 1137 bytes -> C:\Users\Ralph\AppData\Local\Temp:9QPWVmSsFNZNa21YD8bN
    @Alternate Data Stream - 1135 bytes -> C:\Users\Ralph\AppData\Local\HXxyXQuydkjF:cAII5v5XrV27TFTekVwFdN5pg1t1C
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.

===== > Step 2: Adwarecleaner < =====

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

===== > Step 3: JRT < =====

Posted Image  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

===== > Step 4: OTL Scan < =====

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    winsock.*
    mpsvc.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Make sure that under Extra Registry Use Safe List is checked.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop.
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list]
===== > Step 5: Question Time < =====

How is the PC running any issues?

 

In your next post I need to see following logs:

  • OTL Fixlog
  • Adwarecleaner Log
  • JRT Log
  • OTL.txt
  • Extras.txt

And don't forget the answer to my question.
  • 0

#6
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi, Machiavelli!

Thanks for the prompt reply, it's much appreciated.

Here are the logs, in the order you've requested them:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E8C44FC-15AD-493F-BA39-BE471CFD97AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8C44FC-15AD-493F-BA39-BE471CFD97AA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON6783D0 (Epson Stylus NX620) deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download with BitKinex\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Register in BitKinex\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download with BitKinex\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Register in BitKinex\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\ProgramData\Application Services\appsvc.exe" deleted successfully.
File move failed. C:\ProgramData\Application Services\appsvc.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ad2ebcd-5890-11e1-85db-002522cd7073}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ad2ebcd-5890-11e1-85db-002522cd7073}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ad2ebcd-5890-11e1-85db-002522cd7073}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ad2ebcd-5890-11e1-85db-002522cd7073}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\dvdcheck.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File DirectX9\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\setup.exe not found.
Folder move failed. C:\Windows\SysWow64\Application Services scheduled to be moved on reboot.
C:\Users\Ralph\AppData\Local\SwvUpdater folder moved successfully.
Folder move failed. C:\ProgramData\Application Services scheduled to be moved on reboot.
C:\Users\Ralph\35f34269e5y3 folder moved successfully.
C:\Users\Ralph\j55964tc13n5t folder moved successfully.
C:\Users\Ralph\9w1fw18y7g folder moved successfully.
C:\Users\Ralph\5684zks folder moved successfully.
C:\Users\Ralph\f9brmfkt2z9g folder moved successfully.
C:\Users\Ralph\lykqg folder moved successfully.
C:\Users\Ralph\fkgrm folder moved successfully.
C:\ProgramData\{$1284-9213-2940-1289$} folder moved successfully.
C:\Users\Ralph\hwvsu folder moved successfully.
C:\Users\Ralph\AppData\Roaming\msconfig.ini moved successfully.
C:\Windows\Tasks\AmiUpdXp.job moved successfully.
File C:\Users\All Users\{$1284-9213-2940-1289$}\l.exe not found.
File C:\Users\All Users\{$1284-9213-2940-1289$}\n.exe not found.
ADS C:\ProgramData\TEMP:9A870F8B deleted successfully.
ADS C:\ProgramData\TEMP:A1EDB939 deleted successfully.
ADS C:\Users\Ralph\AppData\Local\Temp:9QPWVmSsFNZNa21YD8bN deleted successfully.
ADS C:\Users\Ralph\AppData\Local\HXxyXQuydkjF:cAII5v5XrV27TFTekVwFdN5pg1t1C deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ralph
->Temp folder emptied: 1359644005 bytes
->Temporary Internet Files folder emptied: 200726473 bytes
->Java cache emptied: 1842867 bytes
->FireFox cache emptied: 277627850 bytes
->Google Chrome cache emptied: 226242170 bytes
->Flash cache emptied: 239484 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 366198401 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 53982243301 bytes

Total Files Cleaned = 53,803.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02252014_131514

Files\Folders moved on Reboot...
File move failed. C:\ProgramData\Application Services\appsvc.exe scheduled to be moved on reboot.
C:\Windows\SysWow64\Application Services folder moved successfully.
Folder move failed. C:\ProgramData\Application Services scheduled to be moved on reboot.
C:\Users\Ralph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Ralph\AppData\Local\Mozilla\Firefox\Profiles\zn5rkd03.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Ralph\AppData\Local\Mozilla\Firefox\Profiles\zn5rkd03.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Ralph\AppData\Local\Mozilla\Firefox\Profiles\zn5rkd03.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Ralph\AppData\Local\Mozilla\Firefox\Profiles\zn5rkd03.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Ralph\AppData\Local\Mozilla\Firefox\Profiles\zn5rkd03.default\_CACHE_CLEAN_ moved successfully.
C:\Windows\temp\FireFly(20140225110800888).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20140225110800888).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20140225110800888).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.019 - Report created 25/02/2014 at 13:24:18
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Ralph - ANTEC
# Running from : C:\Users\Ralph\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Ralph\AppData\Local\apn
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\prefs.js ]

Line Deleted : user_pref("CT3281675_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366431741884,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3281675");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN37451463542035301&UM=2&UP=SP9084A21D-12A6-4D5A-9994-CDF48155270D");
Line Deleted : user_pref("smartbar.machineId", "9FBODTGTFZBMB1KJAFKCGHS9CAXV/KA7LMYH2PMLXDD6X2RT+RXJQAKKRJUE++KAYY6XBQ0YSCFX9B5ZBQAIWA");

-\\ Google Chrome v

[ File : C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4196 octets] - [25/02/2014 13:23:11]
AdwCleaner[S0].txt - [4148 octets] - [25/02/2014 13:24:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4208 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Ralph on 25/02/2014 at 13:32:03.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Ralph\AppData\Roaming\mozilla\firefox\profiles\zn5rkd03.default\prefs.js

user_pref("[email protected]", "{\"emailProvider\":\"gmail\",\"smartMode\":true,\"lazyLoad\":false,\"showTn\":true,\"hlNew\":true,\"showAdTextChars\":\"512\",\"
Emptied folder: C:\Users\Ralph\AppData\Roaming\mozilla\firefox\profiles\zn5rkd03.default\minidumps [62 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/02/2014 at 13:33:12.34
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 25/02/2014 1:35:31 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.91 Gb Total Physical Memory | 13.39 Gb Available Physical Memory | 84.16% Memory free
31.82 Gb Paging File | 28.21 Gb Available in Paging File | 88.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.47 Gb Total Space | 64.17 Gb Free Space | 28.72% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 520.65 Gb Free Space | 55.89% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 7.39 Gb Total Space | 2.30 Gb Free Space | 31.13% Space Free | Partition Type: FAT32
Drive Z: | 1862.96 Gb Total Space | 107.76 Gb Free Space | 5.78% Space Free | Partition Type: NTFS

Computer Name: ANTEC | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 11:28:42 | 001,093,632 | ---- | M] () -- C:\ProgramData\Application Services\appsvc.exe
PRC - [2014/02/15 16:42:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/14 11:42:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Downloads\OTL.exe
PRC - [2014/02/10 20:36:26 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/03/28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2013/03/10 09:08:47 | 000,088,984 | ---- | M] (Elaborate Bytes AG) -- D:\Apps\VirtualCloneDrive\VCDDaemon.exe
PRC - [2012/10/17 09:29:53 | 000,684,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
PRC - [2011/02/22 08:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 08:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/25 20:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/06/11 14:11:48 | 001,349,632 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/15 16:42:44 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 03:31:50 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/12 03:27:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:27:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:27:24 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/12 03:27:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:27:13 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:27:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:27:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 03:27:08 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/12 03:27:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:27:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:26:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/15 03:36:35 | 008,866,472 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/10/17 09:30:22 | 000,062,968 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2010/06/08 09:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/16 20:33:49 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/12/19 11:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/15 12:03:14 | 009,695,744 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 22:30:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 16:42:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/09 17:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe -- (mi-raysat_3dsmax2014_64)
SRV - [2011/09/12 20:38:06 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/12 20:32:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/02/22 08:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 08:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/10 22:48:42 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/03 18:20:42 | 000,085,016 | -H-- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\PROCMON23.SYS -- (PROCMON23)
DRV:64bit: - [2013/03/10 16:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/07 12:36:18 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/03/07 12:36:16 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/03/04 04:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/19 12:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 11:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 03:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/17 09:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/10/17 09:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/12 16:36:02 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/10/12 16:36:02 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/10/12 16:36:00 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/10/12 16:36:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/09/28 23:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/06/30 13:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/30 13:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/04/08 03:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/09 11:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/01 09:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1933384260-3777128076-391017205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1933384260-3777128076-391017205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-1933384260-3777128076-391017205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0A 34 61 AF 95 CD 01 [binary data]
IE - HKU\S-1-5-21-1933384260-3777128076-391017205-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1933384260-3777128076-391017205-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-1933384260-3777128076-391017205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://google.ca"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: viewabout%40rumblingedge.com:2.0.1
FF - prefs.js..extensions.enabledAddons: youtubequality%40rzll:1.2
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:11.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: D:\Apps\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ralph\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ralph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Components: D:\APPS\64BIT FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Plugins: D:\APPS\64BIT FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/18 18:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Extensions
[2014/02/25 08:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions
[2013/12/02 12:39:09 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/09 20:20:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/25 08:15:14 | 000,000,000 | ---D | M] (Hola Unblocker) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2012/07/05 06:54:39 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/06 10:23:14 | 000,104,966 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/09/18 08:30:16 | 000,021,977 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/10/21 22:29:35 | 000,009,961 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/01/16 11:54:00 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/07/31 10:45:46 | 000,000,968 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\searchplugins\scrapetorrent.xml
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 16:42:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = D:\Apps\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = D:\Apps\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/25 13:15:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Apps\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1933384260-3777128076-391017205-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941263B3-6134-4436-B8B2-922E30D62EFB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1933384260-3777128076-391017205-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1933384260-3777128076-391017205-1000 Winlogon: Shell - ("C:\ProgramData\Application Services\appsvc.exe") - C:\ProgramData\Application Services\appsvc.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 01:29:38 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{73ea7175-f1f5-11e0-ba11-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{73ea7175-f1f5-11e0-ba11-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009/07/14 01:29:38 | 000,106,760 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/02/25 13:29:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 13:27:18 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:23:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/25 13:15:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/25 09:06:00 | 000,000,000 | ---D | C] -- C:\Users\Ralph\Desktop\RK_Quarantine
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/02/24 15:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/02/24 15:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Services
[2014/02/19 10:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2014/02/18 17:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/18 17:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/16 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CADlogic Limited
[2014/02/16 17:24:09 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CADlogic Limited
[2014/02/16 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CADlogic Limited
[2014/02/16 15:59:06 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2014/02/16 15:59:06 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2014/02/16 15:59:06 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2014/02/16 15:59:06 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2014/02/16 15:59:06 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2014/02/16 15:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/02/16 15:52:21 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2014/02/16 15:52:21 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2014/02/16 15:52:21 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2014/02/16 15:52:21 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2014/02/16 15:52:21 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2014/02/16 15:52:21 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2014/02/16 15:52:10 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGAA.DLL
[2014/02/16 15:52:09 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGAA.DLL
[2014/02/16 15:51:21 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2014/02/16 15:51:21 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2014/02/16 15:51:21 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2014/02/16 15:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/02/15 16:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/12 03:01:58 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 03:01:40 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 03:01:40 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 03:01:40 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 03:01:40 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 03:01:39 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 03:01:39 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 03:01:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 03:01:39 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 03:01:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 03:01:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 03:01:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 03:01:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 03:01:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 03:01:38 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 03:01:38 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 03:01:38 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 03:01:38 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 03:01:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 03:01:38 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 03:01:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 03:01:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 03:01:37 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 03:01:35 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 01:12:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 01:12:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/12 01:12:07 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 01:12:07 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 01:12:07 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 01:12:07 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 01:12:07 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 01:12:06 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 01:12:06 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 01:12:06 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 01:12:06 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 01:12:06 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 01:12:06 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 01:12:06 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 01:12:06 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 01:12:06 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 01:12:06 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 01:12:06 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 01:12:06 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 01:12:04 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 01:12:04 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/06 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014/02/06 12:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/06 10:57:22 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Sun
[2014/02/06 10:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/05 15:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2014/02/05 15:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/02/05 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2014/02/05 15:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2014/02/05 15:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2014/02/05 15:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2014/02/04 03:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2014/02/04 03:43:23 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2014/02/03 11:37:08 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\inkscape

========== Files - Modified Within 30 Days ==========

[2014/02/25 13:36:41 | 000,004,396 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\msconfig.ini
[2014/02/25 13:35:30 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/25 13:35:30 | 000,666,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/25 13:35:30 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/25 13:31:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/25 13:31:10 | 4222,160,894 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/25 13:30:45 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 13:30:45 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 13:27:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:22:42 | 001,241,834 | ---- | M] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:15:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/25 13:01:19 | 000,001,046 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/24 15:41:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 15:38:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000UA.job
[2014/02/24 15:32:07 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/02/24 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/24 09:38:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000Core.job
[2014/02/23 22:17:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/20 22:30:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/20 22:30:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/20 16:25:20 | 000,004,365 | ---- | M] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/19 09:19:31 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | M] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 16:00:13 | 000,000,071 | ---- | M] () -- C:\Windows\ESNX625.ini
[2014/02/16 15:51:21 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/12 03:02:59 | 000,766,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/10 16:34:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 12:56:02 | 000,440,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/06 11:03:39 | 000,032,766 | ---- | M] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/06 03:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 03:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 03:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 02:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 02:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 02:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 02:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 02:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 02:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 02:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 02:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 02:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 01:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 01:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 01:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 01:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 01:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 01:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 01:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 01:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 00:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 00:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk

========== Files Created - No Company Name ==========

[2014/02/25 13:22:29 | 001,241,834 | ---- | C] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:20:33 | 000,004,396 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\msconfig.ini
[2014/02/25 13:01:19 | 000,001,046 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/20 16:25:20 | 000,004,365 | ---- | C] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | C] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 15:51:21 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/16 15:50:55 | 000,000,071 | ---- | C] () -- C:\Windows\ESNX625.ini
[2014/02/10 16:34:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/10 16:34:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 11:03:39 | 000,032,766 | ---- | C] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:07:00 | 000,000,652 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013/03/13 16:28:29 | 000,000,024 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Usage.ini
[2013/03/08 22:03:42 | 000,043,874 | ---- | C] () -- C:\Users\Ralph\Network_Meter_Data.js
[2013/02/11 21:00:00 | 000,017,895 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv
[2012/11/27 07:02:44 | 000,060,304 | ---- | C] () -- C:\Users\Ralph\g2mdlhlpx.exe
[2012/09/16 21:26:11 | 000,000,073 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane_drm.prf
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/05 17:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 17:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/01/06 20:09:44 | 000,001,108 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Settings.ini
[2011/10/11 21:58:45 | 000,000,000 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Temptable.xml
[2011/09/18 20:29:15 | 000,000,080 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane Installer.prf
[2011/07/18 18:03:56 | 000,007,791 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/16 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Autodesk
[2013/07/11 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\BitKinex
[2012/05/06 10:23:28 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Blender Foundation
[2011/12/18 16:18:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Canon
[2011/10/06 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\CircuitWorks
[2012/10/27 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Citrix
[2013/11/07 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\cYo
[2011/09/12 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DassaultSystemes
[2014/02/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\deluge
[2014/02/25 13:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Dropbox
[2013/11/26 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2013/12/03 01:15:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DxO Labs
[2013/11/26 11:05:41 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Easy Thumbnails
[2014/02/19 10:45:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/24 15:48:12 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FileZilla
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\flightgear.org
[2011/08/28 12:41:45 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\fltk.org
[2013/09/21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\GmailNotifierPro
[2013/05/20 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\gtk-2.0
[2013/12/02 17:04:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\HDRsoft
[2012/10/10 18:58:10 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Hulubulu
[2011/07/19 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\InfraRecorder
[2014/02/03 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\inkscape
[2014/02/04 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2013/09/22 12:44:21 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JAM Software
[2013/07/22 17:40:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JPEGView
[2012/06/07 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Leadertech
[2011/10/07 23:16:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Luxology
[2013/10/31 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\ManyCam
[2012/05/10 06:50:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MediaMonkey
[2011/10/22 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mobipocket
[2012/04/24 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MonoDevelop-Unity-2.8
[2013/12/02 17:01:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mp3tag
[2013/11/18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MusicBrainz
[2012/07/08 08:31:06 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\mypcdrivers
[2013/12/02 17:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Nebulosity3
[2014/02/14 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2013/09/22 13:17:31 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Notepad++
[2013/05/15 11:18:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Oracle
[2012/10/27 22:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PACE Anti-Piracy
[2013/08/02 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\salesforce.com
[2013/12/13 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\SecondLife
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Subversion
[2012/05/26 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TagScanner
[2014/02/06 12:54:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TeraCopy
[2012/04/11 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Unity
[2012/12/30 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\uqm

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 17:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 21:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 17:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 05:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 05:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 17:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 17:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 17:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 14:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 21:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 20:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 05:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 05:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 04:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 22:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 17:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 17:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 17:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 17:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 05:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 17:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 17:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 17:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 17:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 17:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 09:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 03:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 22:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 17:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 17:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 05:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 05:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 05:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 17:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 17:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 05:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 05:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 04:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 05:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 05:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 04:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 17:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 21:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 05:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 05:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 05:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 05:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 05:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 05:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 05:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 05:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 04:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 17:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 14:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 05:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 05:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: MPSVC.DLL >
[2013/05/26 21:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll
[2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll
[2013/10/23 17:14:44 | 001,571,328 | ---- | M] (Microsoft Corporation) MD5=8077537B1600AF493E7EE1A7A5C90799 -- C:\Program Files\Microsoft Security Client\MpSvc.dll
[2013/05/26 21:56:38 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=93B9D9FABBED612F71527E52E1D1EE93 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpSvc.dll
[2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll
[2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
[2013/05/26 21:25:24 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=F7DE0DDAC48EEE6DD48A9EB33F6E672D -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpSvc.dll

< MD5 for: QMGR.DLL >
[2010/11/20 05:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 05:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 17:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 13:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/20 22:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2014/02/19 22:17:07 | 000,004,182 | ---- | M] () MD5=78103C8B94CFA4006452BA74BE99DD51 -- C:\Users\Ralph\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 18:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 18:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.H >
[2012/05/15 08:46:04 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\Program Files\MySQL\MySQL Server 5.5\include\mysql\services.h

< MD5 for: SERVICES.LNK >
[2009/07/13 20:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 20:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 18:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 18:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 18:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 18:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 9858-36D0
Directory of C:\
13/07/2009 09:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
13/07/2009 09:08 PM <JUNCTION> Application Data [C:\ProgramData]
13/07/2009 09:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/07/2009 09:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
13/07/2009 09:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/07/2009 09:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/07/2009 09:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
13/07/2009 09:08 PM <SYMLINKD> All Users [C:\ProgramData]
13/07/2009 09:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
13/07/2009 09:08 PM <JUNCTION> Application Data [C:\ProgramData]
13/07/2009 09:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/07/2009 09:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
13/07/2009 09:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/07/2009 09:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/07/2009 09:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
13/07/2009 09:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
13/07/2009 09:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
13/07/2009 09:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
13/07/2009 09:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
13/07/2009 09:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/07/2009 09:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/07/2009 09:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
13/07/2009 09:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
13/07/2009 09:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
13/07/2009 09:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
13/07/2009 09:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
13/07/2009 09:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
13/07/2009 09:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
13/07/2009 09:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
13/07/2009 09:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
13/07/2009 09:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
13/07/2009 09:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
13/07/2009 09:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
13/07/2009 09:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Ralph
18/07/2011 05:09 PM <JUNCTION> Application Data [C:\Users\Ralph\AppData\Roaming]
18/07/2011 05:09 PM <JUNCTION> Cookies [C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Cookies]
18/07/2011 05:09 PM <JUNCTION> Local Settings [C:\Users\Ralph\AppData\Local]
18/07/2011 05:09 PM <JUNCTION> My Documents [C:\Users\Ralph\Documents]
18/07/2011 05:09 PM <JUNCTION> NetHood [C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18/07/2011 05:09 PM <JUNCTION> PrintHood [C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18/07/2011 05:09 PM <JUNCTION> Recent [C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Recent]
18/07/2011 05:09 PM <JUNCTION> SendTo [C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\SendTo]
18/07/2011 05:09 PM <JUNCTION> Start Menu [C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu]
18/07/2011 05:09 PM <JUNCTION> Templates [C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ralph\AppData\Local
18/07/2011 05:09 PM <JUNCTION> Application Data [C:\Users\Ralph\AppData\Local]
18/07/2011 05:09 PM <JUNCTION> History [C:\Users\Ralph\AppData\Local\Microsoft\Windows\History]
18/07/2011 05:09 PM <JUNCTION> Temporary Internet Files [C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ralph\Documents
18/07/2011 05:09 PM <JUNCTION> My Music [C:\Users\Ralph\Music]
18/07/2011 05:09 PM <JUNCTION> My Pictures [C:\Users\Ralph\Pictures]
18/07/2011 05:09 PM <JUNCTION> My Videos [C:\Users\Ralph\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
23/07/2011 09:23 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
23/07/2011 09:23 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
23/07/2011 09:23 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
23/07/2011 09:23 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
23/07/2011 09:23 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
23/07/2011 09:23 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
23/07/2011 09:23 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
23/07/2011 09:23 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
23/07/2011 09:23 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
23/07/2011 09:23 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
23/07/2011 09:23 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
23/07/2011 09:23 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
23/07/2011 09:23 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
23/07/2011 09:23 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
23/07/2011 09:23 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
23/07/2011 09:23 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
23/07/2011 09:23 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
23/07/2011 09:23 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
23/07/2011 09:23 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
23/07/2011 09:23 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
23/07/2011 09:23 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
23/07/2011 09:23 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
23/07/2011 09:23 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
23/07/2011 09:23 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
23/07/2011 09:23 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
23/07/2011 09:23 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
23/07/2011 09:23 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
23/07/2011 09:23 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
23/07/2011 09:23 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
23/07/2011 09:23 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
23/07/2011 09:23 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
23/07/2011 09:23 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 68,804,685,824 bytes free

< End of report >
OTL Extras logfile created on: 25/02/2014 1:35:31 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.91 Gb Total Physical Memory | 13.39 Gb Available Physical Memory | 84.16% Memory free
31.82 Gb Paging File | 28.21 Gb Available in Paging File | 88.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.47 Gb Total Space | 64.17 Gb Free Space | 28.72% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 520.65 Gb Free Space | 55.89% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 7.39 Gb Total Space | 2.30 Gb Free Space | 31.13% Space Free | Partition Type: FAT32
Drive Z: | 1862.96 Gb Total Space | 107.76 Gb Free Space | 5.78% Space Free | Partition Type: NTFS

Computer Name: ANTEC | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1933384260-3777128076-391017205-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Apps\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Apps\Canon\Digital Photo Professional\DPPViewer.exe /path "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Apps\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Apps\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Apps\Canon\Digital Photo Professional\DPPViewer.exe /path "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Apps\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{1ACD242F-2FF5-44C0-B35A-1A19A02EEFC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{204A6AA5-9247-4962-B215-AE31E13E695F}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{3AE8678E-B157-406B-80E1-94B27CB39A7E}" = lport=3306 | protocol=6 | dir=in | name=mysql |
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45EF4D85-555D-4442-A23C-55247DD5AB92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51D709EC-B82E-4D96-A7E5-6CBF96942B84}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B3746E6-B178-4C9B-ABDF-2BD476E45DCE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5CBA9221-F318-4FFC-AEDA-8ADC91D768E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FC61119-A1B2-48D1-A9A9-380B9A30D710}" = lport=10243 | protocol=6 | dir=in | app=system |
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system |
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system |
"{A9AD0FC8-1E0F-426E-BD8A-CAB509341D47}" = lport=3306 | protocol=6 | dir=in | name=mysql |
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C549F87D-6CA8-44F9-A83C-FBC068489304}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D3259605-D2A8-47CB-B99C-1A3A5ABBE267}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{D787E5C0-91F4-43D1-911F-09D32A03BB1D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DDB380FA-7E31-41BA-B42B-5A2575EA6B7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E019815E-E62B-4BB7-989C-FF2A2E17F3A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FEF81523-4A3C-40E7-96F7-6E1C05A261C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01415FC9-E858-43BD-BD91-CF40B424EDF7}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{02649F26-FA50-403B-9F1A-A07012CB64BF}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{03AFAB98-DE78-41DD-8816-8895F7D57576}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{049D5A90-248A-41DE-A166-BD7CD59CBDD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{078E6741-D977-4A32-8C38-0F4B77D94F88}" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{09AF4D72-3E70-4E22-BFA0-A4C83C7941D5}" = protocol=17 | dir=in | app=d:\apps\steam\steamapps\montery_66\team fortress 2\hl2.exe |
"{09B10170-BB90-4DC5-B7B4-08125F8797F7}" = protocol=17 | dir=in | app=d:\apps\3ds max 2014\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64server.exe |
"{0B3068DC-B1F0-413B-9F52-1E52B34D03F6}" = protocol=6 | dir=in | app=d:\apps\xbmc\xbmc.exe |
"{0FC35E8D-A9F5-4A23-B879-5C597E3039ED}" = protocol=17 | dir=in | app=d:\apps\comicrack\comicrack.exe |
"{11A64961-476D-4CDC-9C79-070AD1BBEEE3}" = protocol=6 | dir=in | app=c:\users\ralph\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{121A31C2-D9BD-4F0A-BE2F-A8D4EA12700C}" = protocol=6 | dir=out | app=system |
"{12D7F4F0-F044-4EB0-BAB6-AE9C8AD51355}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{15F3E625-8494-4141-8F1D-92881835A516}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{19A3C51B-2A3A-4D0C-A1D2-0C3B432B840C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1AA3FA2D-C740-4314-BE95-79198404392B}" = protocol=17 | dir=in | app=d:\games\ncc1701\ncc1701.exe |
"{20FB612D-7A2F-42B6-8565-5EC318CA601B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{241A3945-7957-427F-A9D8-37089862B64B}" = protocol=6 | dir=in | app=d:\apps\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{248B5C0A-DADC-4A10-BF77-2FB76A03AEA9}" = protocol=17 | dir=in | app=d:\apps\secondlifeviewer\slvoice.exe |
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | [email protected],-28543 |
"{2E4F3E2A-D09B-4544-A3AA-717183F7C0AC}" = protocol=6 | dir=in | app=d:\civilization.v.goty.incl.gods.and.kings\civilizationv_dx11.exe |
"{302A226E-5BAF-40A7-A8CD-A43AD0348D24}" = protocol=6 | dir=in | app=d:\apps\mediamonkey\mediamonkey.exe |
"{30FCA5B9-D4ED-45C3-889D-FA7E98B18177}" = protocol=6 | dir=in | app=d:\apps\3ds max 2014\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64server.exe |
"{333ABB33-2936-49EE-9D4B-74514C4D97CB}" = protocol=6 | dir=in | app=d:\games\x-plane 9.00 beta-1\x-plane 900 beta-1.exe |
"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{399EA320-726C-47A9-BE9B-02E039C6C5F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3A12F9ED-EC25-4976-A527-598238812517}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{3A605427-BC97-4FF9-8BF5-E0F00FD34808}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{3D5DF22C-0C16-4B12-8978-59DF60FF9A1E}" = protocol=6 | dir=in | app=d:\apps\musicbrainz picard\picard.exe |
"{3F41537F-9C3F-4905-B645-C50AD85A1A2A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{40F6ED55-86BD-4724-A1CF-E1D1D447DB9B}" = protocol=6 | dir=in | app=d:\apps\steam\steamapps\common\sixense midi controller\sixensemidicontroller.exe |
"{43B6DF78-A03B-4D22-AADA-31C5FECAD586}" = protocol=6 | dir=in | app=d:\apps\autodesk\3ds max design 2013\3dsmax.exe |
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BAD293E-CF1C-4155-ACF3-F46A2583967A}" = protocol=17 | dir=in | app=d:\apps\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{4C56F90E-6602-4D56-A519-57A3BD5A41C8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4C606F21-6BF5-4EBD-8A8D-C2D80ED4DB3A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4DA3135C-FE3A-4327-9163-37CEA0209ED3}" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{4ED436F2-6811-4FF3-8FA2-F241C44D1288}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | [email protected],-28544 |
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{53CA4C6C-E1AC-4CB9-86D4-740E191DBAE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53D42A5B-0078-4ACF-B956-AABF40BE18C1}" = protocol=6 | dir=in | app=d:\games\ncc1701\ncc1701.exe |
"{54D8B4E8-50DB-4BC2-A1FA-C688AA3BCCBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55EA2AB7-BBEC-4BA5-BA86-508C2CCD2595}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{55FA2B9E-D25E-4F23-9A73-85D8DD3DB27F}" = protocol=6 | dir=in | app=d:\apps\steam\steam.exe |
"{57BBA2A1-6137-488F-86E8-573EC9260064}" = dir=in | app=d:\apps\prtg network monitor\prtg probe.exe |
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6191F681-1C01-4C56-809F-6FE11F6C2109}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6546D5F4-3A54-4562-A0E8-8CE3EA7C935C}" = protocol=17 | dir=in | app=c:\users\ralph\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{66865ACD-0F73-4A2D-B4C1-FA1FEE87A77C}" = dir=in | app=d:\apps\prtg network monitor\prtg server.exe |
"{6838ECD9-AFCD-47C7-B5EB-1C74134C7C76}" = protocol=6 | dir=in | app=d:\apps\steam\steamapps\montery_66\team fortress 2\hl2.exe |
"{68DCEE5C-32D9-4DD2-ABBD-E11196AA43F0}" = protocol=6 | dir=in | app=d:\apps\unity\editor\unity.exe |
"{69A1FBCF-2708-4806-9D07-8688BDD811C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6B953445-3BE8-4D6B-AD3F-075DF1B1C712}" = protocol=6 | dir=in | app=d:\apps\comicrack\comicrack.exe |
"{72065031-1BF3-4F91-B949-0DE7443A32EA}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{7658942B-B6CC-4F91-96F5-B60401CB50D2}" = protocol=6 | dir=in | app=d:\apps\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{77DB52F5-207D-4B1A-B738-121E9D3ACF6D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7B0CA09B-E132-4AA1-8B28-59AA97CB5C57}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{7E3E8F7E-BFA4-4C73-88C9-F1C2D5263C26}" = protocol=17 | dir=in | app=d:\apps\3ds max 2014\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64.exe |
"{7FB921CA-7CC4-4A20-B7E4-C97D42B836CD}" = protocol=17 | dir=in | app=d:\apps\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81632E8B-0F11-4B20-848D-301745727791}" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\dropbox\bin\dropbox.exe |
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A4067E0-8213-41E4-8F8A-69DA3C8EC6E0}" = protocol=6 | dir=in | app=d:\games\x-plane 9.00 beta-1\x-plane.exe |
"{8FF844AF-40DD-491C-991A-DEA311BEB042}" = protocol=6 | dir=in | app=d:\apps\secondlifeviewer\slvoice.exe |
"{922EAD49-1FB2-4A05-A8D9-47ED682CA558}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9700296D-AE7C-4575-B71C-DE13D64A8A5A}" = protocol=17 | dir=in | app=d:\neverwinternights\nwn\nwmain.exe |
"{99C6F3E7-3704-46E5-82FD-79355EF3933F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{99C73DA4-B53E-4A80-8B00-D7C11E457684}" = protocol=6 | dir=in | app=d:\neverwinternights\nwn\nwmain.exe |
"{9A452476-8264-432C-B2E4-D6BB853892F4}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"{9AFA8CF8-6175-4BD0-AFB8-2CA8C83A84F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{9B15F693-7BE6-4C83-ACC0-C481A95321E0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9CD09840-B549-4F75-9EEB-6BE3B543DAE8}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{9FA880FB-F628-45A8-B434-2FEFAE3A0AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{A07BA017-5FE8-4D70-A294-A3C0155C5447}" = protocol=17 | dir=in | app=d:\apps\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{A2038C25-423C-4E30-B0AC-97C2A638C4AD}" = protocol=17 | dir=in | app=d:\apps\autodesk\3ds max design 2013\3dsmax.exe |
"{A370144B-8566-4A16-B105-3847AB2090C4}" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{A3722455-EF95-42A0-8AE2-CDA075F560B8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A89F3895-35A0-413A-B37D-417AF5DDAA69}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{A96FD70E-3102-407A-A19F-0EA553C1AC4E}" = protocol=17 | dir=in | app=d:\apps\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system |
"{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AE873249-D17E-431C-8D8D-70755BAB6D44}" = protocol=6 | dir=in | app=d:\apps\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B13E32DA-1682-4C46-AAA1-2EBDA5BC94E2}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8B4E785-9232-4B9A-8B01-74C63AC2AA26}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{BA065FCF-7654-41BE-AFFB-14A88BC0EF93}" = protocol=17 | dir=in | app=d:\games\x-plane 9.00 beta-1\x-plane 900 beta-1.exe |
"{BAD47C92-33B0-4EAD-A2FD-403C7F44DD90}" = protocol=17 | dir=in | app=d:\apps\steam\steam.exe |
"{BC947ABA-FA7E-4A51-B125-988F2D5F8505}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{C19E0CC0-B10A-4E7F-BE62-A362F3FBC597}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C37BFDA3-0DBF-40A8-AB77-BDA88041B276}" = protocol=17 | dir=in | app=d:\civilization.v.goty.incl.gods.and.kings\civilizationv_dx11.exe |
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB2370F8-BBE4-46CF-B18B-090188831C10}" = protocol=17 | dir=in | app=d:\apps\deluge\deluge.exe |
"{CB550F20-1E7E-4C50-BF94-D94EB44EF5ED}" = protocol=6 | dir=in | app=d:\apps\3ds max 2014\3ds max 2014\nvidia\satellite\raysat_3dsmax2014_64.exe |
"{CD1F15FF-88C9-474A-87FE-B3FFF2609853}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDBD069A-2A03-4610-9E10-B5B4256312BC}" = protocol=17 | dir=in | app=d:\apps\xbmc\xbmc.exe |
"{CF463781-9ADF-4FCF-AFFE-29D7E9B42D90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D281048B-205A-4DEE-91A6-8F4D56FDFFEC}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{D491BAEA-BD3D-4858-8D6D-66616F1B5BD4}" = protocol=17 | dir=in | app=d:\apps\steam\steamapps\common\sixense midi controller\sixensemidicontroller.exe |
"{D58D0E2A-D658-442D-BD2E-E8DD520131AB}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{D5C41E58-78B2-4D3C-84C2-2F081C92CDEC}" = protocol=17 | dir=in | app=d:\apps\unity\editor\unity.exe |
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | [email protected],-28545 |
"{E2DEEF67-1502-4CF0-BB73-F61966760EE5}" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\dropbox\bin\dropbox.exe |
"{E51AA7C6-B9D1-4118-A288-7A02F7111AE0}" = dir=in | app=d:\apps\prtg network monitor\prtg server administrator.exe |
"{E5DB8213-FAEF-4952-90FC-781D6C9DF685}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E77A6232-3355-4CBF-B9A0-C680F30258A9}" = protocol=17 | dir=in | app=d:\games\x-plane 9.00 beta-1\x-plane.exe |
"{E822E1D7-B288-4689-BCF1-6209C16400AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E96E7057-C4C8-4E23-AA7D-B3591A9C52EF}" = protocol=17 | dir=in | app=d:\apps\musicbrainz picard\picard.exe |
"{E9F3DD64-B739-4703-A677-225C9D9672D1}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"{EB68F6C2-D991-4E04-9F25-2BB052DA1575}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{EB78CE23-CD4D-481E-B6FA-F2127A4D1327}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EE904A56-AAA2-4910-B0DF-9382A1A5DC40}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | [email protected],-28546 |
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3A38769-C184-4745-A5F8-A4BFB40B9AFB}" = protocol=6 | dir=in | app=d:\apps\deluge\deluge.exe |
"{F4734217-E4A0-404B-9D65-4BE1DDDABF06}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8DB0845-22D5-4E98-9CBB-2179AC9718FD}" = protocol=6 | dir=in | app=d:\apps\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{F8F79F00-0DA3-484B-A567-68BFA3CE64C8}" = protocol=17 | dir=in | app=d:\apps\mediamonkey\mediamonkey.exe |
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA8D7F50-2564-4940-86E4-E5846F75D1FE}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{FC2B625F-6083-4EA5-8FEF-3907B1CD7501}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0B174E51-1EA6-401D-84E1-4AF1F324D9AB}D:\apps\steam\steamapps\montery_66\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\apps\steam\steamapps\montery_66\team fortress 2\hl2.exe |
"TCP Query User{2815BDB8-BC45-4F73-9157-8CC746A4F6E2}D:\apps\comicrack\comicrack.exe" = protocol=6 | dir=in | app=d:\apps\comicrack\comicrack.exe |
"TCP Query User{2F4B1682-703F-4D09-A5A9-38541A5653F4}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{31C70FE9-F35D-43AE-A244-26E66A15C6C9}C:\users\ralph\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{33F16C22-E707-447D-B61E-AC241B6A464C}D:\apps\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=d:\apps\mediamonkey\mediamonkey.exe |
"TCP Query User{409CE4E6-79FC-4C39-B17C-A705E58DDF46}D:\apps\xbmc\xbmc.exe" = protocol=6 | dir=in | app=d:\apps\xbmc\xbmc.exe |
"TCP Query User{421ABFD6-CD05-4639-A12D-D98EE490A4F6}D:\games\x-plane 9.00 beta-1\x-plane 900 beta-1.exe" = protocol=6 | dir=in | app=d:\games\x-plane 9.00 beta-1\x-plane 900 beta-1.exe |
"TCP Query User{6C85DB43-C674-4DE1-916E-00044113D2AE}D:\games\x-plane 9.00 beta-1\x-plane.exe" = protocol=6 | dir=in | app=d:\games\x-plane 9.00 beta-1\x-plane.exe |
"TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"TCP Query User{6E39D5B5-9A96-4F54-BD19-26DD3E9F1D10}D:\games\ncc1701\ncc1701.exe" = protocol=6 | dir=in | app=d:\games\ncc1701\ncc1701.exe |
"TCP Query User{7D0BC2AC-9B05-4845-9AF7-A4A106C628DF}D:\apps\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=d:\apps\secondlifeviewer\slvoice.exe |
"TCP Query User{8C7F5EE2-C976-4E0A-A538-3F7339F592F7}D:\apps\unity\editor\unity.exe" = protocol=6 | dir=in | app=d:\apps\unity\editor\unity.exe |
"TCP Query User{A6BD5D7E-2F7E-41BE-AE51-197976962FC8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B5EF4813-EC3E-470C-A20A-BA2ACD3B1A4C}D:\games\x-plane 10\x-plane.exe" = protocol=6 | dir=in | app=d:\games\x-plane 10\x-plane.exe |
"TCP Query User{C26F172F-2476-43FE-8CD0-4231848521D2}D:\neverwinternights\nwn\nwmain.exe" = protocol=6 | dir=in | app=d:\neverwinternights\nwn\nwmain.exe |
"TCP Query User{D1F383AE-881B-48E0-B15D-AE99471B401A}D:\apps\tixati\tixati.exe" = protocol=6 | dir=in | app=d:\apps\tixati\tixati.exe |
"TCP Query User{DBF547EE-A0C5-44B8-955F-DA08830AE401}D:\apps\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=d:\apps\musicbrainz picard\picard.exe |
"TCP Query User{E0EC5C58-89FB-45E6-9EDE-60011C64CE66}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{E1BF20BF-6C60-487C-A082-F36FB202A830}D:\civilization.v.goty.incl.gods.and.kings\civilizationv_dx11.exe" = protocol=6 | dir=in | app=d:\civilization.v.goty.incl.gods.and.kings\civilizationv_dx11.exe |
"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"TCP Query User{E4714ADC-D31E-483B-BED7-EE134571BD0A}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{F213DD61-9378-4AEC-BD2C-EDF41ABF41C2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{F4ACF007-F77D-49EC-A703-2A241F30A4FE}D:\apps\deluge\deluge.exe" = protocol=6 | dir=in | app=d:\apps\deluge\deluge.exe |
"TCP Query User{FA118303-5659-4C68-A3B5-34672CD08CB9}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{FACA22D3-C7A8-4AE7-A84D-3D4D3870A0C5}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=6 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |
"UDP Query User{04870D66-C8F2-469A-BBEE-DB139BBAEF25}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{0AE6D690-99AD-4F5C-A7E5-EAE153540634}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{15FD2C04-8C8B-4F87-B7BF-86C741BEF458}D:\apps\steam\steamapps\montery_66\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\apps\steam\steamapps\montery_66\team fortress 2\hl2.exe |
"UDP Query User{1A6C3E6C-1CB0-486C-8501-9ABD3062EB2E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{20B20EE9-F29A-4E03-AD87-2980DDCF0FD1}D:\neverwinternights\nwn\nwmain.exe" = protocol=17 | dir=in | app=d:\neverwinternights\nwn\nwmain.exe |
"UDP Query User{2186D93E-4C84-4A07-8169-E63E24435A4D}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{275F1370-376A-4E3B-B294-C0DAA74BAD44}D:\games\ncc1701\ncc1701.exe" = protocol=17 | dir=in | app=d:\games\ncc1701\ncc1701.exe |
"UDP Query User{2AA0A0E6-C84C-4BEE-82D3-245B0F5BEB1D}D:\apps\unity\editor\unity.exe" = protocol=17 | dir=in | app=d:\apps\unity\editor\unity.exe |
"UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"UDP Query User{39F2C51C-175B-46B2-AA74-09DCECFCEF7D}C:\users\ralph\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"UDP Query User{5F2B0A43-06C7-4B81-A762-77E9EF45FF15}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{68FE1A30-B988-415A-AC48-30EAA26E6472}D:\games\x-plane 9.00 beta-1\x-plane 900 beta-1.exe" = protocol=17 | dir=in | app=d:\games\x-plane 9.00 beta-1\x-plane 900 beta-1.exe |
"UDP Query User{6BCEA4F6-0B54-4FAF-B280-7DCA5D3ED0DB}D:\apps\comicrack\comicrack.exe" = protocol=17 | dir=in | app=d:\apps\comicrack\comicrack.exe |
"UDP Query User{6C4831B8-2D7A-443A-ABC9-1D5CA192A7F0}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=17 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |
"UDP Query User{8324CADE-C9B4-4950-87AC-1A6F19B554D3}D:\games\x-plane 9.00 beta-1\x-plane.exe" = protocol=17 | dir=in | app=d:\games\x-plane 9.00 beta-1\x-plane.exe |
"UDP Query User{8799ABEF-C816-4508-B254-B490408E5BC5}D:\apps\deluge\deluge.exe" = protocol=17 | dir=in | app=d:\apps\deluge\deluge.exe |
"UDP Query User{9737538D-83C4-4678-8A55-57CF7DAFE1F2}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{98DCC360-2C42-468C-A535-F60E1A482C1A}D:\apps\xbmc\xbmc.exe" = protocol=17 | dir=in | app=d:\apps\xbmc\xbmc.exe |
"UDP Query User{9900BC67-6FD0-4EF5-9067-CDFB9154E68E}D:\apps\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=d:\apps\musicbrainz picard\picard.exe |
"UDP Query User{9FBA9DFF-E95C-4EA0-9A26-506936AD528B}D:\apps\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=d:\apps\mediamonkey\mediamonkey.exe |
"UDP Query User{A247E8DE-2576-42A0-8DD0-B12485AF69CA}D:\games\x-plane 10\x-plane.exe" = protocol=17 | dir=in | app=d:\games\x-plane 10\x-plane.exe |
"UDP Query User{A7AD30D7-071F-4F4F-B6BF-85B06510F0C3}D:\apps\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=d:\apps\secondlifeviewer\slvoice.exe |
"UDP Query User{AF3A3BE2-7CA1-4074-995D-623D57C2B375}D:\civilization.v.goty.incl.gods.and.kings\civilizationv_dx11.exe" = protocol=17 | dir=in | app=d:\civilization.v.goty.incl.gods.and.kings\civilizationv_dx11.exe |
"UDP Query User{E5F5EC21-97C5-4A80-BBAC-C1C29954DF09}D:\apps\tixati\tixati.exe" = protocol=17 | dir=in | app=d:\apps\tixati\tixati.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008FBC6F-4819-2ACF-8F4C-708AC15242DF}" = ATI AVIVO64 Codecs
"{009751C6-22D7-4548-A313-AD48FA57076F}" = Autodesk Inventor Server Engine for 3ds Max 2014 64-bit
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B606A56-13F2-4164-B044-BF7A90F972C8}" = DxO Optics Pro 9
"{0BB716E0-1400-0610-0000-097DC2F354DF}" = Autodesk Revit Interoperability for 3ds Max 2014
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52B37EC7-D836-0409-0064-3C24BCED2010}" = Autodesk 3ds Max 2014
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5AAB972C-FF31-4B01-8445-50C42860EC02}" = Autodesk Composite 2014
"{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}" = Adobe PDF iFilter 9 for 64-bit platforms
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{7491836B-659E-47DD-ABBF-F875AD48FD10}" = Autodesk 3ds Max 2014 64-bit Populate Data
"{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}" = Autodesk DirectConnect 2014 64-bit
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A6A4A258-0A48-4F76-B8F1-61F0514594DD}" = Microsoft Camera Codec Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit
"{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{CC9889DA-F802-4C85-B543-15C02543BA29}" = Oracle VM VirtualBox 4.2.22
"{CFEB0039-1D37-4018-B704-ED3E21ECEFE2}" = MySQL Server 5.5
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E8814D63-BB76-4C89-A25E-264ECF11D00D}" = Autodesk Essential Skills Movies for 3ds Max 2014 64-bit
"Autodesk 3ds Max 2014" = Autodesk 3ds Max 2014
"Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit
"Autodesk Composite 2014" = Autodesk Composite 2014
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk DirectConnect 2014 64-bit" = Autodesk DirectConnect 2014 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit
"Autodesk Revit Interoperability for 3ds Max 2014" = Autodesk Revit Interoperability for 3ds Max 2014
"Blender" = Blender
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"ComicRack" = ComicRack v0.9.175
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"EPSON NX620 Series" = EPSON NX620 Series Printer Uninstall
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Nightly 30.0a1 (x64 en-US)" = Nightly 30.0a1 (x64 en-US)
"PhotomatixPro5x64_is1" = Photomatix Pro version 5.0
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"TeraCopy_is1" = TeraCopy 2.3
"Unlocker" = Unlocker 1.9.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek
"{022BC727-ACB7-4C1D-109C-177515714A32}" = Catalyst Control Center
"{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish
"{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English
"{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard
"{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 51
"{2970697F-2A11-4588-8B7F-97322D1CCF3C}" = Epson Event Manager
"{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish
"{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2014
"{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech
"{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{61F9913C-39FA-46E1-B2B0-DB2D9B1887EB}" = Draft IT
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Harmony Browser Plug-in
"{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014
"{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian
"{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish
"{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}" = Microsoft Visual C++ 2005 Redistributable
"{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French
"{837B34E3-7C30-493C-8F6A-2B0F04E2912C}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai
"{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}" = Autodesk Material Library Medium Resolution Image Library 2014
"{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German
"{A7CE3C9E-78B4-4855-8D24-5CDF498E31F9}" = BitKinex
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1" = ISO to USB
"{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy
"{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish
"{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian
"{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish
"{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Cities XL 2012" = Cities XL 2012
"Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings
"Data Loader" = salesforce.com Data Loader
"Deluge" = Deluge 1.3.5
"DjVuLibre+DjView" = DjVuLibre DjView 3.5.25.4+4.9.2
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.7.4.1
"Free Video to AppleTV Converter_is1" = Free Video to AppleTV Converter version 5.0.26.628
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.20.1031
"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.3
"Inkscape" = Inkscape 0.48.4
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.58
"MusicBrainz Picard" = MusicBrainz Picard
"Nebulosity3_is1" = Nebulosity 3.1.0
"Notepad++" = Notepad++
"Oolite" = Oolite 1.76.1.4946
"QmF0bWFuQXJraGFtT3JpZ2lucw==_is1" = Batman Arkham Origins
"SecondLifeViewer" = SecondLifeViewer (remove only)
"TagScanner_is1" = TagScanner 5.1.621
"The Ur-Quan Masters" = The Ur-Quan Masters 0.7.0
"TreeSize Free_is1" = TreeSize Free V2.7
"U2lkTWVpZXJzQ2l2aWxpemF0aW9uVg==_is1" = Sid Meier's Civilization V Brave New World
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1933384260-3777128076-391017205-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.4.0.1082
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 25/02/2014 12:57:27 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 25/02/2014 1:00:55 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 25/02/2014 1:00:55 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 25/02/2014 1:00:55 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL

Error - 25/02/2014 1:37:12 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1790 Invoked Function: ::WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
An existing connection was forcibly closed by the remote host.

Error - 25/02/2014 1:37:12 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1791 Invoked Function: ::WSARecv/::WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown

Error - 25/02/2014 1:37:12 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
895 Invoked Function: CSocketTransport::readSocket Return Code: -31588312 (0xFE1E0028)
Description:
SOCKETTRANSPORT_ERROR_GET_RESULT_FAILURE:The system get result call for the socket
failed.

Error - 25/02/2014 1:37:12 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
1047 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31588312
(0xFE1E0028) Description: SOCKETTRANSPORT_ERROR_GET_RESULT_FAILURE:The system get
result call for the socket failed.

Error - 25/02/2014 1:37:12 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\UdpTcpTransports_win.cpp
Line:
311 Invoked Function: ::WSASend Return Code: 10054 (0x00002746) Description: An existing
connection was forcibly closed by the remote host.

Error - 25/02/2014 1:37:12 PM | Computer Name = Antec | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
404 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31588341
(0xFE1E000B) Description: SOCKETTRANSPORT_ERROR_WRITE


< End of report >

And lastly, I attempted to install MBAM, and could not. I get this error:
C:\ProgramData\Malwarebytes\Malwarebytes' Anit-Malware\rules.ref

An error occurred while trying to create a file in the destination directly:
Setup was unable to create the directory:
"C:\ProgramData\Malwarebytes\Malwarebytes' Anit-Malware".

Error 183: Cannot create a file when that file already exists.

I then picked the abort option.

I can't turn on Windows Defender.

.... and on reboot, I still receive the UAC popup asking if I would like to install "google.earth.free2pro.v6.2.2.6613.patch-MPT.exe" - to which I respond No.


Thanks again for your help. :)

Edited by Montery, 25 February 2014 - 04:05 PM.

  • 0

#7
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
=====> Step 1: SideBar Advice < =====

In your logs I see that Windows SideBar is running! At the moment Windows SideBar has a security vulnerability and so I recommend you to disable it for a while. More information is here so far I noticed.

To disable Windows SideBar please follow the instructions below:

  • Download the FixIt from here to your Desktop
  • Double click on MicrosoftFixit50906.msi and follow the prompts to disable Windows SideBar and gadgets. Once finished, reboot your computer if not advised to do so.

===== > Step 2: OTL Fix < ======

  • Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O20 - HKU\S-1-5-21-1933384260-3777128076-391017205-1000 Winlogon: Shell - ("C:\ProgramData\Application Services\appsvc.exe") - C:\ProgramData\Application Services\appsvc.exe ()
    O32 - AutoRun File - [2009/07/14 01:29:38 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{73ea7175-f1f5-11e0-ba11-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{73ea7175-f1f5-11e0-ba11-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009/07/14 01:29:38 | 000,106,760 | R--- | M] (Microsoft Corporation)
    [2014/02/24 15:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Services
    [2014/02/25 13:36:41 | 000,004,396 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\msconfig.ini
    [2013/11/26 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

===== > Step 3: RogueKiller < =====

  • Download RogueKiller (by tigzy) on the desktop
  • Quit all programs
  • Start RogueKiller.exe. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on RogueKiller.exe and select Run as Administrator)
  • Wait until Prescan has finished ...
  • Click on Scan. Once finished, click on Report

Please post the contents of the RKreport.txt in your next Reply.

 

Please don't forget to include following things/logs:

  • OTL.txt
  • RKreport.txt
  • How is your PC running?

  • 0

#8
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Machiavelli!

I've performed the requested activities, though RougeKiller did ask me if I wanted to delete the 4 registry settings it thought was undesirable and I answered no as your instructions did not mention to do so prior to exiting.

Here are the logs, in the order you requested them:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ not found.
Registry value HKEY_USERS\S-1-5-21-1933384260-3777128076-391017205-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\ProgramData\Application Services\appsvc.exe" deleted successfully.
File move failed. C:\ProgramData\Application Services\appsvc.exe scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73ea7175-f1f5-11e0-ba11-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ea7175-f1f5-11e0-ba11-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73ea7175-f1f5-11e0-ba11-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ea7175-f1f5-11e0-ba11-806e6f6e6963}\ not found.
File move failed. F:\setup.exe scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Application Services scheduled to be moved on reboot.
C:\Users\Ralph\AppData\Roaming\msconfig.ini moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\logs folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToJPGConverter\Themes\Default folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToJPGConverter\Themes folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToJPGConverter folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToAppleTVConverter\Themes\TropicalSeaShore folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToAppleTVConverter\Themes\Sunrise folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToAppleTVConverter\Themes\None folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToAppleTVConverter\Themes\GreenHills folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToAppleTVConverter\Themes\Default folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToAppleTVConverter\Themes folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\FreeVideoToAppleTVConverter folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft\backup folder moved successfully.
C:\Users\Ralph\AppData\Roaming\DVDVideoSoft folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ralph
->Temp folder emptied: 3493477 bytes
->Temporary Internet Files folder emptied: 133 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 191749553 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1378 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20199875 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02262014_094730

Files\Folders moved on Reboot...
File move failed. C:\ProgramData\Application Services\appsvc.exe scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\setup.exe scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Application Services scheduled to be moved on reboot.
C:\Users\Ralph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FireFly(20140226094519858).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20140226094519858).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20140226094519858).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ralph [Admin rights]
Mode : Scan -- Date : 02/26/2014 09:53:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] appsvc.exe -- C:\ProgramData\Application Services\appsvc.exe [-] -> ERROR [5]

¤¤¤ Registry Entries : 4 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\Application Services\appsvc.exe" [x][-]) -> FOUND
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\Application Services\appsvc.exe" [x][-]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000526SV ATA Device +++++
--- User ---
[MBR] 9f6b48e8d5d045681c66d184fb79844f
[BSP] 370d4f2a5f2702b2299667bc61a1bc4e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3500630AS ATA Device +++++
--- User ---
[MBR] 97747c34cddab0af4b15813970634ad7
[BSP] 0a0bb06af0298d021e575178468d7f81 : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 243 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 501758 | Size: 476694 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) OCZ-VERTEX3 MI ATA Device +++++
--- User ---
[MBR] 0a49c0096d00e5da99fd29d0a1964e0a
[BSP] 61a9605ceb9f74d19e8c2b65e4f1d135 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 228833 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic Ultra HS-SD/MMC USB Device +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Google File-CD Gadget USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_02262014_095322.txt >>




The system does not allow me to turn on my firewall, or install MBAM.

... and there are occasional Microsoft .NET Framework error messages occuring. The error message is:
Unhandled exception has occurred in your application.
Exception has been thrown by the target of an invocation.
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.IO.InvalidDataException: The magic number in GZip header is not correct. Make sure you are passing in a GZip stream.
at System.IO.Compression.GZipDecoder.ReadGzipHeader()
at System.IO.Compression.Inflater.Decode()
at System.IO.Compression.Inflater.Inflate(Byte[] bytes, Int32 offset, Int32 length)
at System.IO.Compression.DeflateStream.Read(Byte[] array, Int32 offset, Int32 count)
at System.IO.Compression.GZipStream.Read(Byte[] array, Int32 offset, Int32 count)
at ..(Byte[] )
at A.A.A()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Feb_3.Form1.ca0801c652948bf13ead1d1840a2d6b58(Object cc8bf386cdf959cc1e5a8142df086dd20, Object cc8bf386cdf959cc1e5a8142df086dd20, Object cc8bf386cdf959cc1e5a8142df086dd20)
at Feb_3.Form1.cf8234920362678fbc5c0b2b80562dbe4(Object c881fe9615efac72a67b9496985381df6, EventArgs c881fe9615efac72a67b9496985381df6)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ContainerControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5477 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
[email protected]
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Users/Ralph/AppData/Local/Temp/mint.exe
----------------------------------------
Microsoft.VisualBasic
Assembly Version: 8.0.0.0
Win32 Version: 8.0.50727.5420 (Win7SP1.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5468 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
A
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Users/Ralph/AppData/Local/Temp/mint.exe
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.



Thanks again for your help!

Edited by Montery, 26 February 2014 - 02:09 PM.

  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
===== > Step 1: OTH < =====

Please download OTH to your desktop

  • Right click on OTH.scr and select Run as Administrator to start the application.
  • Click on Kill All Processes <-- The desktop and taskbar etc will disappear, this is normal as all running process will have been stopped.
  • Then click on Start Misc Program
  • Navigate to RogueKiller.exe >> Open >> Run

===== > Step 2: RogueKiller Fix < =====

  • With OTH you have opened now RogueKiller.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • After it has finished, click the Registry tab and clear the check marks from the following entries:

    • [SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\Application Services\appsvc.exe" [x][-]) -> FOUND
    • [SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\Application Services\appsvc.exe" [x][-]) -> FOUND
    • [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    • [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
  • Click on the Delete button.
  • The report has been created on the desktop.(RKreport.txt)

Please post the contents of the RKreport.txt in your next Reply.

Reboot your system please.

===== >Step 3: OTL Scan < =====

  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 0

#10
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
This is looking promising! I like this OTH app... :)

Anyhow, here's the RK report before I deleted the registry entires (I think you meant to say 'leave checked'??)

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ralph [Admin rights]
Mode : Scan -- Date : 02/26/2014 13:07:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] appsvc.exe -- C:\ProgramData\Application Services\appsvc.exe [-] -> KILLED [TermProc]
[SUSP PATH] OTH.scr -- C:\Users\Ralph\Desktop\OTH.scr [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\Application Services\appsvc.exe" [x][-]) -> FOUND
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\Application Services\appsvc.exe" [x][-]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000526SV ATA Device +++++
--- User ---
[MBR] 9f6b48e8d5d045681c66d184fb79844f
[BSP] 370d4f2a5f2702b2299667bc61a1bc4e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3500630AS ATA Device +++++
--- User ---
[MBR] 97747c34cddab0af4b15813970634ad7
[BSP] 0a0bb06af0298d021e575178468d7f81 : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 243 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 501758 | Size: 476694 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) OCZ-VERTEX3 MI ATA Device +++++
--- User ---
[MBR] 0a49c0096d00e5da99fd29d0a1964e0a
[BSP] 61a9605ceb9f74d19e8c2b65e4f1d135 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 228833 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic Ultra HS-SD/MMC USB Device +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Google File-CD Gadget USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_02262014_130743.txt >>
RKreport[0]_S_02262014_095322.txt



And here's the report after I deleted the registry entries:
RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ralph [Admin rights]
Mode : Remove -- Date : 02/26/2014 13:08:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] appsvc.exe -- C:\ProgramData\Application Services\appsvc.exe [-] -> KILLED [TermProc]
[SUSP PATH] OTH.scr -- C:\Users\Ralph\Desktop\OTH.scr [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\Application Services\appsvc.exe" [x][-]) -> DELETED
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\Application Services\appsvc.exe" [x][-]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000526SV ATA Device +++++
--- User ---
[MBR] 9f6b48e8d5d045681c66d184fb79844f
[BSP] 370d4f2a5f2702b2299667bc61a1bc4e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3500630AS ATA Device +++++
--- User ---
[MBR] 97747c34cddab0af4b15813970634ad7
[BSP] 0a0bb06af0298d021e575178468d7f81 : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 243 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 501758 | Size: 476694 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) OCZ-VERTEX3 MI ATA Device +++++
--- User ---
[MBR] 0a49c0096d00e5da99fd29d0a1964e0a
[BSP] 61a9605ceb9f74d19e8c2b65e4f1d135 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 228833 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic Ultra HS-SD/MMC USB Device +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Google File-CD Gadget USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_02262014_130836.txt >>
RKreport[0]_S_02262014_095322.txt;RKreport[0]_S_02262014_130743.txt



And here's the OTL report:
OTL logfile created on: 26/02/2014 1:12:03 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.91 Gb Total Physical Memory | 13.46 Gb Available Physical Memory | 84.62% Memory free
31.82 Gb Paging File | 28.28 Gb Available in Paging File | 88.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.47 Gb Total Space | 63.70 Gb Free Space | 28.51% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 520.65 Gb Free Space | 55.89% Space Free | Partition Type: NTFS
Drive I: | 7.39 Gb Total Space | 2.30 Gb Free Space | 31.13% Space Free | Partition Type: FAT32

Computer Name: ANTEC | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/15 16:42:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/14 11:42:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Downloads\OTL.exe
PRC - [2014/02/10 20:36:26 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/03/28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2013/03/10 09:08:47 | 000,088,984 | ---- | M] (Elaborate Bytes AG) -- D:\Apps\VirtualCloneDrive\VCDDaemon.exe
PRC - [2012/10/17 09:29:53 | 000,684,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
PRC - [2011/02/22 08:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 08:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/25 20:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/06/11 14:11:48 | 001,349,632 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/15 16:42:44 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 03:31:50 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/12 03:27:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:27:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:27:24 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/12 03:27:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:27:13 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:27:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:27:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 03:27:08 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/12 03:27:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:27:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:26:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/10/17 09:30:22 | 000,062,968 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2010/06/08 09:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/16 20:33:49 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/12/19 11:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/15 12:03:14 | 009,695,744 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 22:30:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 16:42:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/09 17:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe -- (mi-raysat_3dsmax2014_64)
SRV - [2011/09/12 20:38:06 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/12 20:32:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/02/22 08:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 08:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/10 22:48:42 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/03 18:20:42 | 000,085,016 | -H-- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\PROCMON23.SYS -- (PROCMON23)
DRV:64bit: - [2013/03/10 16:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/07 12:36:18 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/03/07 12:36:16 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/03/04 04:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/19 12:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 11:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 03:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/17 09:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/10/17 09:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/12 16:36:02 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/10/12 16:36:02 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/10/12 16:36:00 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/10/12 16:36:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/09/28 23:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/06/30 13:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/30 13:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/04/08 03:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/09 11:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/01 09:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0A 34 61 AF 95 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://google.ca"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: viewabout%40rumblingedge.com:2.0.1
FF - prefs.js..extensions.enabledAddons: youtubequality%40rzll:1.2
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:11.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: D:\Apps\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ralph\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ralph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Components: D:\APPS\64BIT FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Plugins: D:\APPS\64BIT FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/18 18:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Extensions
[2014/02/26 09:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions
[2013/12/02 12:39:09 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/09 20:20:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/25 08:15:14 | 000,000,000 | ---D | M] (Hola Unblocker) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2012/07/05 06:54:39 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/06 10:23:14 | 000,104,966 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/09/18 08:30:16 | 000,021,977 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/10/21 22:29:35 | 000,009,961 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/26 09:57:54 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/07/31 10:45:46 | 000,000,968 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\searchplugins\scrapetorrent.xml
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 16:42:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = D:\Apps\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = D:\Apps\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/25 13:15:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Apps\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941263B3-6134-4436-B8B2-922E30D62EFB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/26 13:04:53 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ralph\Desktop\OTH.scr
[2014/02/26 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CrashDumps
[2014/02/26 10:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2014/02/26 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 13:29:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 13:27:18 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:23:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/25 13:15:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/25 09:06:00 | 000,000,000 | ---D | C] -- C:\Users\Ralph\Desktop\RK_Quarantine
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/02/24 15:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/02/24 15:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Services
[2014/02/19 10:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2014/02/18 17:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/18 17:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/16 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CADlogic Limited
[2014/02/16 17:24:09 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CADlogic Limited
[2014/02/16 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CADlogic Limited
[2014/02/16 15:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/02/16 15:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/02/15 16:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/06 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014/02/06 12:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/06 10:57:22 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Sun
[2014/02/06 10:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/05 15:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2014/02/05 15:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/02/05 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2014/02/05 15:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2014/02/05 15:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2014/02/05 15:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2014/02/04 03:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2014/02/04 03:43:23 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2014/02/03 11:37:08 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\inkscape

========== Files - Modified Within 30 Days ==========

[2014/02/26 13:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/26 13:09:44 | 4222,160,894 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/26 13:06:28 | 000,011,288 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\msconfig.ini
[2014/02/26 13:04:56 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Desktop\OTH.scr
[2014/02/26 09:56:33 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/26 09:56:33 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/26 09:53:44 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/26 09:53:44 | 000,666,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/26 09:53:44 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/26 03:01:02 | 000,766,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/25 13:47:39 | 000,004,365 | ---- | M] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/25 13:27:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:22:42 | 001,241,834 | ---- | M] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:15:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/25 13:01:19 | 000,001,046 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/24 15:41:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 15:38:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000UA.job
[2014/02/24 15:32:07 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/02/24 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/24 09:38:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000Core.job
[2014/02/23 22:17:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/19 09:19:31 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | M] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 16:00:13 | 000,000,071 | ---- | M] () -- C:\Windows\ESNX625.ini
[2014/02/16 15:51:21 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/10 16:34:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 12:56:02 | 000,440,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/06 11:03:39 | 000,032,766 | ---- | M] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk

========== Files Created - No Company Name ==========

[2014/02/26 09:49:59 | 000,011,288 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\msconfig.ini
[2014/02/25 13:47:39 | 000,004,365 | ---- | C] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/25 13:22:29 | 001,241,834 | ---- | C] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:01:19 | 000,001,046 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | C] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 15:51:21 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/16 15:50:55 | 000,000,071 | ---- | C] () -- C:\Windows\ESNX625.ini
[2014/02/10 16:34:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/10 16:34:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 11:03:39 | 000,032,766 | ---- | C] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:07:00 | 000,000,652 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013/03/13 16:28:29 | 000,000,024 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Usage.ini
[2013/03/08 22:03:42 | 000,043,874 | ---- | C] () -- C:\Users\Ralph\Network_Meter_Data.js
[2013/02/11 21:00:00 | 000,017,895 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv
[2012/11/27 07:02:44 | 000,060,304 | ---- | C] () -- C:\Users\Ralph\g2mdlhlpx.exe
[2012/09/16 21:26:11 | 000,000,073 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane_drm.prf
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/05 17:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 17:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/01/06 20:09:44 | 000,001,108 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Settings.ini
[2011/10/11 21:58:45 | 000,000,000 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Temptable.xml
[2011/09/18 20:29:15 | 000,000,080 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane Installer.prf
[2011/07/18 18:03:56 | 000,007,791 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/16 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Autodesk
[2013/07/11 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\BitKinex
[2012/05/06 10:23:28 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Blender Foundation
[2011/12/18 16:18:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Canon
[2011/10/06 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\CircuitWorks
[2012/10/27 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Citrix
[2013/11/07 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\cYo
[2011/09/12 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DassaultSystemes
[2014/02/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\deluge
[2014/02/26 13:10:31 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Dropbox
[2013/12/03 01:15:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DxO Labs
[2013/11/26 11:05:41 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Easy Thumbnails
[2014/02/19 10:45:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/24 15:48:12 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FileZilla
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\flightgear.org
[2011/08/28 12:41:45 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\fltk.org
[2013/09/21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\GmailNotifierPro
[2013/05/20 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\gtk-2.0
[2013/12/02 17:04:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\HDRsoft
[2012/10/10 18:58:10 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Hulubulu
[2011/07/19 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\InfraRecorder
[2014/02/03 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\inkscape
[2014/02/04 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2013/09/22 12:44:21 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JAM Software
[2013/07/22 17:40:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JPEGView
[2012/06/07 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Leadertech
[2011/10/07 23:16:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Luxology
[2013/10/31 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\ManyCam
[2012/05/10 06:50:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MediaMonkey
[2011/10/22 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mobipocket
[2012/04/24 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MonoDevelop-Unity-2.8
[2013/12/02 17:01:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mp3tag
[2013/11/18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MusicBrainz
[2012/07/08 08:31:06 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\mypcdrivers
[2013/12/02 17:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Nebulosity3
[2014/02/14 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2013/09/22 13:17:31 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Notepad++
[2013/05/15 11:18:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Oracle
[2012/10/27 22:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PACE Anti-Piracy
[2013/08/02 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\salesforce.com
[2013/12/13 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\SecondLife
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Subversion
[2012/05/26 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TagScanner
[2014/02/06 12:54:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TeraCopy
[2012/04/11 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Unity
[2012/12/30 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\uqm

========== Purity Check ==========



< End of report >

... and just a follow up, I got this Windows popup for Windows Defender:
This operation returned because the timeout period expired. (Error Code: 0x800705b4)

Edited by Montery, 26 February 2014 - 03:35 PM.

  • 0

Advertisements


#11
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts

I like this OTH app...

Little tool, but powerful. :lol:

===== > Step 1: OTL Fix < =====

  • Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
    O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    [2014/02/24 15:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Services
    [2014/02/26 13:06:28 | 000,011,288 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\msconfig.ini
    
    :Files
    dir C:\Users\Ralph\AppData\Roaming\uqm /S /C
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply
  • Run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

===== > Step 2: TDSS Killer < =====

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

===== > Step 3: Question < =====

How is the PC running? Please give me a list of all problems you are currently having.

 

Please don't forget to include following things the next time:

  • OTL Fixlog
  • OTL.txt
  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • Answer to my question

  • 0

#12
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Machiavelli!

Here are the updated logs...

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\ProgramData\Application Services folder moved successfully.
C:\Users\Ralph\AppData\Roaming\msconfig.ini moved successfully.
========== FILES ==========
< dir C:\Users\Ralph\AppData\Roaming\uqm /S /C >
Volume in drive C has no label.
Volume Serial Number is 9858-36D0
Directory of C:\Users\Ralph\AppData\Roaming\uqm
30/12/2012 12:54 PM <DIR> .
30/12/2012 12:54 PM <DIR> ..
28/12/2012 12:28 PM 2,179 flight.cfg
30/12/2012 12:56 PM 140 melee.cfg
28/12/2012 12:26 PM <DIR> save
28/12/2012 12:26 PM <DIR> teams
23/05/2011 12:23 PM 298 uqm-3do.cfg
23/05/2011 12:24 PM 309 uqm-pc.cfg
28/12/2012 12:28 PM 675 uqm.cfg
5 File(s) 3,601 bytes
Directory of C:\Users\Ralph\AppData\Roaming\uqm\save
28/12/2012 12:26 PM <DIR> .
28/12/2012 12:26 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Ralph\AppData\Roaming\uqm\teams
28/12/2012 12:26 PM <DIR> .
28/12/2012 12:26 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
5 File(s) 3,601 bytes
8 Dir(s) 68,956,332,032 bytes free
C:\Users\Ralph\Downloads\cmd.bat deleted successfully.
C:\Users\Ralph\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ralph
->Temp folder emptied: 2371038 bytes
->Temporary Internet Files folder emptied: 288 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 164018557 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1206 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8088372 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 48503 bytes

Total Files Cleaned = 166.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02272014_084141

Files\Folders moved on Reboot...
C:\Users\Ralph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FireFly(20140227031825858).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20140227031825858).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20140227031825858).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL logfile created on: 27/02/2014 8:44:49 AM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.91 Gb Total Physical Memory | 13.38 Gb Available Physical Memory | 84.10% Memory free
31.82 Gb Paging File | 28.23 Gb Available in Paging File | 88.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.47 Gb Total Space | 64.38 Gb Free Space | 28.81% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 493.00 Gb Free Space | 52.92% Space Free | Partition Type: NTFS
Drive I: | 7.39 Gb Total Space | 2.30 Gb Free Space | 31.13% Space Free | Partition Type: FAT32

Computer Name: ANTEC | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/15 16:42:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/14 11:42:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Downloads\OTL.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/03/28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2013/03/10 09:08:47 | 000,088,984 | ---- | M] (Elaborate Bytes AG) -- D:\Apps\VirtualCloneDrive\VCDDaemon.exe
PRC - [2012/10/17 09:29:53 | 000,684,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
PRC - [2010/11/25 20:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/06/11 14:11:48 | 001,349,632 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/15 16:42:44 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 03:31:50 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/12 03:27:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:27:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:27:24 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/12 03:27:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:27:13 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:27:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:27:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 03:27:08 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/12 03:27:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:27:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:26:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/10/17 09:30:22 | 000,062,968 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2010/06/08 09:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/16 20:33:49 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/12/19 11:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/15 12:03:14 | 009,695,744 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 22:30:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 16:42:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/09 17:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe -- (mi-raysat_3dsmax2014_64)
SRV - [2011/09/12 20:38:06 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/12 20:32:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/02/22 08:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 08:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/10 22:48:42 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/03 18:20:42 | 000,085,016 | -H-- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\PROCMON23.SYS -- (PROCMON23)
DRV:64bit: - [2013/03/10 16:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/07 12:36:18 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/03/07 12:36:16 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/03/04 04:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/19 12:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 11:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 03:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/17 09:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/10/17 09:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/12 16:36:02 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/10/12 16:36:02 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/10/12 16:36:00 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/10/12 16:36:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/09/28 23:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/06/30 13:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/30 13:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/04/08 03:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/09 11:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/01 09:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0A 34 61 AF 95 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://google.ca"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: viewabout%40rumblingedge.com:2.0.1
FF - prefs.js..extensions.enabledAddons: youtubequality%40rzll:1.2
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:11.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: D:\Apps\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ralph\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ralph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Components: D:\APPS\64BIT FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Plugins: D:\APPS\64BIT FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/18 18:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Extensions
[2014/02/26 09:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions
[2013/12/02 12:39:09 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/09 20:20:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/25 08:15:14 | 000,000,000 | ---D | M] (Hola Unblocker) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2012/07/05 06:54:39 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/06 10:23:14 | 000,104,966 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/09/18 08:30:16 | 000,021,977 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/10/21 22:29:35 | 000,009,961 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/26 09:57:54 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/07/31 10:45:46 | 000,000,968 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\searchplugins\scrapetorrent.xml
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 16:42:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = D:\Apps\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = D:\Apps\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/25 13:15:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Apps\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941263B3-6134-4436-B8B2-922E30D62EFB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/27 08:45:22 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ralph\Desktop\tdsskiller.exe
[2014/02/26 13:04:53 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ralph\Desktop\OTH.scr
[2014/02/26 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CrashDumps
[2014/02/26 10:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2014/02/26 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 13:29:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 13:27:18 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:23:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/25 13:15:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/25 09:06:00 | 000,000,000 | ---D | C] -- C:\Users\Ralph\Desktop\RK_Quarantine
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/02/24 15:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/02/19 10:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2014/02/18 17:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/18 17:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/16 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CADlogic Limited
[2014/02/16 17:24:09 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CADlogic Limited
[2014/02/16 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CADlogic Limited
[2014/02/16 15:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/02/16 15:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/02/15 16:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/06 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014/02/06 12:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/06 10:57:22 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Sun
[2014/02/06 10:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/05 15:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2014/02/05 15:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/02/05 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2014/02/05 15:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2014/02/05 15:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2014/02/05 15:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2014/02/04 03:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2014/02/04 03:43:23 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2014/02/03 11:37:08 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\inkscape

========== Files - Modified Within 30 Days ==========

[2014/02/27 08:45:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ralph\Desktop\tdsskiller.exe
[2014/02/27 08:43:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/27 08:43:00 | 4222,160,894 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/27 03:25:29 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 03:25:29 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 03:22:38 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/27 03:22:38 | 000,666,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/27 03:22:38 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/27 03:00:35 | 000,766,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/26 16:27:00 | 000,002,280 | -H-- | M] () -- C:\Users\Ralph\Documents\Default.rdp
[2014/02/26 13:04:56 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Desktop\OTH.scr
[2014/02/25 13:47:39 | 000,004,365 | ---- | M] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/25 13:27:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:22:42 | 001,241,834 | ---- | M] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:15:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/25 13:01:19 | 000,001,046 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/24 15:41:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 15:38:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000UA.job
[2014/02/24 15:32:07 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/02/24 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/24 09:38:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000Core.job
[2014/02/23 22:17:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/19 09:19:31 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | M] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 16:00:13 | 000,000,071 | ---- | M] () -- C:\Windows\ESNX625.ini
[2014/02/16 15:51:21 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/10 16:34:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 12:56:02 | 000,440,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/06 11:03:39 | 000,032,766 | ---- | M] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk

========== Files Created - No Company Name ==========

[2014/02/25 13:47:39 | 000,004,365 | ---- | C] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/25 13:22:29 | 001,241,834 | ---- | C] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:01:19 | 000,001,046 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | C] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 15:51:21 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/16 15:50:55 | 000,000,071 | ---- | C] () -- C:\Windows\ESNX625.ini
[2014/02/10 16:34:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/10 16:34:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 11:03:39 | 000,032,766 | ---- | C] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:07:00 | 000,000,652 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013/03/13 16:28:29 | 000,000,024 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Usage.ini
[2013/03/08 22:03:42 | 000,043,874 | ---- | C] () -- C:\Users\Ralph\Network_Meter_Data.js
[2013/02/11 21:00:00 | 000,017,895 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv
[2012/11/27 07:02:44 | 000,060,304 | ---- | C] () -- C:\Users\Ralph\g2mdlhlpx.exe
[2012/09/16 21:26:11 | 000,000,073 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane_drm.prf
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/05 17:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 17:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/01/06 20:09:44 | 000,001,108 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Settings.ini
[2011/10/11 21:58:45 | 000,000,000 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Temptable.xml
[2011/09/18 20:29:15 | 000,000,080 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane Installer.prf
[2011/07/18 18:03:56 | 000,007,791 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/16 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Autodesk
[2013/07/11 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\BitKinex
[2012/05/06 10:23:28 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Blender Foundation
[2011/12/18 16:18:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Canon
[2011/10/06 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\CircuitWorks
[2012/10/27 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Citrix
[2013/11/07 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\cYo
[2011/09/12 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DassaultSystemes
[2014/02/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\deluge
[2014/02/27 08:44:01 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Dropbox
[2013/12/03 01:15:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DxO Labs
[2013/11/26 11:05:41 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Easy Thumbnails
[2014/02/19 10:45:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/26 16:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FileZilla
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\flightgear.org
[2011/08/28 12:41:45 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\fltk.org
[2013/09/21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\GmailNotifierPro
[2013/05/20 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\gtk-2.0
[2013/12/02 17:04:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\HDRsoft
[2012/10/10 18:58:10 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Hulubulu
[2011/07/19 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\InfraRecorder
[2014/02/03 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\inkscape
[2014/02/04 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2013/09/22 12:44:21 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JAM Software
[2013/07/22 17:40:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JPEGView
[2012/06/07 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Leadertech
[2011/10/07 23:16:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Luxology
[2013/10/31 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\ManyCam
[2012/05/10 06:50:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MediaMonkey
[2011/10/22 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mobipocket
[2012/04/24 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MonoDevelop-Unity-2.8
[2013/12/02 17:01:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mp3tag
[2013/11/18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MusicBrainz
[2012/07/08 08:31:06 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\mypcdrivers
[2013/12/02 17:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Nebulosity3
[2014/02/14 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2013/09/22 13:17:31 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Notepad++
[2013/05/15 11:18:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Oracle
[2012/10/27 22:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PACE Anti-Piracy
[2013/08/02 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\salesforce.com
[2013/12/13 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\SecondLife
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Subversion
[2012/05/26 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TagScanner
[2014/02/06 12:54:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TeraCopy
[2012/04/11 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Unity
[2012/12/30 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\uqm

========== Purity Check ==========



< End of report >


When I ran TDSSKiller, it prompted me to get the latest version, which I did. I ran through the process you outlined, but it did not find any threats. I'd paste the results in here, but the log is too big for posting, so I've attached the file instead.

I'm still unable to install MBAM, and I'm still unable to turn on windows firewall, oops, I meant Windows Defender.

... looks like the service for Microsoft Security Essentials is off, and the program itself cannot turn on the service due to an "Access Denied" error.

I see that there's an update for MSE, but I get an error: Code 80070005 when I try to perform the Windows Update. I'll hold off on any more sleuthing until I hear from you. :)


Thanks!

Attached Files


Edited by Montery, 27 February 2014 - 11:29 AM.

  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey Montery,
I hope everything is well. :) Hopefully the fix below fixes the problems you currently have. You did really well so far. :thumbsup:

Thanks!

You are most welcome, Montery. :)

===== > Step 1: OTL Fix < =====

  • Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - user.js - File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O1364bit: - gopher Prefix: missing
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    :Files
    C:\ProgramData\Malwarebytes
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

=====> Step 2: ESET Service Repair < =====

  • Please download ESET Services Repair Tool from here and save it to your Desktop;
  • Right click and choose Run as administrator
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart

===== > Step 3: FSS < =====

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===== > Step 4: Questions < =====

Try to run MBAM Setup now and try Defender now. Any issues? :)

Regards,
Gerrit :cool:
  • 0

#14
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Machiavelli!

You did really well so far. :thumbsup:

Thanks! I sometimes do helpdesk support, so I know the importance of being methodical and following instructions! :)

About 50% done now, I should think. :) MBAM installed and I ran a scan (log at end of this report). Windows Defender service still won't start, and has the same error as before.

Here's the OTL Scan:
OTL logfile created on: 27/02/2014 2:38:58 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.91 Gb Total Physical Memory | 13.77 Gb Available Physical Memory | 86.52% Memory free
31.82 Gb Paging File | 28.64 Gb Available in Paging File | 90.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.47 Gb Total Space | 65.37 Gb Free Space | 29.25% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 486.35 Gb Free Space | 52.21% Space Free | Partition Type: NTFS
Drive I: | 7.39 Gb Total Space | 2.30 Gb Free Space | 31.13% Space Free | Partition Type: FAT32

Computer Name: ANTEC | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/14 11:42:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Downloads\OTL.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/03/28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2013/03/10 09:08:47 | 000,088,984 | ---- | M] (Elaborate Bytes AG) -- D:\Apps\VirtualCloneDrive\VCDDaemon.exe
PRC - [2012/10/17 09:29:53 | 000,684,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
PRC - [2010/11/25 20:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/06/11 14:11:48 | 001,349,632 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/12 03:31:50 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/12 03:27:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:27:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:27:24 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/12 03:27:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:27:13 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:27:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:27:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 03:27:08 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/12 03:27:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:27:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:26:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/10/17 09:30:22 | 000,062,968 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2010/06/08 09:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/16 20:33:49 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/12/19 11:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/15 12:03:14 | 009,695,744 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 22:30:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 16:42:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/01 13:38:10 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/07/09 17:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/17 09:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/09 21:01:12 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/14 20:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Apps\3DS Max 2014\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe -- (mi-raysat_3dsmax2014_64)
SRV - [2011/09/12 20:38:06 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/12 20:32:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/02/22 08:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 08:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/10 22:48:42 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/03 18:20:42 | 000,085,016 | -H-- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\PROCMON23.SYS -- (PROCMON23)
DRV:64bit: - [2013/03/10 16:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/07 12:36:18 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/03/07 12:36:16 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/03/04 04:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/19 12:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 11:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 03:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/17 09:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/10/17 09:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/12 16:36:02 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/10/12 16:36:02 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/10/12 16:36:00 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/10/12 16:36:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/09/28 23:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/06/30 13:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/30 13:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/04/08 03:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/09 11:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/01 09:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0A 34 61 AF 95 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://google.ca"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: viewabout%40rumblingedge.com:2.0.1
FF - prefs.js..extensions.enabledAddons: youtubequality%40rzll:1.2
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:11.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: D:\Apps\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ralph\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ralph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ralph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ralph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Components: D:\APPS\64BIT FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 30.0a1\extensions\\Plugins: D:\APPS\64BIT FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/18 18:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Extensions
[2014/02/26 09:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions
[2013/12/02 12:39:09 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/09 20:20:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/25 08:15:14 | 000,000,000 | ---D | M] (Hola Unblocker) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2012/07/05 06:54:39 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/06 10:23:14 | 000,104,966 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/09/18 08:30:16 | 000,021,977 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2011/10/21 22:29:35 | 000,009,961 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\[email protected]
[2014/02/26 09:57:54 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/07/31 10:45:46 | 000,000,968 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\zn5rkd03.default\searchplugins\scrapetorrent.xml
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/18 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 16:42:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = D:\Apps\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = D:\Apps\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/25 13:15:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Apps\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ralph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941263B3-6134-4436-B8B2-922E30D62EFB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/27 14:13:13 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2014/02/27 08:45:22 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ralph\Desktop\tdsskiller.exe
[2014/02/26 13:04:53 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ralph\Desktop\OTH.scr
[2014/02/26 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CrashDumps
[2014/02/26 10:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2014/02/26 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 13:29:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 13:27:18 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:23:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/25 13:15:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/25 09:06:00 | 000,000,000 | ---D | C] -- C:\Users\Ralph\Desktop\RK_Quarantine
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/02/25 08:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/02/24 15:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/02/19 10:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2014/02/18 17:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/18 17:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/16 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\CADlogic Limited
[2014/02/16 17:24:09 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CADlogic Limited
[2014/02/16 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CADlogic Limited
[2014/02/16 15:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/02/16 15:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/02/15 16:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/06 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014/02/06 12:33:46 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/06 10:57:22 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\Sun
[2014/02/06 10:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/05 15:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2014/02/05 15:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/02/05 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2014/02/05 15:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2014/02/05 15:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2014/02/05 15:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2014/02/04 03:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2014/02/04 03:43:23 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2014/02/03 11:37:08 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\inkscape

========== Files - Modified Within 30 Days ==========

[2014/02/27 14:37:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/27 14:37:31 | 4222,160,894 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/27 14:15:37 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Free Video to JPG Converter.lnk
[2014/02/27 09:24:12 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 09:24:12 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 09:21:27 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/27 09:21:27 | 000,666,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/27 09:21:27 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/27 08:45:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ralph\Desktop\tdsskiller.exe
[2014/02/27 03:00:35 | 000,766,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/26 16:27:00 | 000,002,280 | -H-- | M] () -- C:\Users\Ralph\Documents\Default.rdp
[2014/02/26 13:04:56 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Desktop\OTH.scr
[2014/02/25 13:47:39 | 000,004,365 | ---- | M] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/25 13:27:20 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Ralph\Desktop\JRT.exe
[2014/02/25 13:22:42 | 001,241,834 | ---- | M] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:15:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/25 13:01:19 | 000,001,046 | ---- | M] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/24 15:41:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 15:38:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000UA.job
[2014/02/24 15:32:07 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/02/24 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/24 09:38:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1933384260-3777128076-391017205-1000Core.job
[2014/02/23 22:17:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/19 09:19:31 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | M] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 16:00:13 | 000,000,071 | ---- | M] () -- C:\Windows\ESNX625.ini
[2014/02/16 15:51:21 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/10 16:34:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 12:56:02 | 000,440,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/06 11:03:39 | 000,032,766 | ---- | M] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk

========== Files Created - No Company Name ==========

[2014/02/27 14:15:37 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Free Video to JPG Converter.lnk
[2014/02/25 13:47:39 | 000,004,365 | ---- | C] () -- C:\Users\Ralph\AppData\Local\recently-used.xbel
[2014/02/25 13:22:29 | 001,241,834 | ---- | C] () -- C:\Users\Ralph\Desktop\AdwCleaner.exe
[2014/02/25 13:01:19 | 000,001,046 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2014/02/17 09:56:38 | 000,000,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2014/02/16 17:24:09 | 000,001,775 | ---- | C] () -- C:\Users\Ralph\Desktop\Draft IT.lnk
[2014/02/16 15:51:21 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/16 15:50:55 | 000,000,071 | ---- | C] () -- C:\Windows\ESNX625.ini
[2014/02/10 16:34:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/02/10 16:34:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2014/02/06 14:11:04 | 000,000,700 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/02/06 11:03:39 | 000,032,766 | ---- | C] () -- C:\Users\Ralph\Desktop\DSDT.AML
[2014/02/03 10:07:00 | 000,000,652 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/02/03 10:06:39 | 000,000,640 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2013/03/13 16:28:29 | 000,000,024 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Usage.ini
[2013/03/08 22:03:42 | 000,043,874 | ---- | C] () -- C:\Users\Ralph\Network_Meter_Data.js
[2013/02/11 21:00:00 | 000,017,895 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv
[2012/11/27 07:02:44 | 000,060,304 | ---- | C] () -- C:\Users\Ralph\g2mdlhlpx.exe
[2012/09/16 21:26:11 | 000,000,073 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane_drm.prf
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/05 17:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 17:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/01/06 20:09:44 | 000,001,108 | ---- | C] () -- C:\Users\Ralph\AppData\Roaming\Network Meter_Settings.ini
[2011/10/11 21:58:45 | 000,000,000 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Temptable.xml
[2011/09/18 20:29:15 | 000,000,080 | ---- | C] () -- C:\Users\Ralph\AppData\Local\X-Plane Installer.prf
[2011/07/18 18:03:56 | 000,007,791 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/16 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Autodesk
[2013/07/11 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\BitKinex
[2012/05/06 10:23:28 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Blender Foundation
[2011/12/18 16:18:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Canon
[2011/10/06 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\CircuitWorks
[2012/10/27 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Citrix
[2013/11/07 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\cYo
[2011/09/12 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DassaultSystemes
[2014/02/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\deluge
[2014/02/27 14:38:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Dropbox
[2014/02/27 14:16:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2013/12/03 01:15:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DxO Labs
[2013/11/26 11:05:41 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Easy Thumbnails
[2014/02/19 10:45:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Epson
[2014/02/26 16:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FileZilla
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\flightgear.org
[2011/08/28 12:41:45 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\fltk.org
[2013/09/21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\GmailNotifierPro
[2013/05/20 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\gtk-2.0
[2013/12/02 17:04:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\HDRsoft
[2012/10/10 18:58:10 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Hulubulu
[2011/07/19 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\InfraRecorder
[2014/02/03 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\inkscape
[2014/02/04 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\jagex_cache
[2013/09/22 12:44:21 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JAM Software
[2013/07/22 17:40:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\JPEGView
[2012/06/07 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Leadertech
[2011/10/07 23:16:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Luxology
[2013/10/31 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\ManyCam
[2012/05/10 06:50:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MediaMonkey
[2011/10/22 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mobipocket
[2012/04/24 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MonoDevelop-Unity-2.8
[2013/12/02 17:01:33 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Mp3tag
[2013/11/18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MusicBrainz
[2012/07/08 08:31:06 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\mypcdrivers
[2013/12/02 17:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Nebulosity3
[2014/02/14 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\nfToe
[2013/09/22 13:17:31 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Notepad++
[2013/05/15 11:18:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Oracle
[2012/10/27 22:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PACE Anti-Piracy
[2013/08/02 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\salesforce.com
[2013/12/13 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\SecondLife
[2011/08/28 12:43:04 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Subversion
[2012/05/26 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TagScanner
[2014/02/06 12:54:37 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\TeraCopy
[2012/04/11 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Unity
[2012/12/30 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\uqm

========== Purity Check ==========



< End of report >
Farbar Service Scanner Version: 25-02-2014
Ran by Ralph (administrator) on 27-02-2014 at 14:46:13
Running from "C:\Users\Ralph\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

And here's the MBAM Log, note I did not perform any actions other than a scan:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.27.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Ralph :: ANTEC [administrator]

27/02/2014 2:48:28 PM
MBAM-log-2014-02-27 (14-51-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219087
Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 26
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbampt.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamscheduler.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe (Security.Hijack) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Ralph\Downloads\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -> No action taken.

(end)
  • 0

#15
Montery

Montery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Machiavelli,

Ok, after a little bit of waiting, the Windows Defender application brought itself up, and as far as the action center in Control Panel says, the only issue now is that I do not have a anti-virus software installed.

I tried installing Microsoft's Security Essentials, but could not. I uninstalled it, as well as MBAM, and rebooted, then re-installed MSE. No luck. I've re-installed MBAM, and have no problems with it.

I'm not sure if this is anything you can continue to help me with, and if not, no problem, I'll try other avenues.

Thanks in advance.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP