Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected computer.

Started by spooke25 , Apr 06 2014 02:34 AM

  • Please log in to reply

#1
spooke25
Posted 06 April 2014 - 02:34 AM

spooke25

    New Member

  • Member
  • Pip
  • 4 posts

I am pretty sure that my computer has a virus on it but am unable to detect it using malware bytes or avast. When I go to log into an online game or tonight when my wife was trying to access her ITunes account the computer timed out on the connection. When the problem initially started I downloaded OTL and attempted to run it but an error message came up "The service did not respond to the start or control request in a timely fashion." After this I tried to follow the instructions in the "Malware Removal Tools Won't Run Tutorial" but while I could download the programs I got the same error message that I mentioned. I then went to avast and ran a full system scan with the settings set on all hard disks rootkits(full scan) and auto start programs and modules loaded in memory. While nothing was detected I was able to run OTL after. I also ran Malware bytes but this also detected nothing. Anyway I was able to get an OTL log. For some reason I can't copy and paste the log here so have attached it.

 

Attached File  OTL.Txt   110.92KB   156 downloads

 

OTL logfile created on: 6/04/2014 5:55:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\spooke\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16843)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

8.00 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 77.03% Memory free
9.19 Gb Paging File | 6.88 Gb Available in Paging File | 74.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.17 Gb Total Space | 770.20 Gb Free Space | 82.71% Space Free | Partition Type: NTFS
Drive H: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CRAIG | User Name: spooke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/31 17:59:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\spooke\Downloads\OTL (1).exe
PRC - [2014/03/05 08:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/03/05 08:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/03/05 08:24:40 | 007,430,968 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/03 08:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/03 08:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/02/17 11:06:35 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/17 11:06:35 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/07 00:51:06 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2013/12/19 04:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/19 06:43:06 | 001,677,080 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files (x86)\GameTracker\GSInGameService.exe
PRC - [2013/11/01 14:20:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/05 23:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/05 23:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/05 23:52:32 | 000,237,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
MOD - [2013/12/10 19:41:23 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/01 03:16:08 | 002,169,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/02/17 11:06:35 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/10/25 17:34:55 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/16 15:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/25 08:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 19:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 16:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 16:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 14:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 12:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 12:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/10 09:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 09:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 16:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 13:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 13:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 13:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 13:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 13:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 13:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 13:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 13:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 13:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 13:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 13:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2014/03/05 08:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/05 08:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/03 08:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/03 08:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/19 04:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/19 06:43:06 | 001,677,080 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- C:\Program Files (x86)\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2013/11/01 14:20:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/26 13:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 13:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/06 17:15:42 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/04 11:31:22 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/04 11:31:22 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/04 11:31:22 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/04 11:31:22 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/04 11:31:22 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/04 11:31:22 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/04 11:31:22 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/05 08:26:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/03/05 08:26:04 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/10/25 17:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/25 08:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/10 21:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 16:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/02 12:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/16 15:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 16:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/07/09 18:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 11:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 11:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 16:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 13:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 20:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 20:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/10 11:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 13:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 14:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 13:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 18:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 17:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 17:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 17:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 15:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 15:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 15:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 15:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 15:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 15:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 15:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 15:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 15:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 15:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 15:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 15:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 15:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 15:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 15:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 15:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 15:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 14:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 14:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 13:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 12:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 12:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 12:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 12:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 12:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 12:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 12:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 12:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 12:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 12:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 12:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 12:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 12:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 12:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 12:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 12:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 12:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 12:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 12:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 12:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 12:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/04 01:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/03 00:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/03 00:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/23 08:39:28 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AseUSBCC.sys -- (ASEUSBCC)
DRV:64bit: - [2009/10/07 18:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 18:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 18:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LVPr2M64.sys -- (LVPr2M64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A A4 F0 17 E5 B8 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...SAVT_en-GBAU555
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()



========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Docs = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Skype Click to Call = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: Google Wallet = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/07/26 15:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29C8BDF7-3AE4-4D73-9B13-3948839CBF60}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7163EEE-507A-44A5-BB87-51E3DCC57FB7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4AFE336-E5D0-484B-AE06-B9409E478E7B}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/16 10:53:55 | 000,000,142 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9897e623-219b-11e3-be65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9897e623-219b-11e3-be65-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup\rsrc\Autorun.exe -- [2007/08/16 11:55:00 | 000,051,048 | R--- | M] (Activision)
O33 - MountPoints2\{9897e623-219b-11e3-be65-806e6f6e6963}\Shell\dinstall\command - "" = H:\DirectX\DXSETUP.exe -- [2008/05/31 08:34:50 | 000,528,392 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/04 11:31:22 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/04 10:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014/04/02 16:14:20 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/02 16:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/02 16:13:58 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/02 16:13:58 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/02 16:13:58 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/02 16:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/02 16:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/01 18:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014/03/26 07:31:44 | 000,000,000 | R--D | C] -- C:\Users\spooke\Documents\Scanned Documents
[2014/03/26 07:31:43 | 000,000,000 | ---D | C] -- C:\Users\spooke\Documents\Fax
[2014/03/22 09:08:42 | 000,000,000 | ---D | C] -- C:\Users\spooke\Documents\EVE
[2014/03/22 09:05:32 | 000,000,000 | ---D | C] -- C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
[2014/03/22 04:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCP
[2014/03/21 15:51:41 | 000,000,000 | ---D | C] -- C:\Users\spooke\AppData\Local\CCP
[2014/03/14 20:05:22 | 000,000,000 | ---D | C] -- C:\Users\spooke\AppData\Local\Microsoft Help
[2014/03/14 19:43:04 | 000,248,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2014/03/14 19:43:04 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2014/03/14 19:42:33 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014/03/14 19:42:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/03/14 19:42:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/03/14 19:42:32 | 003,960,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/14 19:42:32 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/03/14 19:42:32 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/03/14 19:42:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/14 19:42:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/14 19:42:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/14 19:42:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/14 19:42:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/14 19:42:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014/03/14 19:42:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/14 19:42:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014/03/14 19:42:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/14 19:42:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/14 19:39:21 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/14 19:39:21 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/14 19:39:20 | 001,628,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/06 17:15:42 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/06 17:07:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/06 15:46:29 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/06 15:45:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/04 11:31:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/04 11:31:22 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/04 11:31:22 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/04 11:31:22 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/04 11:31:22 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/04 11:31:22 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/04 11:31:22 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/04/04 11:31:22 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/04 11:31:22 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/04 11:31:22 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/04 10:46:43 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/04 10:46:43 | 000,722,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/04 10:46:43 | 000,136,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/03 11:26:22 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/04/03 10:34:00 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/04/03 10:24:06 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/04/02 16:14:00 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/01 19:30:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/04/01 19:30:13 | 2576,334,847 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/22 09:05:40 | 000,000,066 | ---- | M] () -- C:\Windows\131942
[2014/03/22 09:05:32 | 000,001,895 | ---- | M] () -- C:\Users\spooke\Desktop\EVE.lnk
[2014/03/21 09:59:31 | 000,316,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/20 17:02:21 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/20 16:01:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/04 10:08:24 | 000,002,244 | ---- | C] () -- C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2014/04/02 16:14:00 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 09:05:40 | 000,000,066 | ---- | C] () -- C:\Windows\131942
[2014/03/22 09:05:32 | 000,001,895 | ---- | C] () -- C:\Users\spooke\Desktop\EVE.lnk
[2014/03/21 09:59:25 | 000,316,112 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/08 17:47:17 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/28 07:16:18 | 000,000,045 | ---- | C] () -- C:\Users\spooke\jagex_cl_runescape_LIVE.dat
[2013/11/28 07:16:18 | 000,000,024 | ---- | C] () -- C:\Users\spooke\random.dat
[2013/11/01 10:45:45 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2013/09/27 08:58:37 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/09/27 08:47:34 | 000,000,017 | ---- | C] () -- C:\Users\spooke\AppData\Local\resmon.resmoncfg
[2013/09/25 16:58:34 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2013/09/24 18:59:58 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/09/24 18:59:54 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/09/24 18:59:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/26 15:42:24 | 000,336,232 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/10/26 15:42:22 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/10/26 15:42:22 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/07/26 18:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 18:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 17:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 11:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/26 06:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/26 06:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/03 00:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/09/24 19:00:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/12/07 16:36:58 | 019,751,936 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/07 15:15:36 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 13:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 13:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 13:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


  • 0

Advertisements

#2
RKinner
Posted 07 April 2014 - 12:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.




Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs.  Please copy and paste both of them.

Ron
  • 0

#3
spooke25
Posted 07 April 2014 - 10:05 PM

spooke25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Thank you for taking the time to help me out. I have done as asked and here are the logs.

 

 

# AdwCleaner v3.023 - Report created 08/04/2014 at 12:57:55
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : spooke - CRAIG
# Running from : C:\Users\spooke\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1519 octets] - [08/04/2014 12:56:23]
AdwCleaner[S0].txt - [1448 octets] - [08/04/2014 12:57:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1508 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by spooke on Tue 08/04/2014 at 13:31:58.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/04/2014 at 13:40:41.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by spooke (administrator) on CRAIG on 08-04-2014 13:05:15
Running from C:\Users\spooke\Downloads
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-05] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-04] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKU\S-1-5-21-2403232998-3213391607-3185536033-1003\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-09-24] (Google Inc.)
HKU\S-1-5-21-2403232998-3213391607-3185536033-1003\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2403232998-3213391607-3185536033-1003\...\MountPoints2: {9897e623-219b-11e3-be65-806e6f6e6963} - "H:\setup\rsrc\Autorun.exe"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => "C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll" File Not Found
Startup: C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0AA4F017E5B8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-24]
CHR Extension: (Google Drive) - C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-24]
CHR Extension: (YouTube) - C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-24]
CHR Extension: (Google Search) - C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-24]
CHR Extension: (Skype Click to Call) - C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-04] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-01] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ASEUSBCC; C:\Windows\system32\drivers\AseUSBCC.sys [16384 2011-05-23] (Silicon Laboratories)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-04] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-04] ()
R3 LVPr2M64; C:\Windows\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-08 13:05 - 2014-04-08 13:05 - 00013839 _____ () C:\Users\spooke\Downloads\FRST.txt
2014-04-08 13:04 - 2014-04-08 13:05 - 00000000 ____D () C:\FRST
2014-04-08 13:04 - 2014-04-08 13:04 - 02157056 _____ (Farbar) C:\Users\spooke\Downloads\FRST64.exe
2014-04-08 13:01 - 2014-04-08 13:01 - 01145856 _____ (Farbar) C:\Users\spooke\Downloads\FRST.exe
2014-04-08 12:56 - 2014-04-08 12:57 - 00000000 ____D () C:\AdwCleaner
2014-04-08 12:55 - 2014-04-08 12:55 - 01426178 _____ () C:\Users\spooke\Downloads\AdwCleaner.exe
2014-04-06 22:57 - 2014-04-06 22:57 - 00463752 _____ () C:\Windows\Minidump\040614-20654-01.dmp
2014-04-06 18:05 - 2014-04-06 18:05 - 00113580 _____ () C:\Users\spooke\Desktop\OTL.Txt
2014-04-04 11:31 - 2014-04-04 11:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-04 10:08 - 2014-04-04 10:08 - 00002244 _____ () C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2014-04-04 10:07 - 2014-04-04 10:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-03 10:29 - 2014-04-03 10:29 - 00000744 _____ () C:\Windows\KB893803v2.log
2014-04-02 16:14 - 2014-04-08 12:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 16:14 - 2014-04-06 18:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 16:13 - 2014-04-06 18:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-02 16:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-02 16:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-02 16:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 16:13 - 2014-04-02 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 21:15 - 2014-04-01 21:15 - 00082672 _____ () C:\Users\spooke\Downloads\Extras.Txt
2014-04-01 21:14 - 2014-04-06 17:59 - 00113580 _____ () C:\Users\spooke\Downloads\OTL.Txt
2014-04-01 19:00 - 2014-04-01 19:02 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\spooke\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 18:53 - 2014-04-01 18:53 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-04-01 18:45 - 2014-04-01 18:51 - 18486760 _____ (SUPERAntiSpyware) C:\Users\spooke\Downloads\SAS_5432.EXE
2014-03-31 17:58 - 2014-03-31 17:59 - 00602112 _____ (OldTimer Tools) C:\Users\spooke\Downloads\OTL (1).exe
2014-03-31 17:57 - 2014-03-31 17:57 - 00602112 _____ (OldTimer Tools) C:\Users\spooke\Downloads\OTL.exe
2014-03-26 07:31 - 2014-03-26 07:31 - 00000000 ____D () C:\Users\spooke\Documents\Fax
2014-03-22 09:08 - 2014-03-22 09:08 - 00000000 ____D () C:\Users\spooke\Documents\EVE
2014-03-22 09:05 - 2014-03-22 09:05 - 00001895 _____ () C:\Users\spooke\Desktop\EVE.lnk
2014-03-22 09:05 - 2014-03-22 09:05 - 00000066 _____ () C:\Windows\131942
2014-03-22 09:05 - 2014-03-22 09:05 - 00000000 ____D () C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
2014-03-22 04:50 - 2014-03-22 04:50 - 00000000 ____D () C:\Program Files (x86)\CCP
2014-03-21 15:51 - 2014-03-21 15:51 - 00000000 ____D () C:\Users\spooke\AppData\Local\CCP
2014-03-21 09:59 - 2014-03-21 09:59 - 00316112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 20:05 - 2014-03-14 20:05 - 00000000 ____D () C:\Users\spooke\AppData\Local\Microsoft Help
2014-03-14 19:43 - 2013-10-25 17:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-14 19:43 - 2013-10-25 08:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-14 19:42 - 2014-02-23 18:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 19:42 - 2014-02-23 18:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 19:42 - 2014-02-23 18:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-14 19:42 - 2014-02-23 18:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-14 19:42 - 2014-02-23 18:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 19:42 - 2014-02-23 18:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 19:42 - 2014-02-23 18:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 19:42 - 2014-02-23 18:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 19:42 - 2014-02-23 18:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 19:42 - 2014-02-23 18:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 19:42 - 2014-02-23 18:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 19:42 - 2014-02-23 18:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-14 19:42 - 2014-02-23 18:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-14 19:42 - 2014-02-23 18:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 19:42 - 2014-02-23 18:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 19:42 - 2014-02-23 18:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 19:42 - 2014-02-23 16:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 19:42 - 2014-02-23 16:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 19:42 - 2014-02-23 16:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 19:42 - 2014-02-23 16:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 19:42 - 2014-02-23 16:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 19:42 - 2014-02-23 16:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 19:42 - 2014-02-23 14:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-14 19:42 - 2014-02-08 14:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 19:40 - 2013-12-07 16:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-14 19:40 - 2013-12-07 15:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-14 19:39 - 2014-02-06 09:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 19:39 - 2014-02-06 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 19:39 - 2014-01-31 10:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 19:39 - 2014-01-31 10:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

==================== One Month Modified Files and Folders =======

2014-04-08 13:05 - 2014-04-08 13:05 - 00013839 _____ () C:\Users\spooke\Downloads\FRST.txt
2014-04-08 13:05 - 2014-04-08 13:04 - 00000000 ____D () C:\FRST
2014-04-08 13:05 - 2013-09-24 13:27 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2403232998-3213391607-3185536033-1003
2014-04-08 13:04 - 2014-04-08 13:04 - 02157056 _____ (Farbar) C:\Users\spooke\Downloads\FRST64.exe
2014-04-08 13:04 - 2012-07-26 17:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 13:01 - 2014-04-08 13:01 - 01145856 _____ (Farbar) C:\Users\spooke\Downloads\FRST.exe
2014-04-08 13:00 - 2013-09-24 17:38 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 13:00 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-08 12:59 - 2014-04-02 16:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 12:59 - 2013-09-20 13:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-08 12:59 - 2013-09-20 12:23 - 00160054 _____ () C:\Windows\PFRO.log
2014-04-08 12:59 - 2012-07-26 17:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 12:58 - 2012-07-26 15:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-04-08 12:57 - 2014-04-08 12:56 - 00000000 ____D () C:\AdwCleaner
2014-04-08 12:55 - 2014-04-08 12:55 - 01426178 _____ () C:\Users\spooke\Downloads\AdwCleaner.exe
2014-04-08 12:24 - 2013-09-24 17:57 - 00000000 ____D () C:\Users\spooke\AppData\Roaming\TS3Client
2014-04-08 12:07 - 2013-09-24 17:38 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 12:00 - 2013-10-24 15:44 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-08 12:00 - 2013-09-24 18:59 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-08 11:56 - 2013-09-24 13:21 - 00000000 ____D () C:\Users\spooke\AppData\Local\Packages
2014-04-08 10:25 - 2013-09-20 12:27 - 01241026 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 22:17 - 2013-11-12 07:08 - 00000000 ____D () C:\Users\spooke\AppData\Roaming\ClassicShell
2014-04-07 17:31 - 2013-09-24 18:59 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-06 22:57 - 2014-04-06 22:57 - 00463752 _____ () C:\Windows\Minidump\040614-20654-01.dmp
2014-04-06 22:57 - 2013-09-26 04:44 - 641197471 _____ () C:\Windows\MEMORY.DMP
2014-04-06 22:57 - 2013-09-20 13:45 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 21:00 - 2013-12-03 20:19 - 00000000 ____D () C:\Users\spooke\Desktop\Time sheets
2014-04-06 18:40 - 2014-04-02 16:14 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-06 18:40 - 2014-04-02 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-06 18:05 - 2014-04-06 18:05 - 00113580 _____ () C:\Users\spooke\Desktop\OTL.Txt
2014-04-06 17:59 - 2014-04-01 21:14 - 00113580 _____ () C:\Users\spooke\Downloads\OTL.Txt
2014-04-06 17:18 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-06 17:14 - 2012-07-26 17:21 - 00032304 _____ () C:\Windows\setupact.log
2014-04-06 17:13 - 2013-09-24 17:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-04 11:31 - 2014-04-04 11:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-04 11:31 - 2014-03-08 17:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-04 11:31 - 2014-01-05 20:06 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-04-04 11:31 - 2013-09-24 17:38 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-04 11:31 - 2013-09-24 17:38 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-04 11:31 - 2013-09-24 17:38 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-04 11:31 - 2013-09-24 17:38 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-04 11:31 - 2013-09-24 17:38 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-04 11:31 - 2013-09-24 17:38 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-04 11:31 - 2013-09-24 17:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-04 10:08 - 2014-04-04 10:08 - 00002244 _____ () C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2014-04-04 10:07 - 2014-04-04 10:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-04 09:57 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-03 10:29 - 2014-04-03 10:29 - 00000744 _____ () C:\Windows\KB893803v2.log
2014-04-03 09:51 - 2014-04-02 16:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-02 16:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-02 16:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 17:02 - 2013-09-24 17:38 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 17:02 - 2013-09-24 17:38 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 16:13 - 2014-04-02 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 21:15 - 2014-04-01 21:15 - 00082672 _____ () C:\Users\spooke\Downloads\Extras.Txt
2014-04-01 19:02 - 2014-04-01 19:00 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\spooke\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 18:53 - 2014-04-01 18:53 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-04-01 18:51 - 2014-04-01 18:45 - 18486760 _____ (SUPERAntiSpyware) C:\Users\spooke\Downloads\SAS_5432.EXE
2014-03-31 17:59 - 2014-03-31 17:58 - 00602112 _____ (OldTimer Tools) C:\Users\spooke\Downloads\OTL (1).exe
2014-03-31 17:57 - 2014-03-31 17:57 - 00602112 _____ (OldTimer Tools) C:\Users\spooke\Downloads\OTL.exe
2014-03-30 14:39 - 2013-09-24 17:38 - 00000000 ____D () C:\Users\spooke\AppData\Local\Google
2014-03-27 16:05 - 2014-02-22 17:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-26 07:31 - 2014-03-26 07:31 - 00000000 ____D () C:\Users\spooke\Documents\Fax
2014-03-22 09:08 - 2014-03-22 09:08 - 00000000 ____D () C:\Users\spooke\Documents\EVE
2014-03-22 09:05 - 2014-03-22 09:05 - 00001895 _____ () C:\Users\spooke\Desktop\EVE.lnk
2014-03-22 09:05 - 2014-03-22 09:05 - 00000066 _____ () C:\Windows\131942
2014-03-22 09:05 - 2014-03-22 09:05 - 00000000 ____D () C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
2014-03-22 04:50 - 2014-03-22 04:50 - 00000000 ____D () C:\Program Files (x86)\CCP
2014-03-21 15:51 - 2014-03-21 15:51 - 00000000 ____D () C:\Users\spooke\AppData\Local\CCP
2014-03-21 10:14 - 2014-01-17 15:10 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-03-21 09:59 - 2014-03-21 09:59 - 00316112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-20 17:31 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\rescache
2014-03-20 17:17 - 2013-09-25 16:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 17:16 - 2013-09-25 16:54 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-20 17:16 - 2012-07-26 15:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-20 17:02 - 2013-09-24 17:43 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-20 16:53 - 2013-09-25 12:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-20 16:04 - 2013-09-24 13:21 - 00000000 ___RD () C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 16:04 - 2013-09-24 13:21 - 00000000 ___RD () C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 16:02 - 2012-07-26 18:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-20 16:02 - 2012-07-26 18:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-20 16:02 - 2012-07-26 18:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-20 16:02 - 2012-07-26 18:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-20 16:02 - 2012-07-26 18:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-20 16:01 - 2014-02-22 11:08 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-03-14 20:05 - 2014-03-14 20:05 - 00000000 ____D () C:\Users\spooke\AppData\Local\Microsoft Help

Files to move or delete:
====================
C:\Users\spooke\jagex_cl_runescape_LIVE.dat
C:\Users\spooke\random.dat

Some content of TEMP:
====================
C:\Users\spooke\AppData\Local\Temp\drm_dialogs.dll
C:\Users\spooke\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\spooke\AppData\Local\Temp\OfficeSetup.exe
C:\Users\spooke\AppData\Local\Temp\Quarantine.exe
C:\Users\spooke\AppData\Local\Temp\_is5899.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-08 11:36

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by spooke at 2014-04-08 13:05:41
Running from C:\Users\spooke\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Antec CC (HKLM-x32\...\{15E36881-D2F0-4730-B51C-4BE85647F702}) (Version: 1.2.0000 - Antec Inc.)
Antec CC Driver x64 (HKLM-x32\...\{8CF25D78-1DA6-4206-B0CE-5FA8155E36E0}) (Version: 3.2.0100 - Antec Inc.)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2016 - Avast Software)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® - World at War™ (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty® - World at War™ (x32 Version: 1.0 - Activision) Hidden
Call of Duty® 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.2 - Activision)
Call of Duty® 2 (x32 Version: 1.2 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
Company of Heroes (HKLM-x32\...\{66F78C51-D108-4F0C-A93C-1CBE74CE338F}) (Version: 1.0.0.99 - THQ Inc.)
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
War Thunder Launcher 1.0.1.302 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812SEA}_is1) (Version:  - Wargaming.net)

==================== Restore Points  =========================

20-03-2014 07:15:56 Windows Update
27-03-2014 16:08:55 Scheduled Checkpoint
04-04-2014 01:29:29 avast! antivirus system restore point

==================== Hosts content: ==========================

2012-07-26 15:26 - 2012-07-26 15:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {015D5F4E-9AFA-4868-BF30-11A5D18B757D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {05C0DAF8-D7F5-473C-A63E-D7399D70305D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3C467652-B47E-480E-A2AC-32380B3CA6C1} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {6AC873DF-F8AD-4212-AAE6-7BAC5E354608} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-04] (AVAST Software)
Task: {91B9101A-F297-44D9-B9D3-FED8D5067E3D} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {9D5FC548-E123-4FC2-85DD-FB195BAF411A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A9E44C57-3840-423D-B896-1DA45E39356C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-20 16:20 - 2013-10-31 16:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-25 12:57 - 2014-01-02 17:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-09-24 18:59 - 2013-11-01 14:20 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-20 16:38 - 2014-03-20 16:38 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-26 19:48 - 2012-07-26 19:46 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2009-10-14 12:36 - 2009-10-14 12:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 12:34 - 2009-10-14 12:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-04-07 20:26 - 2014-04-07 20:26 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040700\algo.dll
2014-02-05 23:52 - 2014-02-05 23:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-05 23:52 - 2014-02-05 23:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-10 19:41 - 2013-12-10 19:41 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2014 01:03:41 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16843 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1050

Start Time: 01cf52d6b3260e03

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 5f8946f5-beca-11e3-be94-bc5ff4d5a3ad

Faulting package full name:

Faulting package-relative application ID:

Error: (04/06/2014 10:51:12 PM) (Source: Bonjour Service) (User: )
Description: Timed out waiting for acknowledgement of machine sleep

Error: (04/03/2014 10:29:11 AM) (Source: Windows Installer 3.1) (User: )
Description: WindowsNot enough storage is available to process this command.

Error: (04/01/2014 07:29:17 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18c8

Start Time: 01cf4d8c5664c901

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 173ba9fb-b980-11e3-be91-bc5ff4d5a3ad

Faulting package full name:

Faulting package-relative application ID:

Error: (04/01/2014 07:25:35 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1928

Start Time: 01cf4d87e705d828

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 92f56380-b97f-11e3-be91-bc5ff4d5a3ad

Faulting package full name:

Faulting package-relative application ID:

Error: (04/01/2014 06:53:50 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a34

Start Time: 01cf4d06f8d235d8

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 2381e133-b97b-11e3-be91-bc5ff4d5a3ad

Faulting package full name:

Faulting package-relative application ID:

Error: (04/01/2014 03:30:55 AM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1040

Start Time: 01cf4cb75a39e304

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 3552d28a-b8fa-11e3-be91-bc5ff4d5a3ad

Faulting package full name:

Faulting package-relative application ID:

Error: (03/31/2014 06:00:59 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 20

Start Time: 01cf4cb7449819e7

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 96c4e034-b8aa-11e3-be91-bc5ff4d5a3ad

Faulting package full name:

Faulting package-relative application ID:

Error: (03/31/2014 06:00:23 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1350

Start Time: 01cf4cb4de6d0791

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 7f574aaa-b8aa-11e3-be91-bc5ff4d5a3ad

Faulting package full name:

Faulting package-relative application ID:

Error: (03/28/2014 06:04:54 PM) (Source: MsiInstaller) (User: Craig)
Description: Product: AGEIA PhysX v7.07.09 -- Installation terminated

System errors:
=============
Error: (04/08/2014 01:01:47 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/08/2014 01:01:47 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/08/2014 00:59:22 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (04/06/2014 10:59:44 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/06/2014 10:59:44 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/06/2014 10:57:55 PM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000004, 0x000000000000012c, 0xfffffa800b693140, 0xfffff8024dee0790)C:\Windows\MEMORY.DMP040614-20654-01

Error: (04/06/2014 10:56:59 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (04/06/2014 10:57:17 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:16:26 PM on ‎6/‎04/‎2014 was unexpected.

Error: (04/06/2014 05:27:48 PM) (Source: usbehci) (User: )
Description: A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.

Error: (04/01/2014 07:34:55 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Microsoft Office Sessions:
=========================
Error: (04/08/2014 01:03:41 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16843105001cf52d6b3260e030C:\Program Files\Internet Explorer\iexplore.exe5f8946f5-beca-11e3-be94-bc5ff4d5a3ad

Error: (04/06/2014 10:51:12 PM) (Source: Bonjour Service)(User: )
Description: Timed out waiting for acknowledgement of machine sleep

Error: (04/03/2014 10:29:11 AM) (Source: Windows Installer 3.1)(User: )
Description: WindowsNot enough storage is available to process this command.

Error: (04/01/2014 07:29:17 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.2.9200.1662818c801cf4d8c5664c9010C:\Windows\explorer.exe173ba9fb-b980-11e3-be91-bc5ff4d5a3ad

Error: (04/01/2014 07:25:35 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.2.9200.16628192801cf4d87e705d8280C:\Windows\explorer.exe92f56380-b97f-11e3-be91-bc5ff4d5a3ad

Error: (04/01/2014 06:53:50 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.2.9200.166281a3401cf4d06f8d235d80C:\Windows\explorer.exe2381e133-b97b-11e3-be91-bc5ff4d5a3ad

Error: (04/01/2014 03:30:55 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.2.9200.16628104001cf4cb75a39e3040C:\Windows\explorer.exe3552d28a-b8fa-11e3-be91-bc5ff4d5a3ad

Error: (03/31/2014 06:00:59 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.2.9200.166282001cf4cb7449819e70C:\Windows\explorer.exe96c4e034-b8aa-11e3-be91-bc5ff4d5a3ad

Error: (03/31/2014 06:00:23 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.16628135001cf4cb4de6d07910C:\Windows\Explorer.EXE7f574aaa-b8aa-11e3-be91-bc5ff4d5a3ad

Error: (03/28/2014 06:04:54 PM) (Source: MsiInstaller)(User: Craig)
Description: Product: AGEIA PhysX v7.07.09 -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

 

 

OTL logfile created on: 8/04/2014 1:08:36 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\spooke\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16843)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
8.00 Gb Total Physical Memory | 6.48 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.27 Gb Available in Paging File | 89.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.17 Gb Total Space | 763.07 Gb Free Space | 81.95% Space Free | Partition Type: NTFS
Drive H: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CRAIG | User Name: spooke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/04 11:31:21 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/04 11:31:21 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/31 17:59:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\spooke\Downloads\OTL (1).exe
PRC - [2014/03/28 18:03:31 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2014/03/03 08:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/03 08:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/19 04:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/19 06:43:06 | 001,677,080 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files (x86)\GameTracker\GSInGameService.exe
PRC - [2013/11/01 14:20:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/10 19:41:23 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/04 11:31:21 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/01 03:16:08 | 002,169,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2013/10/25 17:34:55 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/16 15:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/25 08:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 19:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 16:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 16:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 14:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 12:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 12:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/10 09:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 09:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 16:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 13:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 13:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 13:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 13:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 13:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 13:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 13:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 13:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 13:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 13:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 13:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/03 08:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/03 08:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/19 04:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/19 06:43:06 | 001,677,080 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- C:\Program Files (x86)\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2013/11/01 14:20:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/26 13:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 13:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/08 12:59:59 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/04 11:31:22 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/04 11:31:22 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/04 11:31:22 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/04 11:31:22 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/04 11:31:22 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/04 11:31:22 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/04 11:31:22 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/10/25 17:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/25 08:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/10 21:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 16:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/02 12:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/16 15:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 16:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/07/09 18:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 11:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 11:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 16:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 13:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 20:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 20:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/10 11:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 13:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 14:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 13:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 18:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 17:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 17:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 17:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 15:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 15:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 15:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 15:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 15:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 15:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 15:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 15:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 15:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 15:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 15:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 15:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 15:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 15:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 15:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 15:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 15:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 14:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 14:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 13:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 12:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 12:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 12:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 12:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 12:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 12:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 12:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 12:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 12:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 12:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 12:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 12:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 12:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 12:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 12:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 12:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 12:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 12:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 12:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 12:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 12:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/04 01:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/03 00:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/03 00:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/23 08:39:28 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AseUSBCC.sys -- (ASEUSBCC)
DRV:64bit: - [2009/10/07 18:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 18:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 18:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LVPr2M64.sys -- (LVPr2M64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A A4 F0 17 E5 B8 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...SAVT_en-GBAU555
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Docs = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Skype Click to Call = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: Google Wallet = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\spooke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/07/26 15:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29C8BDF7-3AE4-4D73-9B13-3948839CBF60}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7163EEE-507A-44A5-BB87-51E3DCC57FB7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4AFE336-E5D0-484B-AE06-B9409E478E7B}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/16 10:53:55 | 000,000,142 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9897e623-219b-11e3-be65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9897e623-219b-11e3-be65-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup\rsrc\Autorun.exe -- [2007/08/16 11:55:00 | 000,051,048 | R--- | M] (Activision)
O33 - MountPoints2\{9897e623-219b-11e3-be65-806e6f6e6963}\Shell\dinstall\command - "" = H:\DirectX\DXSETUP.exe -- [2008/05/31 08:34:50 | 000,528,392 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootMin:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootMin:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootMin:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootMin:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TBS - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootNet:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootNet:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootNet:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootNet:64bit: netprofm - C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdpencdd.sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SmartcardSimulator - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TBS - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: VaultSvc - C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: VirtualSmartcardReader - Driver
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: Wcmsvc - C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/08 13:04:32 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/08 12:56:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/04 11:31:22 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/04 10:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014/04/02 16:14:20 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/02 16:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/02 16:13:58 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/02 16:13:58 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/02 16:13:58 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/02 16:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/02 16:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/01 18:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014/03/26 07:31:44 | 000,000,000 | R--D | C] -- C:\Users\spooke\Documents\Scanned Documents
[2014/03/26 07:31:43 | 000,000,000 | ---D | C] -- C:\Users\spooke\Documents\Fax
[2014/03/22 09:08:42 | 000,000,000 | ---D | C] -- C:\Users\spooke\Documents\EVE
[2014/03/22 09:05:32 | 000,000,000 | ---D | C] -- C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
[2014/03/22 04:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCP
[2014/03/21 15:51:41 | 000,000,000 | ---D | C] -- C:\Users\spooke\AppData\Local\CCP
[2014/03/14 20:05:22 | 000,000,000 | ---D | C] -- C:\Users\spooke\AppData\Local\Microsoft Help
[2014/03/14 19:43:04 | 000,248,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2014/03/14 19:43:04 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2014/03/14 19:42:33 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014/03/14 19:42:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/03/14 19:42:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/03/14 19:42:32 | 003,960,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/14 19:42:32 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/03/14 19:42:32 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/03/14 19:42:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/14 19:42:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/14 19:42:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/14 19:42:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/14 19:42:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/14 19:42:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014/03/14 19:42:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/14 19:42:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014/03/14 19:42:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/14 19:42:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/14 19:39:21 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/14 19:39:21 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/14 19:39:20 | 001,628,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/08 13:07:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/08 13:04:06 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/08 13:04:06 | 000,722,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/08 13:04:06 | 000,136,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/08 13:01:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/08 13:00:07 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/08 12:59:59 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/08 12:59:43 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/04/08 12:59:25 | 2576,334,847 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/08 12:00:15 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/04/08 12:00:15 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/04/07 17:31:54 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/04/06 22:57:05 | 641,197,471 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/06 18:40:16 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 11:31:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/04 11:31:22 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/04 11:31:22 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/04 11:31:22 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/04 11:31:22 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/04 11:31:22 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/04 11:31:22 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/04/04 11:31:22 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/04 11:31:22 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/04 11:31:22 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/22 09:05:40 | 000,000,066 | ---- | M] () -- C:\Windows\131942
[2014/03/22 09:05:32 | 000,001,895 | ---- | M] () -- C:\Users\spooke\Desktop\EVE.lnk
[2014/03/21 09:59:31 | 000,316,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/20 17:02:21 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/20 16:01:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/04 10:08:24 | 000,002,244 | ---- | C] () -- C:\Users\spooke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2014/04/02 16:14:00 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 09:05:40 | 000,000,066 | ---- | C] () -- C:\Windows\131942
[2014/03/22 09:05:32 | 000,001,895 | ---- | C] () -- C:\Users\spooke\Desktop\EVE.lnk
[2014/03/21 09:59:25 | 000,316,112 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/28 07:16:18 | 000,000,045 | ---- | C] () -- C:\Users\spooke\jagex_cl_runescape_LIVE.dat
[2013/11/28 07:16:18 | 000,000,024 | ---- | C] () -- C:\Users\spooke\random.dat
[2013/11/01 10:45:45 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2013/09/27 08:58:37 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/09/27 08:47:34 | 000,000,017 | ---- | C] () -- C:\Users\spooke\AppData\Local\resmon.resmoncfg
[2013/09/25 16:58:34 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2013/09/24 18:59:58 | 000,281,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/09/24 18:59:54 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/09/24 18:59:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/26 15:42:24 | 000,336,232 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/10/26 15:42:22 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/10/26 15:42:22 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/07/26 18:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 18:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 17:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 11:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/26 06:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/26 06:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/03 00:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013/09/24 19:00:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/12/07 16:36:58 | 019,751,936 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/07 15:15:36 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 13:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 13:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 13:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD10EZEX-00KUWA0
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 350.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 368050176
Hidden sectors: 0
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\assembly\GAC_32\*.ini >
 
< %systemroot%\assembly\GAC_64\*.ini >
 
< %SYSTEMDRIVE%\*.exe >
 
< %ALLUSERSPROFILE%\Application Data\*.exe >
 
< %APPDATA%\*. >
[2013/09/28 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\Adobe
[2013/10/26 21:13:20 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\Apple Computer
[2013/12/11 15:16:07 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\AVAST Software
[2014/04/07 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\ClassicShell
[2013/12/30 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\GameTracker
[2013/09/24 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\Google
[2013/10/14 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\InstallShield
[2014/02/22 11:16:07 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\Leadertech
[2013/09/24 15:15:40 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\Macromedia
[2013/10/18 16:14:53 | 000,000,000 | --SD | M] -- C:\Users\spooke\AppData\Roaming\Microsoft
[2013/11/28 07:18:11 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\NVIDIA
[2014/02/23 11:43:04 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\Skype
[2014/04/08 12:24:29 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\TS3Client
[2013/10/14 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\Ubisoft
[2013/09/25 05:22:38 | 000,000,000 | ---D | M] -- C:\Users\spooke\AppData\Roaming\Wargaming.net
 
< MD5 for: ATAPI.SYS  >
[2012/07/26 15:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\drivers\atapi.sys
[2012/07/26 15:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys
[2012/07/26 15:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_b733d17ea1e7f604\atapi.sys
[2012/07/26 15:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys
[2012/07/26 15:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16548_none_36311422ab29f479\atapi.sys
[2012/07/26 15:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.20652_none_36a9df45c455182a\atapi.sys
 
< MD5 for: CSRSS.EXE  >
[2012/07/26 15:26:45 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=0D9F14739D05F8B8B028B539FC6F1F29 -- C:\Windows\SysNative\csrss.exe
[2012/07/26 15:26:45 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=0D9F14739D05F8B8B028B539FC6F1F29 -- C:\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.2.9200.16384_none_b1ad8b3c6dd9e443\csrss.exe
 
< MD5 for: EXPLORER.EXE  >
[2013/06/01 21:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 21:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/10/01 08:45:45 | 000,221,955 | ---- | M] () MD5=1ECE041EA5E874EACFACAF669935C99C -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/10/01 08:45:47 | 000,220,310 | ---- | M] () MD5=256368C2692116A3C548604C2CE27D76 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/10/01 09:45:38 | 000,190,101 | ---- | M] () MD5=41ADFECAD97C72667F6479DB939988CE -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/10/01 08:45:51 | 000,217,360 | ---- | M] () MD5=42DAB268EC6A5E5E7A8F78767C741FE3 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/10/01 09:45:32 | 000,191,911 | ---- | M] () MD5=58651E841B6FF7ACF85E594B9EAC7105 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/10/01 08:45:49 | 000,220,321 | ---- | M] () MD5=79E71E463607319EE26EBD67D7E20E33 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/10/01 09:45:29 | 000,193,351 | ---- | M] () MD5=D1B38051A708991B2A648BDFB0AC859F -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/10/01 09:45:35 | 000,191,929 | ---- | M] () MD5=D676C58091D282BCAFBFE8EF86FCE977 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/06/01 20:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 20:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
 
< MD5 for: MSWSOCK.DLL  >
[2013/10/03 19:12:35 | 000,009,902 | ---- | M] () MD5=16C7FAC176EBA765AF492ABEF26A48B2 -- C:\Windows\WinSxS\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.2.9200.16384_none_b4fe62e6feb2834f\mswsock.dll
[2012/10/11 15:44:51 | 000,355,328 | ---- | M] (Microsoft Corporation) MD5=1AC307A2F7317007BC382046B3835202 -- C:\Windows\SysNative\mswsock.dll
[2012/10/11 15:44:51 | 000,355,328 | ---- | M] (Microsoft Corporation) MD5=1AC307A2F7317007BC382046B3835202 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.2.9200.16433_none_11520fa2b6e84ca0\mswsock.dll
[2013/10/03 19:12:35 | 000,000,998 | ---- | M] () MD5=46BC0577DE994B898EFD4CCD8C9FCDDB -- C:\Windows\WinSxS\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.2.9200.20534_none_b5be113417a7948b\mswsock.dll
[2013/10/01 09:34:19 | 000,001,574 | ---- | M] () MD5=A8CD55E55B81EA12777D31688243094E -- C:\Windows\WinSxS\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.2.9200.16384_none_111cfe6ab70ff485\mswsock.dll
[2012/10/11 15:06:45 | 000,289,280 | ---- | M] (Microsoft Corporation) MD5=C317E72447B437F99CC750BD876DF30E -- C:\Windows\SysWOW64\mswsock.dll
[2012/10/11 15:06:45 | 000,289,280 | ---- | M] (Microsoft Corporation) MD5=C317E72447B437F99CC750BD876DF30E -- C:\Windows\WinSxS\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.2.9200.16433_none_b533741efe8adb6a\mswsock.dll
[2013/10/01 09:34:20 | 000,000,945 | ---- | M] () MD5=D5D615CF095EBAF7ECE1339D7E05A39B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.2.9200.20534_none_11dcacb7d00505c1\mswsock.dll
 
< MD5 for: NAPINSP.DLL  >
[2012/07/26 13:06:32 | 000,066,560 | ---- | M] (Microsoft Corporation) MD5=149FEE067A002D75B7714C300D019C9E -- C:\Windows\SysNative\NapiNSP.dll
[2012/07/26 13:06:32 | 000,066,560 | ---- | M] (Microsoft Corporation) MD5=149FEE067A002D75B7714C300D019C9E -- C:\Windows\WinSxS\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.2.9200.16384_none_04e6e82d18f51cb7\NapiNSP.dll
[2012/07/26 13:19:20 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=E896C75EE5CB36A252B1C908E2DDAB2C -- C:\Windows\SysWOW64\NapiNSP.dll
[2012/07/26 13:19:20 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=E896C75EE5CB36A252B1C908E2DDAB2C -- C:\Windows\WinSxS\wow64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.2.9200.16384_none_0f3b927f4d55deb2\NapiNSP.dll
 
< MD5 for: NLAAPI.DLL  >
[2013/10/01 09:16:53 | 000,000,577 | ---- | M] () MD5=215FFB4020673E1ED30C09634F9BB083 -- C:\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.16384_none_c04f9d2b94ae7b5c\nlaapi.dll
[2013/10/01 09:59:26 | 000,000,562 | ---- | M] () MD5=5B320B60B1CF2BA396073D707E19490D -- C:\Windows\WinSxS\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.16420_none_cae127c3c8e22d7c\nlaapi.dll
[2013/10/01 09:59:26 | 000,000,571 | ---- | M] () MD5=7625DABF7E53DBE548AD710570C97E09 -- C:\Windows\WinSxS\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.16384_none_caa4477dc90f3d57\nlaapi.dll
[2013/10/01 09:59:26 | 000,000,556 | ---- | M] () MD5=AB9A01083E8AD1C92C02F635785FB39A -- C:\Windows\WinSxS\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.20623_none_cb6dc752e1fd1672\nlaapi.dll
[2013/10/01 09:16:53 | 000,000,504 | ---- | M] () MD5=B30EAA791FAF49C7897093A76CD29BD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.16420_none_c08c7d7194816b81\nlaapi.dll
[2013/10/01 09:59:26 | 000,000,570 | ---- | M] () MD5=B7EA5AA6168BDB4950E7E6D9A9D454C6 -- C:\Windows\WinSxS\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.20521_none_cb6bc4d8e1fee69d\nlaapi.dll
[2013/10/01 09:16:54 | 000,000,564 | ---- | M] () MD5=CB11BF95C7B097174B2582080691963C -- C:\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.20521_none_c1171a86ad9e24a2\nlaapi.dll
[2013/10/01 09:16:55 | 000,000,577 | ---- | M] () MD5=CC759F0A6A82B7C3FC86099C4CA2ED2E -- C:\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.20623_none_c1191d00ad9c5477\nlaapi.dll
[2013/02/02 18:39:34 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=DA74DB6E019D7B27C7EA25155EE6DE34 -- C:\Windows\SysWOW64\nlaapi.dll
[2013/02/02 18:39:34 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=DA74DB6E019D7B27C7EA25155EE6DE34 -- C:\Windows\WinSxS\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.16518_none_caf3fbe5c8d2d96a\nlaapi.dll
[2012/09/20 16:32:17 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=F0C56FAF38A244599CBC173D581E27FC -- C:\Windows\SysNative\nlaapi.dll
[2012/09/20 16:32:17 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=F0C56FAF38A244599CBC173D581E27FC -- C:\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.2.9200.16518_none_c09f51939472176f\nlaapi.dll
 
< MD5 for: PNRPNSP.DLL  >
[2012/07/26 13:06:58 | 000,085,504 | ---- | M] (Microsoft Corporation) MD5=CA4FAFFA957C71C006B59E29DFE3EB8B -- C:\Windows\SysNative\pnrpnsp.dll
[2012/07/26 13:06:58 | 000,085,504 | ---- | M] (Microsoft Corporation) MD5=CA4FAFFA957C71C006B59E29DFE3EB8B -- C:\Windows\WinSxS\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.2.9200.16384_none_ca48bd17ac38cb00\pnrpnsp.dll
[2012/07/26 13:19:42 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=E31D5851E5F789D29DB955C75C3760BA -- C:\Windows\SysWOW64\pnrpnsp.dll
[2012/07/26 13:19:42 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=E31D5851E5F789D29DB955C75C3760BA -- C:\Windows\WinSxS\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.2.9200.16384_none_d49d6769e0998cfb\pnrpnsp.dll
 
< MD5 for: PRINTISOLATIONHOST.EXE  >
[2012/07/26 13:08:36 | 000,075,776 | ---- | M] (Microsoft Corporation) MD5=827D109E7C4213C41C76C5D7A05C483C -- C:\Windows\SysNative\PrintIsolationHost.exe
[2012/07/26 13:08:36 | 000,075,776 | ---- | M] (Microsoft Corporation) MD5=827D109E7C4213C41C76C5D7A05C483C -- C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.2.9200.16384_none_f578ba52e86663f9\PrintIsolationHost.exe
 
< MD5 for: SERVICES.EXE  >
[2012/09/20 16:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012/09/20 16:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2013/10/01 09:21:45 | 000,038,189 | ---- | M] () MD5=D57F7B680D3045BC6F85A8C210078583 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2013/10/01 09:21:46 | 000,001,252 | ---- | M] () MD5=E1EAA0EC671C4ADE67FF191C519E98CE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2013/10/01 09:23:04 | 000,002,873 | ---- | M] () MD5=14322A935ED41E8B22CFBE5DFA5850FD -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2013/10/03 19:09:41 | 000,000,583 | ---- | M] () MD5=3B510520265DE4086A10617127817E3C -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
[2013/10/03 19:09:40 | 000,003,208 | ---- | M] () MD5=7DE9ABDC7A673AD08516F0B077E89C29 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2013/10/01 09:23:04 | 000,000,609 | ---- | M] () MD5=935D512CF5E5B77C7DF909CF074F57FA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2012/09/20 15:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/09/20 15:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2012/09/20 16:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012/09/20 16:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
 
< MD5 for: USER32.DLL  >
[2013/10/01 09:33:53 | 000,001,406 | ---- | M] () MD5=2777CE80C7915D3EEFD78B9D8D2368DF -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_260213a5f720b529\user32.dll
[2013/10/01 09:33:53 | 000,001,384 | ---- | M] () MD5=318FAD08ED3086FA0D6673B52222B122 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_26c9910110105e6f\user32.dll
[2013/10/02 08:24:15 | 000,000,178 | ---- | M] () MD5=A5644D63ADB079D482FD08D5E7779AE0 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_311e3b534471206a\user32.dll
[2012/09/20 16:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\SysNative\user32.dll
[2012/09/20 16:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_263ef3ebf6f3a54e\user32.dll
[2012/09/20 14:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\SysWOW64\user32.dll
[2012/09/20 14:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_30939e3e2b546749\user32.dll
[2013/10/02 08:24:14 | 000,000,190 | ---- | M] () MD5=BE234AC81A486F59F3B40C76BD3997C9 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_3056bdf82b817724\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2012/07/26 13:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/26 13:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/26 13:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/26 13:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
[2014/04/01 18:44:32 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) MD5=C038AC0153BFFE7F8778D404C0872317 -- C:\Users\spooke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJBHMPKU\uSeRiNiT.exe
 
< MD5 for: WINLOGON.EXE  >
[2013/10/01 09:38:40 | 000,053,889 | ---- | M] () MD5=299D58FAE8D16B0BC2D1D4E07A19B635 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2013/10/01 09:38:41 | 000,001,620 | ---- | M] () MD5=BAAB86E0139A81CA0F56017C2FB84BB8 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2012/10/11 15:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012/10/11 15:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2014/04/01 18:59:24 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) MD5=C038AC0153BFFE7F8778D404C0872317 -- C:\Users\spooke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJBHMPKU\WiNlOgOn.exe
[2013/10/01 09:38:41 | 000,053,884 | ---- | M] () MD5=C72229EC9026AD8541881911A9BAC83D -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2013/10/01 09:38:40 | 000,053,876 | ---- | M] () MD5=EB216271555A102E51D837B3E8D8F74B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
 
< MD5 for: WINRNR.DLL  >
[2012/07/26 13:07:57 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=768B5A538A11E9C6F8EDD9AFDFA16936 -- C:\Windows\SysNative\winrnr.dll
[2012/07/26 13:07:57 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=768B5A538A11E9C6F8EDD9AFDFA16936 -- C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.2.9200.16384_none_b217fa53d9da6d61\winrnr.dll
[2012/07/26 13:20:25 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=BAB337D3F4C2ECDF883B9CAEC41F49FB -- C:\Windows\SysWOW64\winrnr.dll
[2012/07/26 13:20:25 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=BAB337D3F4C2ECDF883B9CAEC41F49FB -- C:\Windows\WinSxS\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.2.9200.16384_none_55f95ed0217cfc2b\winrnr.dll
 
< MD5 for: WSHELPER.DLL  >
[2012/07/26 13:20:39 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=261FDB43C7772B71E44D3B0D6161CD0B -- C:\Windows\SysWOW64\wshelper.dll
[2012/07/26 13:20:39 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=261FDB43C7772B71E44D3B0D6161CD0B -- C:\Windows\WinSxS\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.2.9200.16384_none_67a35424b57ff35b\wshelper.dll
[2012/07/26 13:08:12 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=ECBD769AE04E8A2ECDC2D12CB1C5EB41 -- C:\Windows\SysNative\wshelper.dll
[2012/07/26 13:08:12 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=ECBD769AE04E8A2ECDC2D12CB1C5EB41 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.2.9200.16384_none_5d4ea9d2811f3160\wshelper.dll
 
< C:\Windows\assembly\tmp\U\*.* /s >
 
< %systemroot%\*. /mp /s >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/03/15 10:50:42 | 000,859,976 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014/03/15 10:50:42 | 000,859,976 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014/03/15 10:50:42 | 000,859,976 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014/03/15 10:50:42 | 000,859,976 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/02/23 19:38:10 | 000,775,344 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/02/23 19:38:10 | 000,775,344 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/03/15 10:50:42 | 000,859,976 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014/03/15 10:50:42 | 000,859,976 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014/03/15 10:50:42 | 000,859,976 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014/03/15 10:50:42 | 000,859,976 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/02/23 18:13:59 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/02/23 18:13:59 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/02/23 18:13:59 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/02/23 19:38:10 | 000,775,344 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014/02/23 19:38:10 | 000,775,344 | ---- | M] (Microsoft Corporation)
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %ProgramFiles%\WINDOWS NT\*.* /s >
[2013/03/02 18:24:08 | 004,298,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2013/03/02 18:23:39 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2012/07/26 19:43:02 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-GB\wordpad.exe.mui
[2012/07/26 13:20:05 | 000,598,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2012/06/03 00:40:28 | 000,013,862 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2012/06/03 00:40:28 | 001,272,944 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2012/06/03 00:40:28 | 000,980,224 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2012/06/03 00:40:28 | 000,013,874 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceTigrinya.txt
[2012/06/03 00:40:28 | 000,045,170 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2012/07/26 19:43:06 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

 

OTL Extras logfile created on: 8/04/2014 1:08:36 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\spooke\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16843)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
8.00 Gb Total Physical Memory | 6.48 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.27 Gb Available in Paging File | 89.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.17 Gb Total Space | 763.07 Gb Free Space | 81.95% Space Free | Partition Type: NTFS
Drive H: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CRAIG | User Name: spooke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022212B4-926F-4D71-859F-DC7FDB575042}" = rport=138 | protocol=17 | dir=out | app=system |
"{0E638B26-9FEB-428C-8BC9-A4EA320F981E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{18452207-A15A-441D-91C3-962D71964CE0}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E975B45-D95A-4CE8-8110-07A12B20005A}" = rport=445 | protocol=6 | dir=out | app=system |
"{557D7EF2-3FF0-4DBE-A6E1-7D4A0FDCD566}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73B2EEC1-F9D4-4E67-B72D-A34D20205999}" = lport=138 | protocol=17 | dir=in | app=system |
"{78F245D5-460A-4919-B709-D19F8FB1B228}" = lport=139 | protocol=6 | dir=in | app=system |
"{892F37A8-02FB-4F19-867A-5A134CBFC68E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0133B4B-F20F-4135-A1B7-841F677482C7}" = lport=445 | protocol=6 | dir=in | app=system |
"{D0345D24-BC51-4886-BBBA-D4817842526F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E02E47EA-BA1B-43C7-826F-5C14F78AF4BB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E4A115B0-BA0F-461E-9FB3-16A75FFF438F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A7482-61B2-41DD-BD9D-03675938DF77}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{0574D807-5828-4B93-A977-AC0488EB526F}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{087ED071-38F9-4193-BAE7-CC5C18DE537A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{09D7D88C-58B0-4DBC-937F-AE3BD2E78FEB}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{0B07F26F-7E72-450A-94D3-10C86ACC15DE}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{0FC41050-FE17-46BC-A04C-B1ED87553799}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{105A438F-36EB-4086-9F90-C5B522FF2DAA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{106E1986-96C3-44E8-BED7-62F6EF721889}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{11F09EE7-31EB-48E3-8A83-77DB06F57525}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{129289DB-8B87-437D-9980-2449175AE390}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{1698DA06-4BCD-4FCA-A250-878A42F4423C}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{1B58374A-CCF8-4F5C-8AA0-FB501CADAF46}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{22CCF4C8-6C8A-4D98-A761-9C2DBBB9F4D2}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{274BE586-13C2-497C-8118-5A2FAAE77E31}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{29E44B4A-F873-456D-9810-71A82D600974}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{2AD76277-7475-42D9-B4FA-958A6568020E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{2B23A950-D34B-44E3-9652-AACC22FC2D61}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{2D3987ED-E68F-47A7-A535-04D36D0386CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{31159A81-8892-4143-9A60-2C58431879E2}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{34A2CC58-F336-4E95-9979-90D5A8ECCD28}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{36CC39B9-F14D-4056-8FD1-24510346616B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{36ED48C2-95AF-4903-B6AC-172307B4F27D}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{3901EEA3-C68F-455A-9042-82DC79CC413B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3A85D301-2B74-4ABD-9607-D4A434AEEF61}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3B74ED33-E75B-453A-ACF8-3B29EB774B17}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3CAF5BC5-7143-46A6-92C9-0C00D51F64FF}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3E0E5F50-A65E-42EF-AFE4-AC3139CB0F80}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{45450B47-3DA2-48D2-A95F-A3BA493DC2FC}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{45C4F13C-D1D1-4ED1-B443-10D76AEF89D4}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{476CFC2B-3477-4940-B803-DBB29B620B27}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{4820023B-CDF6-4227-B2D2-65E9040608D8}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{48CCEE7D-A463-40ED-9E79-E8E5FBB1FEA2}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{4C066CFE-4AAB-4ACB-B9BB-EFC9F9965CFF}" = protocol=1 | dir=in | [email protected],-28543 |
"{4C309545-400E-4964-89AD-33B53358C2C2}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4E2324F1-7BDF-430E-B622-DED29624BDB0}" = dir=in | app=c:\users\spooke\appdata\local\microsoft\skydrive\skydrive.exe |
"{530A211A-5B11-4666-8AE8-3A422B8FD75D}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{5AC625B7-AD7E-4E6E-AAD9-A1A5C5B404AA}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{5C6688EC-7304-407C-98E5-C39FF183BC17}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{5F3AF9B4-0B6D-41A8-B65B-C5170B5C1E57}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{61106A24-1239-449E-B8E9-7502C65B87BC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{6248030C-BE11-4329-87CB-15840F368730}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6AE7643A-BE99-465C-9142-7A204FBBF552}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{6D85EB4C-EB63-4B9D-98A4-10D22326E6D3}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{723F84EE-072B-4B61-9260-60ABD5B66EED}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{765F418A-3F8E-4B67-9A63-706611F44B04}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{8068E40A-9DE9-451E-BBF1-4FF9A24968E8}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{817A1A95-E2BA-4568-A626-6BE916454B60}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{8424B5B2-B93C-4296-BACA-023B5E348000}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{86B40407-C03B-4D00-9D73-DEEBBD3D8E8C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{86DCC019-934D-4D86-935E-98E4E7DAB132}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{875E0CBB-C9F6-4817-AA6B-2C5AA051E779}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{8F8E5FAE-A92E-45B7-9094-FE9262F7F70B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{90DDD928-8FCF-48EB-A086-A41CCB7936FF}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{9434CFFE-7B62-4A97-B051-12E51B2BF2A9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{969EA9E9-EF19-4CA3-9572-4A3DBAE69803}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{9A9DB376-9052-4ED7-97D0-C85B5DC403A6}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{9B80EB21-BC1F-45EC-A54B-4118F947D1FF}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A0389938-7C63-4675-80B6-E7D47188DA83}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A26696BC-AB5A-41E0-8DEC-0B5C56E96932}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A39023BE-69C3-4B04-B7A2-4E4F757E34A8}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{A4C90163-0F0D-4F63-B214-9778D717613F}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{A57B5599-74A5-412F-A613-4F6E25531BA7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A610850C-69B3-451B-ABE3-B306674C5F0F}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{ABB238C6-A7A3-4007-ADB0-2BDF9BF9A7A7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{B2245597-D417-414A-AA1C-60AE21975F3D}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{B25BCA71-081E-4B69-BB0E-97EBC48DC677}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B832772E-EAC1-4ABD-9697-DB5616E6DF6C}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{B850CC6F-3546-44AF-9EDF-DB20B626607B}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{BF81C96B-CB7E-410E-9E3C-FA020D42AE71}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{C07E99F7-1746-46E7-BBAE-B8D0BB75229A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{C2B35F78-E2D8-45DA-AEF6-0543060B840A}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C2C28134-2F2F-42A7-B168-29C96F55DC9F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C391CB67-EDE6-4C5C-A8F5-BC27AFBBE638}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{C3C1AF87-D7C9-46FE-B127-F766DAF34C3D}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{C4AD8243-7911-47CF-84A3-02D1208BFCA4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4C8FCB9-920D-43F1-8A84-873EB34BD191}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{C9CCB64E-575A-4311-8CCC-346FC3AF8287}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{CCB4EE9D-0C7F-46FB-9944-BDCF3B09B2CF}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{CE160453-2E85-433E-A0CC-71B964C9CE29}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CF039EC2-B7BF-43EA-AE98-9CA6CD869A26}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{D2A84CB7-3946-4C8B-8834-14150F51B8B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{D4E2F64D-8926-49FF-B479-0491E53C94B7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D6539B22-937C-48EF-97CC-1260182AD326}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{D99BB179-1575-4F37-A9E0-02A844059910}" = protocol=1 | dir=out | [email protected],-28544 |
"{D9E782A9-CA53-4B44-9C6B-8FF302F4424F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{DA9A88AD-9819-4DDB-8EB7-8D37B9F2D770}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DB515C3D-2686-4DE8-A360-077B498674A6}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{DBBA206F-4C27-41E4-9E13-A0C39519E7A3}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{DD4CC858-FE89-4E5D-A55E-BC9E4A58D5D6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DD771279-0B7E-45A4-BF30-907A65B4A5D7}" = protocol=58 | dir=in | [email protected],-28545 |
"{DF76C8A6-EAC7-46BD-ACE4-5BB935779800}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E29FFADA-0EEE-4063-8C28-28E50F30BF2E}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{E2E948F4-870A-4CB3-A2C5-EC758556582C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E6E4A4FF-24B2-40C4-A0C1-250B5A7A147E}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E75F26C4-ADFA-43B2-9414-92CD30423C0C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EACE2DD4-E118-4763-A62B-AD933AD4E243}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC14CB96-BA26-41A5-8107-1236B3EAD164}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FA23EC9F-99EA-4025-BDA1-6AE4388541C3}" = protocol=58 | dir=out | [email protected],-28546 |
"{FF0333E0-DB34-4D20-AC23-63087374F2FC}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"TCP Query User{0B6EFCD9-A63D-4701-BC45-C39B5364F15D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{3743CEDA-512C-476C-900E-91E59BB5D301}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"TCP Query User{623BA802-E6B0-41C9-B8F6-9A588672C6B7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{6E7D1A12-FCBA-47EF-A13C-FD6CE97F674C}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{6EB113AF-8C8D-4B16-8727-54FA95A3C94D}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{7BD84D67-E96C-4BC4-9B1D-8FEFCBEE75E4}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"TCP Query User{7CDD0AD7-72F9-43BE-8649-D8AEBD201A15}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{7FEE04B3-16D1-49CF-9012-91089B08E783}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{82B8FF7C-74C2-4F76-AB90-E63B0982BD5A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{BF8E9CE7-0F88-4DCE-AD68-8D4C4A94A396}H:\setup\data\codwawmp.exe" = protocol=6 | dir=in | app=h:\setup\data\codwawmp.exe |
"TCP Query User{CD4381F6-ADB0-4FBE-8F46-1FDE95A131D6}C:\program files (x86)\activision\call of duty - world at war\codwawmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"TCP Query User{D2CCD13F-368B-438E-8F3F-63F161B494E3}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{E56F7CE1-1E8F-4EA2-9BC9-BE1A1F5974F4}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{1FFA1774-4097-43AC-BEEC-3CF10E47693F}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{213F2BFE-D3DE-41E9-880F-CE487DE65863}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{3F79A822-7EFF-4B63-9691-CC6A18A40256}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{71A0170D-D319-4C54-A2E6-0873781FAE3F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{85DD409F-825C-4DC7-8B0B-858876BE32B4}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{9113F276-7A22-46C6-9873-E3B509295AF5}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{A46A6897-36A7-473C-828C-16D182FCB90B}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"UDP Query User{BFEEA5D2-A006-464B-B6C2-326E3350135C}C:\program files (x86)\activision\call of duty - world at war\codwawmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"UDP Query User{E1BBBC82-CE04-435C-A0A3-5E4DF061B69D}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"UDP Query User{E5992424-31AD-4025-A287-0418DFFA0E94}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{EEAC1421-85BB-482E-A6C7-D9726825CF45}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{F864C063-D9CA-4C6D-B2A4-47F59C12968E}H:\setup\data\codwawmp.exe" = protocol=17 | dir=in | app=h:\setup\data\codwawmp.exe |
"UDP Query User{FF6B32A0-6BE3-408F-B5B9-50D293941198}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}" = iTunes
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{98BB5224-BC5D-4028-9D20-536C1C263AA9}" = Classic Shell
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15E36881-D2F0-4730-B51C-4BE85647F702}" = Antec CC
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812SEA}_is1" = World of Tanks
"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8CF25D78-1DA6-4206-B0CE-5FA8155E36E0}" = Antec CC Driver x64
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.302
"{FFF14233-FE39-4671-A38E-76FD8F24A879}" = e-tax 2013
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"avast" = avast! Free Antivirus
"EVE" = EVE Online (remove only)
"GameTracker Lite" = GameTracker Lite
"Google Chrome" = Google Chrome
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28/03/2014 4:04:54 AM | Computer Name = Craig | Source = MsiInstaller | ID = 1013
Description =
 
Error - 31/03/2014 4:00:23 AM | Computer Name = Craig | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.2.9200.16628 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1350    Start
 Time: 01cf4cb4de6d0791    Termination Time: 0    Application Path: C:\Windows\Explorer.EXE

Report
 Id: 7f574aaa-b8aa-11e3-be91-bc5ff4d5a3ad    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 31/03/2014 4:00:59 AM | Computer Name = Craig | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.2.9200.16628 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 20    Start
 Time: 01cf4cb7449819e7    Termination Time: 0    Application Path: C:\Windows\explorer.exe

Report
 Id: 96c4e034-b8aa-11e3-be91-bc5ff4d5a3ad    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 31/03/2014 1:30:55 PM | Computer Name = Craig | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.2.9200.16628 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1040    Start
 Time: 01cf4cb75a39e304    Termination Time: 0    Application Path: C:\Windows\explorer.exe

Report
 Id: 3552d28a-b8fa-11e3-be91-bc5ff4d5a3ad    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 1/04/2014 4:53:50 AM | Computer Name = Craig | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.2.9200.16628 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1a34    Start
 Time: 01cf4d06f8d235d8    Termination Time: 0    Application Path: C:\Windows\explorer.exe

Report
 Id: 2381e133-b97b-11e3-be91-bc5ff4d5a3ad    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 1/04/2014 5:25:35 AM | Computer Name = Craig | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.2.9200.16628 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1928    Start
 Time: 01cf4d87e705d828    Termination Time: 0    Application Path: C:\Windows\explorer.exe

Report
 Id: 92f56380-b97f-11e3-be91-bc5ff4d5a3ad    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 1/04/2014 5:29:17 AM | Computer Name = Craig | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.2.9200.16628 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 18c8    Start
 Time: 01cf4d8c5664c901    Termination Time: 0    Application Path: C:\Windows\explorer.exe

Report
 Id: 173ba9fb-b980-11e3-be91-bc5ff4d5a3ad    Faulting package full name:     Faulting package-relative
 application ID:  
 
Error - 2/04/2014 8:29:11 PM | Computer Name = Craig | Source = Windows Installer 3.1 | ID = 921877
Description =
 
Error - 6/04/2014 8:51:12 AM | Computer Name = Craig | Source = Bonjour Service | ID = 100
Description = Timed out waiting for acknowledgement of machine sleep
 
Error - 7/04/2014 11:03:41 PM | Computer Name = Craig | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16843 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1050    Start
 Time: 01cf52d6b3260e03    Termination Time: 0    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id: 5f8946f5-beca-11e3-be94-bc5ff4d5a3ad    Faulting package
 full name:     Faulting package-relative application ID:  
 
[ System Events ]
Error - 1/04/2014 5:26:51 AM | Computer Name = Craig | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error:   %%1053
 
Error - 1/04/2014 5:26:51 AM | Computer Name = Craig | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error:   %%1053
 
Error - 1/04/2014 5:29:32 AM | Computer Name = Craig | Source = Service Control Manager | ID = 7000
Description = The Group Policy Client service failed to start due to the following
 error:   %%1053
 
Error - 1/04/2014 5:29:34 AM | Computer Name = Craig | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 1/04/2014 5:29:34 AM | Computer Name = Craig | Source = Service Control Manager | ID = 7000
Description = The Group Policy Client service failed to start due to the following
 error:   %%1053
 
Error - 1/04/2014 5:29:39 AM | Computer Name = Craig | Source = Service Control Manager | ID = 7038
Description = The avast! Antivirus service was unable to log on as NT AUTHORITY\SYSTEM
 with the currently configured password due to the following error:   %%50    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 1/04/2014 5:29:39 AM | Computer Name = Craig | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error:   %%1069
 
Error - 1/04/2014 5:30:10 AM | Computer Name = Craig | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
 
Error - 1/04/2014 5:34:55 AM | Computer Name = Craig | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 1/04/2014 5:34:55 AM | Computer Name = Craig | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >


  • 0

#4
RKinner
Posted 07 April 2014 - 11:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
I'm not seeing any malware.  The fixlist is just removing some remnants.
 
The one error I see that looks like it could cause real problems is:
 
Error: (04/06/2014 05:27:48 PM) (Source: usbehci) (User: )
Description: A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.

 

 
This is a known problem with Windows 8.  The work-around is to specify that the wireless use  G instead of using N.  See the discussion at:
 
You need a new Nvidia driver.  The one you have is causing problems.
 
Let's run Speccy and Process Explorer and see if we find other problems:
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
 
 
et Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 

 


  • 0

#5
spooke25
Posted 08 April 2014 - 07:34 PM

spooke25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Once again thanks for your time. I have just downloaded the latest driver for my graphics card so hopefully that will fix the problem you mentioned.

Not sure how to go about fixing the problem with the timeout but I can work on that when I have this sorted.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by spooke at 2014-04-09 10:12:29 Run:1
Running from C:\Users\spooke\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => "C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll" File Not Found
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
 

*****************
"C:\\PROGRA~2\\NVIDIA~1\\3DVISI~1\\NVSTIN~1.DLL" => Value Data removed successfully.
"C:\\PROGRA~2\\NVIDIA~1\\3DVISI~1\\nvStInit.dll" => Value Data removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
==== End of Fixlog ====

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe  1,104 K 3,912 K 1968 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ClassicStartMenu.exe  2,660 K 8,044 K 6440 Classic Start Menu IvoSoft (No signature was present in the subject) IvoSoft
dasHost.exe  816 K 3,708 K 2088   
FlashUtil_ActiveX.exe  3,308 K 8,664 K 6596 Adobe® Flash® Player Utility Adobe Systems Incorporated (Verified) Microsoft Windows
jusched.exe  1,036 K 4,252 K 5568 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
LiveComm.exe Suspended 16,088 K 13,592 K 3148 Communications Service Microsoft Corporation (Verified) Microsoft Corporation
lsass.exe  6,672 K 13,412 K 784 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LVPrS64H.exe  1,268 K 4,668 K 2332   
mbamscheduler.exe  7,244 K 12,440 K 2356 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamservice.exe  169,600 K 157,900 K 2700 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mDNSResponder.exe  1,540 K 5,036 K 2008 Bonjour Service Apple Inc. (Verified) Apple Inc.
notepad.exe  1,432 K 7,448 K 748   
notepad.exe  1,852 K 7,712 K 2752 Notepad Microsoft Corporation (Verified) Microsoft Windows
nvSCPAPISvr.exe  2,564 K 5,936 K 976 Stereo Vision Control Panel API Server NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe  2,204 K 6,884 K 952 NVIDIA Driver Helper Service, Version 311.06 NVIDIA Corporation (Verified) NVIDIA Corporation
nvxdsync.exe  5,148 K 15,560 K 1276   
ONENOTEM.EXE  2,316 K 1,796 K 6524 Send to OneNote Tool Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe  2,316 K 7,532 K 472 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RuntimeBroker.exe  4,032 K 13,668 K 7060 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
services.exe  5,304 K 11,776 K 740   
SkypeC2CAutoUpdateSvc.exe  1,232 K 4,560 K 2040 Updates Skype Click to Call Microsoft Corporation (Verified) Skype Software Sarl
SkypeC2CPNRSvc.exe  1,960 K 5,680 K 1552 Phone Number Recognition (PNR) module Microsoft Corporation (Verified) Skype Software Sarl
smss.exe  308 K 1,024 K 440   
spoolsv.exe  3,320 K 9,244 K 1712 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,172 K 11,780 K 2952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,872 K 14,224 K 3372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,548 K 5,688 K 7148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  9,996 K 31,568 K 840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  20,668 K 30,180 K 1776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  11,560 K 26,796 K 604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  4,772 K 9,764 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  19,400 K 32,924 K 1228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  33,632 K 63,836 K 388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  76,780 K 69,100 K 2972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhostex.exe  24,276 K 28,236 K 2296 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TiWorker.exe  5,324 K 7,228 K 6384   
TrustedInstaller.exe  1,632 K 4,704 K 3420 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,100 K 4,204 K 680   
winlogon.exe  1,208 K 5,060 K 2372   
WmiPrvSE.exe  17,144 K 22,544 K 5824   
WUDFHost.exe  1,520 K 5,588 K 3544   
csrss.exe < 0.01 2,184 K 5,012 K 588   
nvvsvc.exe < 0.01 3,424 K 10,584 K 5268   
iexplore.exe < 0.01 42,784 K 75,064 K 2884 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
COCIManager.exe < 0.01 2,072 K 6,792 K 4400 Camera Control Interface Logitech Inc. (Verified) Logitech Inc
GoogleToolbarNotifier.exe < 0.01 2,120 K 1,268 K 756 GoogleToolbarNotifier Google Inc. (Verified) Google Inc
officeclicktorun.exe < 0.01 21,468 K 37,640 K 1688 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
audiodg.exe < 0.01 6,980 K 8,356 K 40   
PnkBstrA.exe < 0.01 1,976 K 5,992 K 2876   
SearchIndexer.exe < 0.01 35,352 K 38,572 K 3604 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe < 0.01 3,748 K 11,004 K 1988 YSLoader.exe Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 3,720 K 12,528 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 17,952 K 31,980 K 356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe < 0.01 16,768 K 39,876 K 4100 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe < 0.01 16,356 K 16,648 K 4596 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
LWS.exe < 0.01 6,664 K 15,164 K 1032 Camera Software Logitech Inc. (Verified) Logitech Inc
GoogleToolbarUser_32.exe < 0.01 5,932 K 13,516 K 5616 Google Toolbar Broker Google Inc. (Verified) Google Inc
explorer.exe < 0.01 52,716 K 117,664 K 4260 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe < 0.01 97,320 K 45,144 K 1320 avast! Service AVAST Software (Verified) AVAST Software a.s.
LVPrcSrv.exe 0.01 1,804 K 5,692 K 2304 Logitech LVPrcSrv Module. Logitech Inc. (Verified) Logitech Inc
mbam.exe 0.02 25,168 K 39,532 K 5656   
csrss.exe 0.02 2,020 K 5,964 K 2660   
dwm.exe 0.02 37,272 K 56,056 K 3132   
nvtray.exe 0.02 31,012 K 37,180 K 6352 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
System 0.05 160 K 16,904 K 4   
iexplore.exe 0.06 209,680 K 251,276 K 4744 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.07 106,076 K 149,684 K 4836 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
GSInGameService.exe 0.08 4,404 K 8,056 K 2104 GSInGameService ClanServers Hosting LLC (Verified) Clan Servers Hosting LLC
Interrupts 0.17 0 K 0 K n/a Hardware Interrupts and DPCs  
procexp64.exe 0.34 22,884 K 51,264 K 5720 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
System Idle Process 99.12 0 K 20 K 0   

 

 

Attached File  CRAIG.txt   217.86KB   144 downloads


  • 0

#6
RKinner
Posted 08 April 2014 - 11:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Looks pretty good.  Temps are really low and Hard drive has no errors.  Just make sure you don't have both the wireless and wired Ethernet working at the same time.

You can uninstall Speccy now.

 

Process Explorer looks good.  Very little load on the system.  It should be really quick.

 

I would like to clear the alarms, reboot and run VEW to see if we still have problems.  Not sure if my procedure will work on Win 8 but we can try:

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


  • 0

#7
spooke25
Posted 09 April 2014 - 02:07 AM

spooke25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I ran both as you said and these are the logs.

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 09/04/2014 6:06:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/04/2014 7:59:39 AM
Type: Information Category: 0
Event: 7045 Source: Service Control Manager
A service was installed in the system.  Service Name:  MBAMSwissArmy Service File Name:  C:\Windows\system32\drivers\MBAMSwissArmy.sys Service Type:  kernel mode driver Service Start Type:  demand start Service Account: 

Log: 'System' Date/Time: 09/04/2014 7:59:30 AM
Type: Information Category: 1101
Event: 7001 Source: Microsoft-Windows-Winlogon
User Log-on Notification for Customer Experience Improvement Program

Log: 'System' Date/Time: 09/04/2014 7:59:04 AM
Type: Information Category: 0
Event: 1 Source: Microsoft-Windows-Power-Troubleshooter
The system has returned from a low power state.  Sleep Time: ?2014?-?04?-?09T07:56:19.974004400Z Wake Time: ?2014?-?04?-?09T07:59:02.953050200Z  Wake Source: Unknown

Log: 'System' Date/Time: 09/04/2014 7:59:02 AM
Type: Information Category: 0
Event: 27 Source: Microsoft-Windows-Kernel-Boot
The boot type was 0x1.

Log: 'System' Date/Time: 09/04/2014 7:59:02 AM
Type: Information Category: 0
Event: 25 Source: Microsoft-Windows-Kernel-Boot
The boot menu policy was 0x1.

Log: 'System' Date/Time: 09/04/2014 7:59:02 AM
Type: Information Category: 0
Event: 32 Source: Microsoft-Windows-Kernel-Boot
The bootmgr spent 0 ms waiting for user input.

Log: 'System' Date/Time: 09/04/2014 7:59:02 AM
Type: Information Category: 0
Event: 18 Source: Microsoft-Windows-Kernel-Boot
There are 0x1 boot options on this system.

Log: 'System' Date/Time: 09/04/2014 7:59:01 AM
Type: Information Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-General
The system time has changed to ?2014?-?04?-?09T07:59:01.500000000Z from ?2014?-?04?-?09T07:56:29.701046700Z.  Change Reason: System time synchronized with the hardware clock.

Log: 'System' Date/Time: 09/04/2014 7:56:21 AM
Type: Information Category: 64
Event: 42 Source: Microsoft-Windows-Kernel-Power
The system is entering sleep.  Sleep Reason: Application API

Log: 'System' Date/Time: 09/04/2014 7:56:19 AM
Type: Information Category: 1102
Event: 7002 Source: Microsoft-Windows-Winlogon
User Log-off Notification for Customer Experience Improvement Program

Log: 'System' Date/Time: 09/04/2014 7:56:15 AM
Type: Information Category: 0
Event: 1074 Source: User32
The process Explorer.EXE has initiated the power off of computer CRAIG on behalf of user Craig\spooke for the following reason: Other (Unplanned)  Reason Code: 0x0  Shutdown Type: power off  Comment:

Log: 'System' Date/Time: 09/04/2014 7:55:52 AM
Type: Information Category: 104
Event: 104 Source: Microsoft-Windows-Eventlog
The Application log file was cleared.

Log: 'System' Date/Time: 09/04/2014 7:19:15 AM
Type: Information Category: 0
Event: 7045 Source: Service Control Manager
A service was installed in the system.  Service Name:  MBAMWebAccessControl Service File Name:  C:\Windows\system32\drivers\mwac.sys Service Type:  kernel mode driver Service Start Type:  demand start Service Account: 

Log: 'System' Date/Time: 09/04/2014 7:19:11 AM
Type: Information Category: 0
Event: 7045 Source: Service Control Manager
A service was installed in the system.  Service Name:  MBAMSwissArmy Service File Name:  C:\Windows\system32\drivers\MBAMSwissArmy.sys Service Type:  kernel mode driver Service Start Type:  demand start Service Account: 

Log: 'System' Date/Time: 09/04/2014 2:13:14 AM
Type: Information Category: 0
Event: 7045 Source: Service Control Manager
A service was installed in the system.  Service Name:  PnkBstrB Service File Name:  C:\Windows\system32\PnkBstrB.exe Service Type:  user mode service Service Start Type:  auto start Service Account:  LocalSystem

Log: 'System' Date/Time: 09/04/2014 2:12:17 AM
Type: Information Category: 0
Event: 7045 Source: Service Control Manager
A service was installed in the system.  Service Name:  PnkBstrB Service File Name:  C:\Windows\system32\PnkBstrB.exe Service Type:  user mode service Service Start Type:  auto start Service Account:  LocalSystem

Log: 'System' Date/Time: 09/04/2014 2:00:00 AM
Type: Information Category: 0
Event: 6013 Source: EventLog
The system uptime is 82841 seconds.

Log: 'System' Date/Time: 09/04/2014 1:34:19 AM
Type: Information Category: 0
Event: 16 Source: Microsoft-Windows-Kernel-General
The access history in hive \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2403232998-3213391607-3185536033-1003-0-ntuser.dat was cleared updating 0 keys and creating 0 modified pages.

Log: 'System' Date/Time: 09/04/2014 1:34:19 AM
Type: Information Category: 0
Event: 16 Source: Microsoft-Windows-Kernel-General
The access history in hive \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-20-0-ntuser.dat was cleared updating 0 keys and creating 0 modified pages.

Log: 'System' Date/Time: 09/04/2014 1:34:19 AM
Type: Information Category: 0
Event: 16 Source: Microsoft-Windows-Kernel-General
The access history in hive \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-19-0-ntuser.dat was cleared updating 0 keys and creating 0 modified pages.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 09/04/2014 6:07:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/04/2014 8:04:10 AM
Type: Information Category: 1
Event: 103 Source: ESENT
msiexec (1292) Instance: The database engine stopped the instance (0).    Dirty Shutdown: 0    Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.

Log: 'Application' Date/Time: 09/04/2014 8:04:10 AM
Type: Information Category: 1
Event: 327 Source: ESENT
msiexec (1292) Instance: The database engine detached a database (1, C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb). (Time=0 seconds)    Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.016, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.031, [12] 0.016.  Revived Cache: 0

Log: 'Application' Date/Time: 09/04/2014 7:59:31 AM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <AUInstallAgent> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 09/04/2014 7:59:31 AM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 09/04/2014 7:59:31 AM
Type: Information Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <AUInstallAgent> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 09/04/2014 7:59:30 AM
Type: Information Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 09/04/2014 7:59:09 AM
Type: Information Category: 1
Event: 326 Source: ESENT
msiexec (1292) Instance: The database engine attached a database (1, C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb). (Time=0 seconds)    Internal Timing Sequence: [1] 0.000, [2] 0.016, [3] 0.015, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000.  Saved Cache: 1

Log: 'Application' Date/Time: 09/04/2014 7:59:09 AM
Type: Information Category: 1
Event: 105 Source: ESENT
msiexec (1292) Instance: The database engine started a new instance (0). (Time=0 seconds)    Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.016, [4] 0.031, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.

Log: 'Application' Date/Time: 09/04/2014 7:59:09 AM
Type: Information Category: 1
Event: 102 Source: ESENT
msiexec (1292) Instance: The database engine (6.02.9200.0000) is starting a new instance (0).

Log: 'Application' Date/Time: 09/04/2014 7:56:19 AM
Type: Information Category: 0
Event: 9009 Source: Desktop Window Manager
The Desktop Window Manager has exited with code (0xd00002fe)

Log: 'Application' Date/Time: 09/04/2014 7:56:19 AM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 09/04/2014 7:56:19 AM
Type: Information Category: 0
Event: 3 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 09/04/2014 7:56:18 AM
Type: Information Category: 0
Event: 3 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 09/04/2014 7:56:18 AM
Type: Information Category: 0
Event: 3 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 09/04/2014 7:56:16 AM
Type: Information Category: 0
Event: 3 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 09/04/2014 7:56:16 AM
Type: Information Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> was unavailable to handle a critical notification event.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/04/2014 7:56:19 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   5 user registry handles leaked from \Registry\User\S-1-5-21-2403232998-3213391607-3185536033-1003_Classes:
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 09/04/2014 7:56:19 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   53 user registry handles leaked from \Registry\User\S-1-5-21-2403232998-3213391607-3185536033-1003:
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 3552 (\Device\HarddiskVolume2\Windows\System32\conhost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\Disallowed
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\Disallowed
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\Disallowed
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\Disallowed
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\My
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\TrustedPeople
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\TrustedPeople
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\TrustedPeople
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\CA
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\CA
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\CA
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\CA
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\Root
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\Root
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\Root
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\Root
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Policies\Microsoft\SystemCertificates
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\trust
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\trust
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\trust
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\trust
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 840 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 784 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1320 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2403232998-3213391607-3185536033-1003\Software\Microsoft\SystemCertificates\SmartCardRoot

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP