This topic is locked
UPDATE: OS: Windows 7 Ultimate SP1 [32-bit]
Saw this topic: http://www.geekstogo...ostexe32-virus/
Ran OTL[3.2.69.0] with the same settings except that I have a 32-bit OS with patch for the usage of the whole 4GB RAM installed on the system.
[Extras.Txt]
OTL Extras logfile created on: 27.2.2014 14:08:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\FF-Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,71% Memory free
7,00 Gb Paging File | 5,45 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): e:\pagefile.sys 3072 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 9,33 Gb Free Space | 23,94% Space Free | Partition Type: NTFS
Drive D: | 232,82 Gb Total Space | 8,10 Gb Free Space | 3,48% Space Free | Partition Type: NTFS
Drive E: | 232,81 Gb Total Space | 16,22 Gb Free Space | 6,96% Space Free | Partition Type: NTFS
Drive F: | 193,82 Gb Total Space | 17,07 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive H: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TONI-CP | User Name: toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Temp\svhost.exe" = C:\Windows\Temp\svhost.exe:*:Enabled:Windows Messanger
"C:\Users\toni\AppData\Roaming\svchost.exe" = C:\Users\toni\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EA706B-56ED-41C9-A931-BFB3C9D2D19E}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{0C31098E-7A11-4A33-B73D-5A49F163E604}" = rport=10243 | protocol=6 | dir=out | app=system |
"{18678ADD-6E31-4A12-82F0-C4BFFCEA0F11}" = lport=139 | protocol=6 | dir=in | app=system |
"{1D6311BC-D0AD-4369-A2FB-7F8F98613DEF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{292B6098-7AC4-45C1-BD83-A6E5C4796ED3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{32B1AC34-ECD3-46A4-97B9-F0295190378D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3695ABFF-03AD-44F4-AE52-9627B46F1EBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{421F7D44-4181-4977-8933-A202E7AE2BD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46F04216-3B43-4B59-A119-3A1089CC0296}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{49DC223A-472C-442C-807C-356E359C8FA4}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{4E4FAE7B-62B0-41EC-9BB8-4F2D1FF00985}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51616FE4-3631-4290-AE33-6FA98DEE7B3A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{5B933FC5-624D-4FCC-AE12-AB78FE77F8EE}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{5D9CA299-80C1-4C69-B94F-0953E3198558}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{767C0ADF-9530-4277-A9CF-A95178D4FDBA}" = rport=445 | protocol=6 | dir=out | app=system |
"{78626C93-112D-4913-A767-B5C0EBA9C74A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E546522-934B-47F3-A889-8D6B598E6156}" = rport=138 | protocol=17 | dir=out | app=system |
"{7EE05382-C16D-4233-943E-71F81D9413B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F7E4BF8-6AB1-40D2-8009-13CDAAA6151E}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{9159C538-4AB6-428C-928E-D02472C2EFFF}" = lport=445 | protocol=6 | dir=in | app=system |
"{96865578-2594-49F2-AB05-11208704D409}" = lport=138 | protocol=17 | dir=in | app=system |
"{9A728453-DAD7-4B8B-8376-16CFAA03948A}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{9AAB4938-C902-4B39-B400-76B6AB7E71B4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A5E96693-012E-4241-AE36-468F92652DA1}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{A8965767-E829-446F-A503-2CF3E7A5DFC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9674138-6C4C-4D63-87E1-FD91DCAD06ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA3B083C-240A-4D34-BC9A-804DF5B47FCB}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{B2526BA1-5619-4E71-BAC4-5C216DAB68B3}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB292E04-083A-4742-81C0-E2E9E396398E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7F741CA-8A70-4F94-8776-FCAE7A369206}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{EC2A99CD-5B3C-46E6-87C6-66BE8F67C643}" = lport=3702 | protocol=17 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{EF89E573-0EE8-4A4D-9E37-6EA6AED02061}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{EFC6CD63-95FA-4BAE-9A34-13D6FA0DEBB3}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB72C8A8-801E-4D10-9906-315892A82AFC}" = lport=443 | protocol=6 | dir=in | name=war thunder |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0918E3C3-F576-40A2-9B7A-624FD7F897D2}" = protocol=58 | dir=out | [email protected],-503 |
"{0A23A04E-B035-4F93-B449-4DCA84279E7A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{1B893230-3FF3-41A4-951C-29FF70492D7D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1CD7072E-42D9-4F1E-A0EF-14FA4F2120ED}" = protocol=58 | dir=in | [email protected],-28545 |
"{21E073E8-251A-4270-AA0B-81213833A89E}" = protocol=1 | dir=out | [email protected],-28544 |
"{22539430-A825-46DB-A323-67B20D2426D6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{2CB90585-971C-4DEF-BF4E-D9658C96E8ED}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2DED5EED-683B-4D88-A6CB-151E799093EC}" = protocol=58 | dir=out | [email protected],-28546 |
"{2E59B53B-0C7E-4542-AC1F-609FF31A2A64}" = dir=in | app=f:\games\assassin's creed iii\assassinscreed3.exe |
"{31585E0C-82BA-4D3A-900F-632E7E38E047}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{363F94EE-C20E-4B97-A970-62C229729845}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{40A9BD1D-D348-40AF-8198-C533A1FCDD5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4162133F-6CAF-474E-8B7D-26DF6C764E38}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{41FBFB19-54DA-48F3-8321-FB2D89BAAB5E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{42B43C84-D430-45F3-BB5F-6DB75A1171AA}" = dir=in | app=f:\games\assassin's creed iii\ac3mp.exe |
"{5416C144-D196-4E43-85B2-7CBB22FDFB9A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{572686D9-32B6-41C4-AD87-04546C6F19DD}" = protocol=6 | dir=in | app=e:\games\warthunder\launcher.exe |
"{57F4CCB1-635B-405C-B786-FC23A88E9C01}" = dir=out | app=f:\games\assassin's creed iii\ac3sp.exe |
"{617C2AD3-3274-4191-92EE-F3539AD0E39F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{63804A50-1B2F-458B-8822-03FDB3066CB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{640E8409-65D3-48CF-B47F-27396989D1CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6DFD7570-B4C8-4E10-92BC-1F199C0B9338}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{73A48545-94D0-4637-8D34-63BC8C75C660}" = dir=out | app=f:\games\assassin's creed iii\ac3mp.exe |
"{7826EB68-23B2-485B-BCC4-D77336609812}" = protocol=58 | dir=in | app=system |
"{787E46BA-6484-4EA6-9E9A-160F82E4EE1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C2C4F0A-064A-453D-83AE-63897BFB9A50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C625B82-9338-4F7E-AF06-FF10045F877B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FD0CE97-F14F-461E-9B93-A76A05C8FBF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81BD1FA5-5FE1-4EE4-832D-DEE870750A07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87294915-47AD-4312-B74A-DBEDACA49571}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{897E069C-5FD0-4531-8044-C97774BC934F}" = protocol=6 | dir=in | app=c:\users\toni\appdata\roaming\utorrent\utorrent.exe |
"{92ADAA06-17C3-48C7-9C7B-E789C082896C}" = protocol=17 | dir=in | app=e:\games\warthunder\launcher.exe |
"{95B7D7BA-D20B-404A-9C16-A980C24C20F2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{9A90972F-CB60-4A39-B40E-0DF06AF77A9E}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{9BDE9BBF-4065-49DB-9339-BC4D3979E79D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{AB9DC989-A1C9-47AC-AA32-8286AB2EC4A2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B1755C2D-027C-41EA-B0B1-541E725F3B31}" = protocol=17 | dir=in | app=c:\users\toni\appdata\roaming\utorrent\utorrent.exe |
"{BDEA2D11-A86C-44CB-81FA-77BC79480204}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7EFF04-46DC-4E51-8890-A1A2368D49B1}" = dir=in | app=f:\games\assassin's creed iii\assassinscreed3.exe |
"{C247D9E7-F5D8-4CDD-8732-00B396094D52}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{C2492D7A-5650-47AF-BD12-E4201F299F96}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D783CCFC-A593-4D7A-A2EF-FC362E22071C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{D9F5C2BB-FE8C-46AB-8AC2-056E06C12299}" = dir=out | app=f:\games\assassin's creed iii\assassinscreed3.exe |
"{E5FE106C-EB90-4E3C-A7E8-096F5814FEC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{E60646E0-4DFC-45D7-933D-B63E736A00C8}" = protocol=6 | dir=out | app=system |
"{E6874583-8A01-46A1-8CDB-28BF2D8F4BFE}" = protocol=1 | dir=in | [email protected],-28543 |
"{E7085850-C14D-452F-B5DF-78242B64C63D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{EF8D272C-08AB-4E11-81AE-7A27D81C246B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2448AC0-AB0F-4EF3-91B4-EE576FD9DA1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5CDFE3E-89C0-4EB8-BB8F-0250F0ED6415}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6CB5A47-2881-4FAC-A038-71E81C552445}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC572770-BCB9-4EFA-9AF5-536F6EA9A31D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{121D19F1-9998-484D-8309-AFDC44ADB5CE}E:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{393CAE51-BF38-4F8B-BF82-0B502DDB5929}F:\games\grid\grid.exe" = protocol=6 | dir=in | app=f:\games\grid\grid.exe |
"TCP Query User{56976E7E-504F-4036-BB9B-A8779605CE64}E:\games\assassin's creed revelations\acrsp.exe" = protocol=6 | dir=in | app=e:\games\assassin's creed revelations\acrsp.exe |
"TCP Query User{B4942EF6-6ECE-4EF1-9F71-28091268DF33}E:\games\wot_ct\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\wot_ct\wotlauncher.exe |
"TCP Query User{D9396636-3847-4697-AA37-F6D3870E6499}E:\games\assassin's creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=e:\games\assassin's creed brotherhood\acbsp.exe |
"TCP Query User{EBC08DA8-A63B-4E72-A9ED-DA0F1735345B}E:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{F02196B5-8639-45F5-9007-CD8CA10E8778}E:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{F388E2EA-D706-4676-8294-A84F0CE9CD2B}E:\games\wot_ct\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\wot_ct\worldoftanks.exe |
"TCP Query User{F6BE6B48-B4FC-49AB-BC17-61152C552EFA}E:\games\warthunder\aces.exe" = protocol=6 | dir=in | app=e:\games\warthunder\aces.exe |
"UDP Query User{2BD73674-CDAD-4F20-9C3E-93FD99140CFB}E:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{2FE9402D-DB05-4E15-A562-8865BE41253E}E:\games\assassin's creed revelations\acrsp.exe" = protocol=17 | dir=in | app=e:\games\assassin's creed revelations\acrsp.exe |
"UDP Query User{3839370E-45F6-41D7-B84C-13CCE1E134F8}E:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{391A19A5-0AFC-42A3-9122-8FEE4153D57A}E:\games\warthunder\aces.exe" = protocol=17 | dir=in | app=e:\games\warthunder\aces.exe |
"UDP Query User{4B9B3E0A-1AC6-4196-96AB-2470AE00FE57}E:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{5C5F0083-B96C-4A51-AE2E-86652603E529}E:\games\wot_ct\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\wot_ct\wotlauncher.exe |
"UDP Query User{799D17AE-124D-4127-B2AA-28B67E9CFA02}F:\games\grid\grid.exe" = protocol=17 | dir=in | app=f:\games\grid\grid.exe |
"UDP Query User{B642C422-5E05-4331-94D5-539C1988A93D}E:\games\wot_ct\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\wot_ct\worldoftanks.exe |
"UDP Query User{D66F3C53-2E87-4058-A41F-F3944BBA75F3}E:\games\assassin's creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=e:\games\assassin's creed brotherhood\acbsp.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0099B899-7894-3B1D-9FF3-5992F84E631F}" = Microsoft LightSwitch for Visual Studio 2013 Core
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service
"{0610DFB0-CCEA-6EC0-E3C3-A0160AD7FD98}" = Windows Runtime Intellisense Content - en-us
"{06EEE072-B561-38E5-85D9-485ABCBE8342}" = Visual F# 3.1 SDK
"{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012
"{08AEF86A-1956-4846-B906-B01350E96E30}" = Entity Framework Tools for Visual Studio 2013
"{09E00386-E94A-3130-BC07-C74D829D612A}" = Microsoft Visual Studio Team Foundation Server 2013 Storyboarding Language Pack (x86) - ENU
"{0A17C91C-A455-3E89-B8B7-44E192F79635}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}" = Behaviors SDK (XAML) for Visual Studio
"{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++ x64 Libraries
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}" = Microsoft SQL Server Data Tools - enu (12.0.30919.1)
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{14C8CE46-C68C-461B-BCA9-E276A85851C6}" = TuneUp Utilities 2014 (en-US)
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{16A901BB-CD8E-3B48-9932-5927FB13508D}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2386192E-D6DB-4AD2-9564-65586A0AE53E}" = Dotfuscator and Analytics Community Edition
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.6
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-4.4.2.10
"{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E456233-1EA5-42ED-8556-0481BA728B41}" = Microsoft NuGet - Visual Studio 2013
"{3EA16E23-14D2-466A-8268-D7CD40DC46B6}" = Open XML SDK 2.5 for Microsoft Office
"{3FBFCF2C-392A-4632-9442-14C305B44D5E}" = AzureTools.Notifications
"{4345E9A5-1300-4710-919D-077BA7E6B3DA}" = Windows Azure Mobile Services SDK
"{46910786-E4AC-41E4-A4A0-C086EA85242D}" = WCF Data Services 5.6.0 Runtime
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{492498A3-F88C-FE2F-755C-9B1B91724CA5}" = LocalESPC Dev12
"{492FCC0B-45E1-383A-A2CF-9E7F305AC200}" = Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{51B17CAB-7FAC-48C9-A994-04CE379A9034}" = Microsoft Visual Studio 2013 Preparation
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2
"{53DBDBE5-D55D-40C5-99CF-1A06D33FC440}" = Workflow Manager Client 1.0
"{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum)
"{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}" = Microsoft SQL Server 2012 Native Client
"{5481F163-B9E5-30A8-8441-4DBBB87D6AA2}" = Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries
"{550760A2-DC4A-CD2B-3C1B-01E0F9F1279E}" = Windows App Certification Kit Native Components
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5AB1493D-D1AB-3697-9B58-55EF48E565ED}" = Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x86)
"{5CD1B40A-969C-4D7A-B5C2-DAFCB82C53CD}" = Microsoft Web Deploy 3.5
"{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit
"{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}" = WCF RIA Services V1.0 SP2
"{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}" = Microsoft SQL Server 2012 Command Line Utilities
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6321F2D4-366B-3AE4-877A-8E539EC3331A}" = Visual F# 3.1 VS
"{64297226-2B81-4588-89BD-76440BC0BCFC}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU
"{6781FF9B-E87D-4A03-9373-A55A288B83FA}" = Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
"{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6AB13C21-C3EC-46E1-8009-6FD5EBEE515B}" = Microsoft Advertising SDK for Windows 8.1 - ENU
"{6B4D9BCF-6CA1-4843-96B5-3421E1E2D6E9}" = Microsoft Visual Studio 2013 Performance Collection Tools - ENU
"{6C06FEE9-C64E-453F-B8A5-D9E9B79ED040}" = Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
"{6EE9E2DF-2CD7-4952-A649-95DEA8697BD8}" = Microsoft Exchange Web Services Managed API 2.0
"{72076159-B94A-42AE-A64C-CA3855E9CB28}" = Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1
"{721C380F-E296-4118-9ACE-589E8EF86208}" = Microsoft Visual Studio 2013 Profiling Tools
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76FF502F-6811-F75B-2FEB-0B69BB584031}" = Windows App Certification Kit x86
"{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}" = Microsoft SQL Server Compact 4.0 SP1 ENU
"{794D38B6-C8B2-4DFC-BF1B-122233A336F3}" = Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{81DB4C1C-8B59-42D4-B94E-A9168F2FE1D7}" = Workflow Manager Tools 1.0 for Visual Studio
"{81FAD5EA-19B2-4A06-89EC-D65CD23AAD55}" = AVG 2013
"{82DAD82D-0139-3F7A-A22F-67A694F9CAA4}" = Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries
"{851FB37B-65AD-43FD-AB4C-0D69310AD7AC}" = AVG 2013
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9027FE9C-5488-30C3-AA42-7330D25BF92D}" = Microsoft Portable Library Multi-Targeting Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9347889B-C22A-3905-901F-C05D8F73C929}" = Build Tools Language Resources - x86
"{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}" = PreEmptive Analytics Visual Studio Components
"{95150001-1163-0409-0000-0000000FF1CE}" = SharePoint Client Components
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{97592A5E-6A50-38E0-885C-7334BA7A43D8}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package
"{976C3D92-0DEC-37A6-A870-FF4FC18CD029}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps
"{979C7495-FB42-484E-92EA-7F2A59DD7718}" = Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{985EF141-95DD-3934-8F23-7C2C4C61E5F7}" = Microsoft Visual Studio 2013 Shell (Minimum) Resources
"{996E8B9B-33D8-369A-9DBE-D2776451FB53}" = Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x86) - ENU Language Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9C593464-7F2F-37B3-89F8-7E894E3B09EA}" = Microsoft Visual Studio Professional 2013
"{9E673C3F-423B-458E-8EA4-9AE87C49AFC8}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 Tools
"{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}" = Blend for Visual Studio 2013 ENU resources
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{A1D06677-1103-32DE-AA74-6EE44DCF7F81}" = Microsoft Visual C++ 2013 Extended Libraries
"{A223B446-EC3D-3031-828D-5188800AB782}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU)
"{A2CCB3C1-3DF9-4E3E-8D3F-DDBBCDDB28B5}" = Microsoft C++ REST SDK for Visual Studio 2013
"{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++ x86 Libraries
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote
"{A8229A09-E570-412B-8D18-E78985673E34}" = Microsoft Visual C++ ARM Libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0964AF-0F95-4A72-BD29-F833A382EDC2}" = Microsoft Visual Studio 2013 IntelliTrace Core x86
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
"{B0A82E02-E959-3C46-AB11-D38527BC573E}" = Microsoft Visual Studio Premium 2013
"{B1C38F27-D377-8C98-D98D-29B67C0B978D}" = LocalESPCui for en-us Dev12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B536762B-1047-4B51-8ECF-46D5686E5416}" = Microsoft ASP.NET Web Pages 2 Runtime
"{B6A0A174-33E0-3D42-92EA-547D318CB149}" = Microsoft Visual Studio 2013 Devenv
"{B86C786E-11A2-4CAB-BB2E-D7CD5D65D552}" = Microsoft LightSwitch v4.0 SDK
"{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}" = IIS 8.0 Express
"{BD63060C-F4C7-4E86-9C2A-4A102E7EE12C}" = Microsoft Web Developer Tools 2013 - Visual Studio 2013
"{BD72C04F-892F-48EE-A236-CC10891610D6}" = Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0
"{BDAF08A3-35A8-369E-8379-03BB6B78FBCF}" = Microsoft Team Foundation Server 2013 Object Model (x86)
"{BF3E2194-F89B-44FB-A801-464BF787599F}" = WCF Data Services Tools for Microsoft Visual Studio 2013
"{C00453B2-27AD-4858-A20D-F44E39481C7D}" = Microsoft Report Viewer Add-On for Visual Studio 2013
"{C26C1495-8EBE-3F71-BDA1-7DE2010840D8}" = Microsoft Visual Studio 2013 Devenv Resources
"{C5A17590-8CBE-3581-965D-EF183BE07920}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core
"{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013
"{CDECCD37-EBCE-4AF8-8D1C-5DF13194FEA1}" = Microsoft Advertising Service Extension for Visual Studio
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{d3ab6132-e182-4c47-bf3f-fbf79ab78f07}" = Microsoft Visual Studio Premium 2013
"{D42681AA-BC16-3C84-949E-45F05D2AA997}" = Microsoft Visual C++ 2013 Core Libraries
"{D574CE3E-0376-4BED-B609-5C2C2AD655ED}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 ToolsRes - ENU
"{D69874BF-D864-4EB2-91C3-2EDD05A64F70}" = Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0
"{DA37746C-C25C-341C-AAF6-4C23A30C882A}" = Microsoft Team Foundation Server 2013 Object Model Language Pack (x86) - ENU
"{DB5600F1-DE83-46DE-B162-5FC4400EAF5B}" = Microsoft Visual C++ 2013 Compilers
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode version 3.1.5.8
"{DF15CD8F-9295-3AD9-B814-7A60184AA1CD}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio ENU Language Pack
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E305E065-F8AB-3D72-B04E-4ADED3875BC5}" = Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x86)
"{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{E6F3851E-CEEB-4ECB-A6FA-337C8F662E3D}" = Microsoft Visual C++ 2013 Compilers - ENU Resources
"{E7654811-38F9-4225-9688-827FDA716582}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E9674444-9491-3961-873C-017D8912185E}" = Microsoft Visual Studio Professional 2013 - ENU
"{EB25848D-AADC-40D7-914E-CB2E25AB5E59}" = Microsoft ASP.NET MVC 4 Runtime
"{EB37C117-9C83-4696-A493-8AFBAC8F9FFC}" = JavaScript Tooling
"{EB514FFD-5FBA-3C53-94F8-3A2B96C5E7A8}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources
"{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}" = Blend for Visual Studio 2013
"{ED6C8E61-363B-355C-80C7-E676BC781478}" = Microsoft Visual Studio Premium 2013 - ENU
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.278
"{EDB13CB8-993C-4D6F-B2BD-7A5800DF15FC}" = Microsoft Visual Studio 2013 Performance Collection Tools
"{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}" = Python Tools Redirection Template
"{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F20914BB-FD5F-3A3A-8CDF-DF5ADEFD9451}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F99F24BF-0B90-463E-9658-3FD2EFC3C992}" = Microsoft Identity Extensions
"{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}" = Build Tools - x86
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"{FE939060-416C-4ECD-890E-13776E2707C4}" = Microsoft SQL Server 2012 Express LocalDB
"{FF39514D-E2EB-40BA-A23F-C83B8E0ED110}" = Visual Studio Extensions for Windows Library for JavaScript
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Assassin's Creed Revelations_is1" = Assassin's Creed Revelations v1.0 Rus-Eng
"AVG" = AVG 2013
"DAEMON Tools Lite" = DAEMON Tools Lite
"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"ESL Wire_is1" = ESL Wire 1.17.3
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 28.0 (x86 en-GB)" = Mozilla Firefox 28.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NFOPad" = NFOPad 1.66
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Precision" = EVGA Precision 2.0.4
"Prio" = Prio
"PunkBusterSvc" = PunkBuster Services
"Super Meat Boy 1.28" = Super Meat Boy 1.28
"Unlocker" = Unlocker 1.9.0
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 27.2.2014 07:28:00 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 27.2.2014 07:28:00 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 27.2.2014 07:44:04 | Computer Name = toni-CP | Source = WinMgmt | ID = 10
Description =
Error - 27.2.2014 07:54:26 | Computer Name = toni-CP | Source = WinMgmt | ID = 10
Description =
Error - 27.2.2014 07:57:32 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 27.2.2014 07:57:32 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 27.2.2014 08:07:24 | Computer Name = toni-CP | Source = WinMgmt | ID = 10
Description =
Error - 27.2.2014 08:07:32 | Computer Name = toni-CP | Source = ESENT | ID = 489
Description = taskhost (3792) An attempt to open the file "C:\Users\toni\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 27.2.2014 08:12:10 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 27.2.2014 08:12:10 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
[ System Events ]
Error - 5.12.2013 22:41:45 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 6.12.2013 04:50:34 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 6.12.2013 23:40:45 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 7.12.2013 19:36:58 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 8.12.2013 19:54:16 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 9.12.2013 04:28:25 | Computer Name = toni-CP | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 9.12.2013 20:50:45 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 10.12.2013 19:43:44 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 11.12.2013 03:05:04 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 11.12.2013 03:22:37 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
< End of report >[OTL.Txt]
OTL logfile created on: 27.2.2014 14:08:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\FF-Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,71% Memory free
7,00 Gb Paging File | 5,45 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): e:\pagefile.sys 3072 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 9,33 Gb Free Space | 23,94% Space Free | Partition Type: NTFS
Drive D: | 232,82 Gb Total Space | 8,10 Gb Free Space | 3,48% Space Free | Partition Type: NTFS
Drive E: | 232,81 Gb Total Space | 16,22 Gb Free Space | 6,96% Space Free | Partition Type: NTFS
Drive F: | 193,82 Gb Total Space | 17,07 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive H: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TONI-CP | User Name: toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014.02.27 14:07:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\FF-Downloads\OTL(1).exe
PRC - [2014.02.26 16:26:48 | 000,277,616 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.02.08 19:11:48 | 000,941,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013.11.20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013.11.02 03:29:09 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.10.23 01:06:16 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013.10.23 01:05:52 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013.09.27 12:39:50 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\toni\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
PRC - [2013.07.15 12:21:26 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.07.15 12:21:22 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.07.15 12:21:20 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013.07.10 00:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013.07.04 14:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013.06.11 10:51:46 | 000,614,416 | ---- | M] () -- C:\Program Files\EslWire\service\WireHelperSvc.exe
PRC - [2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.11.08 21:29:12 | 000,012,656 | ---- | M] () -- C:\Program Files\Prio\prio_svc.exe
PRC - [2012.10.25 16:26:18 | 004,045,432 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2012.10.22 15:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2014.02.26 16:26:47 | 003,622,512 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.11.05 11:12:47 | 017,280,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\a71cb77685efcceb29fbbb2adc9ad3c5\Kies.Theme.ni.dll
MOD - [2013.11.05 11:12:35 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\1f0027391b7dd5a510bbe91b94f9836d\ASF_cSharpAPI.ni.dll
MOD - [2013.11.05 11:12:35 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\6bea61d803ee18e2fbfb979499e5f7c1\Kies.Common.AllShare.ni.dll
MOD - [2013.11.05 11:12:12 | 002,196,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\3b4f0e3fb4f6c619a51a60b483942e04\Kies.Common.Multimedia.ni.dll
MOD - [2013.11.05 11:12:10 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\bf42dab8b38494947d4a3086916e0dd0\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.11.05 11:12:02 | 000,306,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\e6738007af6dec0f68f7abcc824a79da\Kies.Common.Util.ni.dll
MOD - [2013.11.05 11:12:01 | 001,795,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\ed7108bd2d9dbc3a331f0cf0d6d09a11\Kies.UI.ni.dll
MOD - [2013.11.05 11:12:01 | 001,639,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\54bf34319fd5fd1e4e6894c3e382681d\Kies.Locale.ni.dll
MOD - [2013.11.05 11:12:01 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d7ac977334ddb07e8c8cd933d1344171\Kies.MVVM.ni.dll
MOD - [2013.11.05 11:11:58 | 001,244,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\44ae28dad78716f8407aca682bbc84cd\Kies.Interface.ni.dll
MOD - [2013.11.05 11:11:53 | 002,137,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\8dbf940dd16e53e34599c8813ee1a1ad\Kies.ni.exe
MOD - [2013.11.05 10:21:42 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3bc7ec22c021d74dce4f8230f3631fca\System.ServiceProcess.ni.dll
MOD - [2013.11.05 10:21:35 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll
MOD - [2013.11.05 10:21:33 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\034c34ee777c7a2efc9c631b1179211c\System.Runtime.Remoting.ni.dll
MOD - [2013.11.05 10:21:27 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll
MOD - [2013.11.05 10:21:16 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
MOD - [2013.11.05 10:21:15 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
MOD - [2013.11.05 10:21:09 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
MOD - [2013.11.05 10:21:07 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2013.11.05 10:21:06 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2013.11.05 10:21:02 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2013.11.05 10:20:57 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2012.10.25 16:25:48 | 000,113,272 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2012.10.25 16:25:48 | 000,080,504 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - [2014.02.26 16:26:48 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.10.05 02:38:22 | 000,071,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2013.08.21 20:55:10 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2013.08.21 20:33:20 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.06.11 10:51:46 | 000,614,416 | ---- | M] () [Auto | Running] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.11.14 16:07:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.11.08 21:29:12 | 000,012,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Prio\prio_svc.exe -- (prio_svc)
SRV - [2012.10.22 15:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2010.12.27 22:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.02.03 01:03:04 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\toni\AppData\Local\Temp\SPDTool.sys -- (SPDTool)
DRV - [2014.02.08 20:27:20 | 010,180,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.11.25 01:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013.10.23 01:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013.10.23 01:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013.07.20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013.07.20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013.07.20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013.07.01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013.06.21 02:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.06.21 02:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.04.05 17:39:02 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.04.05 13:32:40 | 000,101,168 | ---- | M] (Tonec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013.03.21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.11.14 16:19:42 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.11.14 16:19:42 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.11.14 16:19:41 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.11.14 16:19:41 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012.11.08 21:29:32 | 000,054,128 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\Windows\System32\drivers\prio.sys -- (prio)
DRV - [2012.10.22 15:43:36 | 001,841,272 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.03.23 01:17:06 | 001,812,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009.10.26 14:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.07.14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2006.11.01 17:45:14 | 000,219,264 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTCamDrv.sys -- (BTCAMDRV)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 DB C1 BF F4 31 CE 01 [binary data]
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.bg/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: %7BE6C93316-271E-4b3d-8D7E-FE11B4350AEB%7D:2.1.25
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\toni\AppData\Roaming\IDM\idmmzcc5 [2013.04.05 15:38:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\toni\AppData\Roaming\IDM\idmmzcc5 [2013.04.05 15:38:39 | 000,000,000 | ---D | M]
[2013.04.05 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Extensions
[2014.02.26 16:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions
[2013.12.01 19:18:21 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.10.23 20:52:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.10.23 20:52:29 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\[email protected]
[2013.11.20 17:57:01 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\[email protected]
[2014.01.05 03:50:20 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2011.07.15 19:27:22 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2014.02.26 16:20:38 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.01.23 13:50:25 | 000,009,489 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi
[2014.02.26 16:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.02.26 16:26:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://play.google.com/store/apps
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: APK Downloader = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\1.5.1_0\
CHR - Extension: APK Downloader = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\2.0.0_0\
CHR - Extension: IDM Integration = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.10_0\
CHR - Extension: Google Wallet = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014.02.27 13:40:55 | 000,000,321 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org
O1 - Hosts: 127.0.0.1 irusscan.jotti.org
O1 - Hosts: 127.0.0.1 www.virus-trap.org
O1 - Hosts: 127.0.0.1 www.filterbit.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TiltBreaker] C:\Program Files\Tilt Breaker\rundll32.exe File not found
O4 - HKLM..\Run: [Windows Services for Processes] C:\Users\toni\AppData\Roaming\svchost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [LightShot] C:\Users\toni\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [rundll32] C:\Users\toni\AppData\Roaming\rundll32 .exe File not found
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [TiltBreaker] C:\Program Files\Tilt Breaker\rundll32.exe File not found
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [Windows Services for Processes] C:\Users\toni\AppData\Roaming\svchost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Services for Processes = C:\Users\toni\AppData\Roaming\svchost.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.111.35.129 89.190.192.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C05BF13-B336-4FBD-9CB1-FD0B9CA8B01E}: DhcpNameServer = 95.111.35.129 89.190.192.248
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.28 19:37:55 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - H:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009.10.10 02:05:02 | 000,000,045 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell\AutoRun\command - "" = H:\setup.exe -- [2011.11.24 04:41:59 | 001,021,452 | R--- | M] ( )
O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014.02.27 14:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014.02.27 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2014.02.27 13:56:50 | 004,348,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2014.02.27 13:56:50 | 003,045,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2014.02.27 13:56:50 | 002,555,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2014.02.27 13:56:50 | 000,376,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2014.02.27 13:56:50 | 000,062,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2014.02.27 13:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014.02.27 13:55:30 | 015,740,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2014.02.27 13:55:29 | 023,683,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2014.02.27 13:55:29 | 014,669,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2014.02.27 13:55:29 | 010,180,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2014.02.27 13:55:29 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2014.02.27 13:55:29 | 002,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2014.02.27 13:55:29 | 002,410,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2014.02.27 13:55:29 | 000,863,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2014.02.27 13:55:29 | 000,844,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2014.02.27 13:55:28 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2014.02.27 13:55:26 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2014.02.27 13:55:26 | 002,713,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2014.02.27 13:11:29 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233489.dll
[2014.02.27 13:11:29 | 000,895,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233489.dll
[2014.02.26 18:03:33 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\ESL Match Media
[2014.02.26 17:53:00 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\ESL_Wire_Plugin_Container
[2014.02.26 17:49:22 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\ESL Wire Game Client
[2014.02.26 17:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
[2014.02.26 17:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2014.02.26 17:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire
[2014.02.26 16:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.02.25 01:00:48 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\ESL_logo
[2014.02.24 01:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014.02.24 01:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.02.24 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2014.02.23 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\Hold'em_Manager
[2014.02.23 22:24:16 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\HEM Data
[2014.02.23 22:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TiltBreaker
[2014.02.23 22:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\XHEO INC
[2014.02.23 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\IsolatedStorage
[2014.02.23 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\HoldemManager
[2014.02.23 22:08:41 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\toni\AppData\Roaming\svchost.exe
[2014.02.23 22:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2014.02.21 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\Ubisoft Game Launcher
[2014.02.21 18:01:05 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Assassin's Creed Revelations
[2014.02.21 18:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Revelations
[2014.02.21 15:05:09 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\PunkBuster
[2014.02.21 13:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2014.02.21 13:29:27 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Assassin's Creed III
[2014.02.18 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\dsadsa2
[2014.02.18 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\asddddas
[2014.02.14 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Aiseesoft Studio
[2014.02.11 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\Ubisoft
[2014.02.11 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014.02.27 14:07:22 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.27 14:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.02.27 13:58:42 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.02.27 13:58:42 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.02.27 13:57:35 | 002,361,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.02.27 13:57:35 | 001,752,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.02.27 13:52:05 | 000,006,608 | ---- | M] () -- C:\bootsqm.dat
[2014.02.27 13:43:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3986450965-706548418-1934913071-1000.job
[2014.02.27 13:40:55 | 000,000,344 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140227-134055.backup
[2014.02.27 13:40:55 | 000,000,321 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014.02.27 13:40:55 | 000,000,239 | ---- | M] () -- C:\Windows\wininit.ini
[2014.02.27 13:38:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.27 11:16:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014.02.26 17:49:22 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2014.02.26 12:55:13 | 000,344,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.02.23 23:35:20 | 016,122,362 | ---- | M] () -- C:\Users\toni\Desktop\Hold_em_Manager_Tutorial_Part_1.flv
[2014.02.23 22:09:41 | 000,000,246 | ---- | M] () -- C:\Users\toni\AppData\Roaming\IDK
[2014.02.23 22:08:39 | 000,000,107 | -HS- | M] () -- C:\Users\toni\AppData\Roaming\per.bat
[2014.02.14 17:12:01 | 000,000,368 | ---- | M] () -- C:\Windows\pdf2word.INI
[2014.02.14 10:15:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.02.14 10:15:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.02.13 02:35:31 | 005,013,269 | ---- | M] () -- C:\Users\toni\Desktop\1912683_531129373651859_1383019678_n.mp4
[2014.02.08 20:27:20 | 023,683,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2014.02.08 20:27:20 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2014.02.08 20:27:20 | 015,740,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2014.02.08 20:27:20 | 014,669,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2014.02.08 20:27:20 | 010,180,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2014.02.08 20:27:20 | 009,728,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2014.02.08 20:27:20 | 009,690,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2014.02.08 20:27:20 | 002,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2014.02.08 20:27:20 | 002,713,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2014.02.08 20:27:20 | 002,410,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2014.02.08 20:27:20 | 001,049,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233489.dll
[2014.02.08 20:27:20 | 000,895,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233489.dll
[2014.02.08 20:27:20 | 000,863,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2014.02.08 20:27:20 | 000,844,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2014.02.08 20:27:20 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2014.02.08 20:27:20 | 000,019,204 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2014.02.08 19:11:47 | 004,348,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2014.02.08 19:11:47 | 003,045,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2014.02.08 19:11:44 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2014.02.08 19:11:44 | 000,376,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2014.02.08 19:11:44 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014.02.27 13:55:29 | 000,019,204 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2014.02.27 13:52:05 | 000,006,608 | ---- | C] () -- C:\bootsqm.dat
[2014.02.27 13:40:55 | 000,000,239 | ---- | C] () -- C:\Windows\wininit.ini
[2014.02.26 17:49:22 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2014.02.23 23:35:08 | 016,122,362 | ---- | C] () -- C:\Users\toni\Desktop\Hold_em_Manager_Tutorial_Part_1.flv
[2014.02.23 22:09:11 | 000,000,246 | ---- | C] () -- C:\Users\toni\AppData\Roaming\IDK
[2014.02.23 22:08:39 | 000,000,107 | -HS- | C] () -- C:\Users\toni\AppData\Roaming\per.bat
[2014.02.21 12:46:39 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2014.02.21 12:46:38 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2014.02.14 17:11:20 | 000,000,368 | ---- | C] () -- C:\Windows\pdf2word.INI
[2014.02.13 02:35:25 | 005,013,269 | ---- | C] () -- C:\Users\toni\Desktop\1912683_531129373651859_1383019678_n.mp4
[2014.02.07 12:44:03 | 003,197,355 | ---- | C] () -- C:\Users\toni\Desktop\20140101_002156.jpg
[2014.02.07 12:44:02 | 003,561,219 | ---- | C] () -- C:\Users\toni\Desktop\20140101_002135.jpg
[2014.02.07 12:43:59 | 090,112,349 | ---- | C] () -- C:\Users\toni\Desktop\20131212_232611.mp4
[2013.11.30 21:34:11 | 000,000,037 | -HS- | C] () -- C:\Users\toni\AppData\Local\70149b02515b3bb20dd492.47983420
[2013.10.14 13:49:34 | 000,008,096 | ---- | C] () -- C:\Windows\GROUPS.EXE
[2013.10.14 13:49:34 | 000,000,144 | ---- | C] () -- C:\Windows\TDW.INI
[2013.09.23 00:08:01 | 000,007,602 | ---- | C] () -- C:\Users\toni\AppData\Local\Resmon.ResmonCfg
[2013.06.26 08:17:33 | 000,000,439 | ---- | C] () -- C:\Users\toni\AppData\Local\UserProducts.xml
[2013.06.26 08:06:11 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2013.05.22 19:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.05.22 19:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.05.22 19:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.05.22 19:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.05.22 19:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.05.05 06:42:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013.04.05 15:35:24 | 000,003,153 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2013.04.05 15:35:02 | 000,002,878 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2013.04.05 15:34:48 | 004,047,024 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2013.04.05 15:34:48 | 000,017,993 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012.11.21 00:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.14 16:30:11 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== LOP Check ==========[/color]
[2013.05.10 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.05.10 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013.05.10 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\postgres\AppData\Roaming\TuneUp Software
[2013.05.10 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\postgres.toni-CP\AppData\Roaming\TuneUp Software
[2013.04.05 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\AVG2013
[2013.05.05 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\DAEMON Tools Lite
[2013.09.20 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\dBpoweramp
[2013.06.17 10:56:29 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\DMCache
[2013.06.26 08:06:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\FileOpen
[2013.04.05 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\GlobalSCAPE
[2014.02.23 22:24:16 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\HEM Data
[2014.02.23 23:25:11 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\HoldemManager
[2013.05.17 10:23:22 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\IDM
[2013.09.16 13:51:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\IrfanView
[2013.06.26 08:06:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Nitro
[2013.05.05 00:25:08 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Notepad++
[2013.11.05 11:20:37 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\NuGet
[2013.06.26 08:06:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\OpenCandy
[2013.06.25 15:06:33 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Oracle
[2014.02.21 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\PunkBuster
[2013.04.05 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Rovio
[2013.07.26 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Samsung
[2013.06.20 05:34:41 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\SWI-Prolog
[2014.02.23 21:25:31 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TeamViewer
[2013.08.20 09:23:49 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Tepfel
[2014.02.26 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TS3Client
[2013.10.05 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TuneUp Software
[2014.02.13 15:41:19 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Ubisoft
[2014.02.26 02:27:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\uTorrent
[2013.04.05 15:11:52 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Wargaming.net
[2013.06.24 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\XMedia Recode
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#E56717]========== Base Services ==========[/color]
SRV - [2009.07.14 03:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010.11.20 23:29:19 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009.07.14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010.11.20 23:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010.11.20 23:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2012.11.14 16:18:36 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012.11.14 16:31:19 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012.11.14 16:27:33 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010.11.20 23:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2012.11.14 16:12:26 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 03:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010.11.20 23:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 03:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 03:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012.11.14 16:37:05 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 03:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2012.11.14 16:16:50 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012.11.14 16:24:30 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012.11.14 16:18:36 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 03:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010.11.20 23:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010.11.20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 03:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2012.11.14 16:18:36 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009.07.14 03:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010.11.20 23:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010.11.20 23:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010.11.20 23:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010.11.20 23:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012.11.14 16:31:34 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010.11.20 23:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010.11.20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010.11.20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010.11.20 23:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.11.20 23:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010.11.20 23:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010.11.20 23:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010.11.20 23:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 03:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010.11.20 23:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 03:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010.11.20 23:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[color=#A23BEC]< MD5 for: SERVICES >[/color]
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
[color=#A23BEC]< MD5 for: SERVICES.CFG >[/color]
[2012.09.23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013.12.21 08:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color]
[2010.11.21 02:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2010.11.21 02:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[color=#A23BEC]< MD5 for: SERVICES.EXE-511D36F4.PF >[/color]
[2014.02.26 12:55:45 | 000,046,658 | ---- | M] () MD5=9BB59508306B28A60FFF9E74634E71F8 -- C:\Windows\Prefetch\SERVICES.EXE-511D36F4.pf
[color=#A23BEC]< MD5 for: SERVICES.LNK >[/color]
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[color=#A23BEC]< MD5 for: SERVICES.MOF >[/color]
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
[color=#A23BEC]< MD5 for: SERVICES.MSC >[/color]
[2010.11.21 02:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2010.11.21 02:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[color=#A23BEC]< MD5 for: SERVICES.PTXML >[/color]
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
[color=#A23BEC]< MD5 for: SERVICES.SBS >[/color]
[2013.07.16 13:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2010.11.20 23:29:11 | 001,169,224 | ---- | M] (Microsoft Corporation) MD5=34AA912DEFA18C2C129F1E09D75C1D7E -- C:\Users\toni\AppData\Roaming\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[color=#A23BEC]< MD5 for: WINSOCK.DLL >[/color]
[2009.07.13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009.07.13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL
[color=#A23BEC]< MD5 for: WINSOCK.H >[/color]
[2013.08.21 16:36:04 | 000,038,515 | ---- | M] () MD5=4C9A38861B425AC47623BA6187FB124E -- C:\Program Files\Windows Kits\8.1\Include\um\winsock.h
[2012.10.01 09:14:04 | 000,038,471 | ---- | M] () MD5=B2A415C3F1450F80F57AF83212F3C7AA -- C:\Program Files\Microsoft SDKs\Windows\v7.1A\Include\WinSock.h
< End of report >
I will return with the aswMBR.exe[0.9.9.1771] log.
P.S. My Firefox is glitching with graphic bugs... hope to see you soon (= .
Edited by macman90, 27 February 2014 - 06:27 AM.
Sign In
Create Account
