Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign

Started by rocket-ron , Apr 30 2014 02:22 PM

Windows 8 AVG Crack.UX d:\3d\max9keygen.exe

This topic is locked

#1 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #1$
rocket-ron

Posted 30 April 2014 - 02:22 PM

Member

Member
42 posts

Dear Geek,

I have recently been getting a number of alerts from AVG about harmful threats. This is on my Windows 8 environment. I have investigating a new job area of data scientist and hence have needed to look on a number of websites and downloading software, the latter I believe are alll well know open source software programs (RapidMiner, Oracle Virtual box, BlueJ, etc)

1) AVG has detected the following threats (details below) and I have allowed it to remove them, but the first one I removed did not prevent these further ones, I did not record the name of the first one.

2) Malwarebytes I have run and got it to remove items, the log is below.

3) Ran OTL and copied the log in below.

It would be great if someone could help me clean up my machine and give any additional advice on staying clean, if possible.

Thanks you very much in advance for you help.

Kind regards,

rocket-ron

AVG detected and remove all used within AVG

============================================

2 x Crack.UX (d:\3d\max9keygen.exe)

1 x MalSign.InstallBrain.5BA (c:\Windows\System32\robot64.exe

Malwarebytes has detected 8 objects, which I have asked it to remove (log below)

=====================================================================

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.30.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16863
Kiran :: RON-HAL [administrator]

30/04/2014 16:35:03
MBAM-log-2014-04-30 (21-13-25).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1015208
Time elapsed: 4 hour(s), 37 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Kiran\AppData\Local\Temp\BEj6w9YR.exe.part (PUP.Optional.Ibryte) -> No action taken.
D:\$RECYCLE.BIN\S-1-5-21-280055749-1860663235-353711739-1003\$RAX3IS2.exe (PUP.Optional.Installex) -> No action taken.
D:\Kiran\Downloads\winamp561_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> No action taken.
D:\Kiran\Downloads\winamp563_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> No action taken.

(end)

OTL.txt log is below run as suggested from GeekstoGo website

=======================================================

OTL logfile created on: 30/04/2014 21:02:41 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Kiran\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16863)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

31.95 Gb Total Physical Memory | 23.28 Gb Available Physical Memory | 72.87% Memory free
36.37 Gb Paging File | 19.02 Gb Available in Paging File | 52.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.23 Gb Total Space | 80.42 Gb Free Space | 36.03% Space Free | Partition Type: NTFS
Drive D: | 2794.39 Gb Total Space | 2594.20 Gb Free Space | 92.84% Space Free | Partition Type: NTFS

Computer Name: RON-HAL | User Name: Kiran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/30 20:55:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Kiran\Downloads\OTL(1).exe
PRC - [2014/04/27 11:25:19 | 002,556,744 | ---- | M] () -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
PRC - [2014/04/27 11:25:19 | 001,793,536 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
PRC - [2014/04/27 11:25:19 | 000,158,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
PRC - [2014/04/18 15:22:28 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/04/14 21:00:03 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014/04/14 20:59:23 | 001,923,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
PRC - [2014/04/14 20:59:19 | 025,701,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/04/09 10:51:38 | 022,415,104 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/04/07 20:34:25 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Kiran\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/04/06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/04/02 02:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/01 10:25:26 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/04/01 03:16:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/02/07 11:41:21 | 012,641,632 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2014/02/07 11:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2014/02/07 11:25:16 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2014/01/20 11:47:22 | 000,174,472 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\BlueJ\jdk\jre\bin\java.exe
PRC - [2014/01/03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kiran\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/19 12:17:58 | 000,145,685 | ---- | M] () -- C:\Program Files\RapidMiner\RapidMiner Studio\RapidMiner Studio.exe
PRC - [2013/12/10 03:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/11/23 17:45:33 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/10/31 12:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 12:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/10/21 22:29:40 | 000,581,120 | ---- | M] () -- C:\Program Files (x86)\BlueJ\BlueJ.exe
PRC - [2013/10/01 20:09:06 | 000,928,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/10/01 20:08:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
PRC - [2013/10/01 20:08:04 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2013/10/01 16:29:04 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2013/08/09 14:53:42 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/07/28 13:18:38 | 001,744,896 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2013/07/05 02:36:02 | 000,762,368 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/16 15:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/01/14 01:41:25 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2013/01/12 01:58:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/12/03 08:38:26 | 005,809,664 | ---- | M] (Tinn-R Team) -- D:\Tinn-R\bin\Tinn-R.exe
PRC - [2012/11/16 18:32:40 | 002,150,400 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar Xense Audio\Customapp\AsusAudioCenter.exe
PRC - [2012/11/01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/11/01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/11/01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012/08/13 10:57:02 | 000,103,936 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
PRC - [2012/06/28 16:41:58 | 002,206,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2010/10/06 23:03:12 | 007,121,952 | ---- | M] (Rosetta Stone Ltd. ) -- C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
PRC - [2010/08/24 10:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008/08/22 17:22:30 | 000,547,096 | ---- | M] (Rosetta Stone Ltd. ) -- C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
PRC - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
PRC - [2007/10/03 14:02:44 | 002,976,256 | ---- | M] (WinEdt Team) -- C:\Program Files (x86)\WinEdt Team\WinEdt\WinEdt.exe

========== Modules (No Company Name) ==========

MOD - [2014/04/30 14:57:01 | 000,016,384 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\nsw2A5.tmp\System.dll
MOD - [2014/04/29 14:39:05 | 000,184,320 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\wrd17641fc4.~lk\2.mdd
MOD - [2014/04/29 14:39:05 | 000,163,840 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\wrd17641fc4.~lk\5.mdd
MOD - [2014/04/29 14:39:05 | 000,114,688 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\wrd17641fc4.~lk\1.mdd
MOD - [2014/04/29 14:39:05 | 000,110,592 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\wrd17641fc4.~lk\0.mdd
MOD - [2014/04/29 14:39:05 | 000,102,400 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\wrd17641fc4.~lk\3.mdd
MOD - [2014/04/29 14:39:05 | 000,090,112 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\wrd17641fc4.~lk\4.mdd
MOD - [2014/04/27 11:25:19 | 002,556,744 | ---- | M] () -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
MOD - [2014/04/27 11:25:19 | 000,518,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
MOD - [2014/04/25 12:18:10 | 001,175,040 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\wx._core_.pyd
MOD - [2014/04/25 12:18:10 | 001,159,680 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\_ssl.pyd
MOD - [2014/04/25 12:18:10 | 001,062,400 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\wx._controls_.pyd
MOD - [2014/04/25 12:18:10 | 000,811,008 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\wx._windows_.pyd
MOD - [2014/04/25 12:18:10 | 000,805,888 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\wx._gdi_.pyd
MOD - [2014/04/25 12:18:10 | 000,735,232 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\wx._misc_.pyd
MOD - [2014/04/25 12:18:10 | 000,713,216 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\_hashlib.pyd
MOD - [2014/04/25 12:18:10 | 000,686,080 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\unicodedata.pyd
MOD - [2014/04/25 12:18:10 | 000,557,056 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\pysqlite2._sqlite.pyd
MOD - [2014/04/25 12:18:10 | 000,525,640 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\windows._lib_cacheinvalidation.pyd
MOD - [2014/04/25 12:18:10 | 000,364,544 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\pythoncom27.dll
MOD - [2014/04/25 12:18:10 | 000,320,512 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32com.shell.shell.pyd
MOD - [2014/04/25 12:18:10 | 000,167,936 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32gui.pyd
MOD - [2014/04/25 12:18:10 | 000,128,512 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\_elementtree.pyd
MOD - [2014/04/25 12:18:10 | 000,127,488 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\pyexpat.pyd
MOD - [2014/04/25 12:18:10 | 000,122,368 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\wx._wizard.pyd
MOD - [2014/04/25 12:18:10 | 000,119,808 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32file.pyd
MOD - [2014/04/25 12:18:10 | 000,110,080 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\pywintypes27.dll
MOD - [2014/04/25 12:18:10 | 000,108,544 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32security.pyd
MOD - [2014/04/25 12:18:10 | 000,098,816 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32api.pyd
MOD - [2014/04/25 12:18:10 | 000,087,552 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\_ctypes.pyd
MOD - [2014/04/25 12:18:10 | 000,078,336 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\wx._animate.pyd
MOD - [2014/04/25 12:18:10 | 000,070,656 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\wx._html2.pyd
MOD - [2014/04/25 12:18:10 | 000,045,568 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\_socket.pyd
MOD - [2014/04/25 12:18:10 | 000,038,912 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32inet.pyd
MOD - [2014/04/25 12:18:10 | 000,035,840 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32process.pyd
MOD - [2014/04/25 12:18:10 | 000,027,136 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\_multiprocessing.pyd
MOD - [2014/04/25 12:18:10 | 000,025,600 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32pdh.pyd
MOD - [2014/04/25 12:18:10 | 000,024,064 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32pipe.pyd
MOD - [2014/04/25 12:18:10 | 000,022,528 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32ts.pyd
MOD - [2014/04/25 12:18:10 | 000,018,432 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32event.pyd
MOD - [2014/04/25 12:18:10 | 000,017,408 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32profile.pyd
MOD - [2014/04/25 12:18:10 | 000,011,264 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\win32crypt.pyd
MOD - [2014/04/25 12:18:10 | 000,010,240 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI78362\select.pyd
MOD - [2014/04/14 20:59:59 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014/04/14 20:58:47 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014/04/02 02:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/02 02:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014/04/02 02:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/02 02:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/02 02:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/02 02:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/02 02:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/04/01 03:16:39 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/28 12:46:43 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V5499e76b#\0bf906a993bcdb323ce39e935f872f7c\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
MOD - [2014/03/28 12:46:40 | 000,371,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf9a08577#\53bda29a7ad9c5a44a96cd5575afc75f\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
MOD - [2014/03/28 12:46:40 | 000,133,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V883708cb#\9557403543028a7c4911c6df308ae3af\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
MOD - [2014/03/28 12:46:03 | 000,046,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O2eb0cc9a#\8772db7b7bf4e9963bd2ce66535bf3f7\Microsoft.Office.Tools.v4.0.Framework.ni.dll
MOD - [2014/03/28 12:46:02 | 001,519,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Oe2e369ff#\2eae9208e52de03a7c0d642b80386b97\Microsoft.Office.Tools.Excel.Implementation.ni.dll
MOD - [2014/03/28 12:46:01 | 000,726,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O4161a3a3#\af01ceacf97fab696b0560a915a5caeb\Microsoft.Office.Tools.Excel.ni.dll
MOD - [2014/03/28 12:46:00 | 000,872,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O4a946565#\7fb05bba1ac3b45988cf2e429ce2d517\Microsoft.Office.Tools.Common.Implementation.ni.dll
MOD - [2014/03/28 12:45:59 | 000,350,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O854200f9#\97d5d9b37cd5cf562fba0fc41311e923\Microsoft.Office.Tools.Common.ni.dll
MOD - [2014/03/28 12:45:59 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O5949707a#\15d6cbd65b4ff1956f6081a62e377661\Microsoft.Office.Tools.ni.dll
MOD - [2014/03/05 20:02:17 | 001,627,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\9505e003b256c3893ccc4ac82effbec0\Microsoft.CSharp.ni.dll
MOD - [2014/03/05 20:02:17 | 000,394,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\268120239ed11036e54428d6f9a6b6ff\System.Dynamic.ni.dll
MOD - [2014/03/05 19:59:39 | 000,731,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\b8fb9af327c975131f452b6a45d2edd1\System.Security.ni.dll
MOD - [2014/03/05 19:46:49 | 007,660,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cfb4f276a4e05e04297b27beac4618f9\System.Xml.ni.dll
MOD - [2014/03/05 19:46:44 | 012,879,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\91b5c159192193e065228a166cea7d8d\System.Windows.Forms.ni.dll
MOD - [2014/03/05 19:46:23 | 001,180,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6f9d34def70aa6992ea3347716e8fd48\System.Management.ni.dll
MOD - [2014/03/05 19:46:22 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\87005b81774b37e11ec0526e519ffa3b\System.Drawing.ni.dll
MOD - [2014/03/05 19:46:20 | 007,330,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\122f40dad6933d53a4a17e5d3fc9a44a\System.Data.ni.dll
MOD - [2014/03/05 19:46:17 | 000,975,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b30f7b2d757095b9640fe15da8cdcb94\System.Configuration.ni.dll
MOD - [2014/03/05 19:45:58 | 007,041,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a6fa46a23da4558deea385549ef12583\System.Core.ni.dll
MOD - [2014/03/05 19:45:54 | 010,050,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\aa1526c0219d42c18e31aa6bb4cdec70\System.ni.dll
MOD - [2014/03/05 19:45:49 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll
MOD - [2014/03/05 19:45:49 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\ba7d05c56917cbdb5b6790a944027dd1\Accessibility.ni.dll
MOD - [2014/01/03 01:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Kiran\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/19 12:17:58 | 000,145,685 | ---- | M] () -- C:\Program Files\RapidMiner\RapidMiner Studio\RapidMiner Studio.exe
MOD - [2013/11/23 17:45:33 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/10/31 12:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/10/21 22:29:40 | 000,581,120 | ---- | M] () -- C:\Program Files (x86)\BlueJ\BlueJ.exe
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Kiran\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/13 11:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/02/02 12:17:08 | 001,737,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
MOD - [2013/02/02 12:17:08 | 000,623,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jnetlib.w5s
MOD - [2013/02/02 12:17:08 | 000,417,280 | ---- | M] () -- C:\Program Files (x86)\Winamp\nsutil.dll
MOD - [2013/02/02 12:17:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2013/02/02 12:17:08 | 000,318,976 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
MOD - [2013/02/02 12:17:08 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
MOD - [2013/02/02 12:17:08 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
MOD - [2013/02/02 12:17:08 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
MOD - [2013/02/02 12:17:08 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
MOD - [2013/02/02 12:17:08 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
MOD - [2013/02/02 12:17:08 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
MOD - [2013/02/02 12:17:08 | 000,201,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
MOD - [2013/02/02 12:17:08 | 000,185,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
MOD - [2013/02/02 12:17:08 | 000,174,080 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\auth.w5s
MOD - [2013/02/02 12:17:08 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
MOD - [2013/02/02 12:17:08 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
MOD - [2013/02/02 12:17:08 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jpeg.w5s
MOD - [2013/02/02 12:17:08 | 000,124,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
MOD - [2013/02/02 12:17:08 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
MOD - [2013/02/02 12:17:08 | 000,113,664 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
MOD - [2013/02/02 12:17:08 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
MOD - [2013/02/02 12:17:08 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
MOD - [2013/02/02 12:17:08 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\xml.w5s
MOD - [2013/02/02 12:17:08 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\png.w5s
MOD - [2013/02/02 12:17:08 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\playlist.w5s
MOD - [2013/02/02 12:17:08 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
MOD - [2013/02/02 12:17:08 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Winamp\tataki.dll
MOD - [2013/02/02 12:17:08 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
MOD - [2013/02/02 12:17:08 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
MOD - [2013/02/02 12:17:08 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
MOD - [2013/02/02 12:17:08 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
MOD - [2013/02/02 12:17:08 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Winamp\zlib.dll
MOD - [2013/02/02 12:17:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
MOD - [2013/02/02 12:17:08 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
MOD - [2013/02/02 12:17:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
MOD - [2013/02/02 12:17:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
MOD - [2013/02/02 12:17:08 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
MOD - [2013/02/02 12:17:08 | 000,052,736 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
MOD - [2013/02/02 12:17:08 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
MOD - [2013/02/02 12:17:08 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
MOD - [2013/02/02 12:17:08 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
MOD - [2013/02/02 12:17:08 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\devices.w5s
MOD - [2013/02/02 12:17:08 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
MOD - [2013/02/02 12:17:08 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\timer.w5s
MOD - [2013/02/02 12:17:08 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
MOD - [2013/02/02 12:17:08 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
MOD - [2013/02/02 12:17:08 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
MOD - [2013/02/02 12:17:08 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
MOD - [2013/02/02 12:17:08 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
MOD - [2013/02/02 12:17:08 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
MOD - [2013/02/02 12:17:08 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
MOD - [2013/02/02 12:17:08 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\albumart.w5s
MOD - [2013/02/02 12:17:08 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
MOD - [2013/02/02 12:17:08 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\tagz.w5s
MOD - [2013/02/02 12:17:08 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
MOD - [2013/02/02 12:17:08 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gif.w5s
MOD - [2013/02/02 12:17:08 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\bmp.w5s
MOD - [2013/02/02 12:17:08 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
MOD - [2013/02/02 12:17:08 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
MOD - [2013/02/02 12:17:08 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\dlmgr.w5s
MOD - [2013/02/02 12:17:08 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gracenote.w5s
MOD - [2013/02/02 12:17:08 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\filereader.w5s
MOD - [2013/02/02 12:17:08 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\primo.w5s
MOD - [2013/02/02 12:17:08 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
MOD - [2013/02/02 12:17:07 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\libsndfile.dll
MOD - [2013/02/02 12:17:07 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Winamp\nde.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/08/10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2012/06/06 09:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar Xense Audio\Customapp\VmixP8.dll
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/09/21 21:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011/07/18 22:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
MOD - [2008/08/22 17:22:30 | 000,389,256 | ---- | M] () -- C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\sqlite3.dll
MOD - [2008/08/22 17:22:30 | 000,057,720 | ---- | M] () -- C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\DataInstaller.dll
MOD - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2013/12/10 03:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/10/25 08:34:55 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/10 18:59:10 | 012,897,792 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe -- (MySQL56)
SRV:64bit: - [2013/06/24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2014/04/27 11:25:19 | 001,793,536 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe -- (vToolbarUpdater18.1.0)
SRV - [2014/04/18 15:22:28 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/04/01 03:16:39 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/02/07 11:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013/01/14 01:41:25 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2013/01/12 01:58:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/11/01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/11/01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/11/01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/10/11 18:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 19:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 19:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/06/12 22:16:48 | 000,218,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\SQL_Server\110\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer110)
SRV - [2012/06/12 22:16:06 | 061,538,744 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\SQL_Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService)
SRV - [2012/06/12 22:15:50 | 002,348,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\SQL_Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer)
SRV - [2012/06/12 22:15:46 | 000,608,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\SQL_Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE -- (SQLSERVERAGENT)
SRV - [2012/06/12 22:15:42 | 000,190,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\SQL_Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2012/02/11 11:14:12 | 000,342,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\SQL_Server\SQLx86\110\Tools\DReplayController\DReplayController.exe -- (SQL Server Distributed Replay Controller)
SRV - [2012/02/11 11:14:12 | 000,137,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\SQL_Server\SQLx86\110\Tools\DReplayClient\DReplayClient.exe -- (SQL Server Distributed Replay Client)
SRV - [2012/02/11 09:55:36 | 000,049,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\SQL_Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher)
SRV - [2006/09/29 13:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/27 11:25:19 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/04/18 15:01:56 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/03/31 16:06:48 | 000,274,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014/03/31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/03/27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/03/27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/03/27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/03/27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/03/27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/12/18 18:16:44 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/12/05 09:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/10/25 08:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/24 23:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/24 08:10:34 | 000,097,768 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/09/04 15:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013/08/16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/25 06:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/01 13:41:38 | 000,446,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012/11/30 14:32:20 | 002,734,080 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2012/11/27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/11/01 03:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/11/01 03:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/11/01 03:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/11/01 03:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/11/01 03:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012/10/24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 18:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/10/11 18:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012/10/11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/09/20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 23:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/29 03:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/06/02 15:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX)
DRV:64bit: - [2012/02/11 08:59:34 | 000,334,936 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\RsFx0200.sys -- (RsFx0200)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/04/12 09:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 40 50 5A 3C 5F CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.50.4: C:\Users\Kiran\AppData\Local\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/01 03:16:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/01 03:16:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/01 03:16:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/01 03:16:37 | 000,000,000 | ---D | M]

[2013/01/11 03:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiran\AppData\Roaming\mozilla\Extensions
[2014/03/28 12:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiran\AppData\Roaming\mozilla\Firefox\Profiles\vheyhumz.default\extensions
[2013/05/04 18:02:15 | 000,001,304 | ---- | M] () -- C:\Users\Kiran\AppData\Roaming\mozilla\firefox\profiles\vheyhumz.default\searchplugins\holasearch.xml
[2014/04/25 01:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/01 03:16:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/11 13:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/08/11 00:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/08/11 13:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/08/11 13:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/08/11 13:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2012/06/28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/08/11 00:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.holasearc...6603085A98CE5FE
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - Extension: Google Docs = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: AVG Nation Toolbar = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\18.1.0.443_0\
CHR - Extension: Google Wallet = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Reg Error: Value error.) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - Reg Error: Value error. File not found
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Nation toolbar\vprot.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913b] C:\Users\Kiran\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid cc01988a524147d09dced1191024e9fb-79ab9ac31da1201f6150bd4f2592ebfe6f0c6bbf --CMPID 0913b File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe (Oracle Corporation)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Kiran\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Spotify] C:\Users\Kiran\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Kiran\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kiran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: lloydstsb.co.uk ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: lloydstsb.com ([]* in Local intranet)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...-131_03-win.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} http://java.sun.com/...-131_03-win.cab (Java Plug-in 1.3.1_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B903C76-883B-4F06-9962-CDBAABBCD658}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = "F:\autorun.exe"
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = "G:\SETUP.EXE"
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = "J:\setup.exe"
O33 - MountPoints2\J\Shell\odbcdrv\command - "" = odbcdrv\setup.exe
O33 - MountPoints2\J\Shell\sas\command - "" = J:\sas\setup.exe
O33 - MountPoints2\J\Shell\sasview\command - "" = J:\sasview\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/30 21:02:17 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/04/30 11:32:59 | 000,000,000 | ---D | C] -- C:\Users\Kiran\bluej
[2014/04/30 11:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueJ
[2014/04/30 11:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueJ
[2014/04/27 11:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/04/25 17:02:03 | 000,000,000 | ---D | C] -- C:\Users\Kiran\AppData\Local\Apps
[2014/04/18 15:01:56 | 000,237,336 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014/04/01 10:32:00 | 000,000,000 | ---D | C] -- C:\VirtualBox
[2014/04/01 09:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/01 03:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2014/04/30 20:43:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/30 16:30:24 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/30 11:31:52 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/30 11:29:24 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\BlueJ.lnk
[2014/04/27 11:25:19 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/04/25 01:49:23 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/25 01:42:56 | 001,101,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/25 01:42:56 | 000,896,056 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/25 01:42:56 | 000,208,178 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/25 01:38:15 | 000,519,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/25 01:38:12 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/04/25 01:38:02 | 1671,233,530 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/24 20:20:37 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/04/18 15:01:56 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014/04/16 04:31:06 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/04/16 04:31:06 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/04/16 04:31:06 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk

========== Files Created - No Company Name ==========

[2014/04/30 11:29:24 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\BlueJ.lnk
[2014/04/25 01:38:13 | 000,519,312 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/14 21:02:29 | 000,386,722 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/09/14 13:09:47 | 000,000,477 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/09/14 10:05:56 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/07/05 21:51:26 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013/01/11 23:17:06 | 001,109,286 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 10:28:18 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013/01/09 10:28:18 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013/01/09 10:28:14 | 000,123,043 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013/01/09 10:28:12 | 000,001,041 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2013/01/09 10:28:10 | 000,004,629 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2013/01/09 10:28:09 | 000,000,560 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2012/09/17 16:17:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/01/13 23:47:17 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/01/27 01:31:25 | 019,752,448 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/01/27 01:52:21 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/04 18:38:34 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\aacs
[2013/02/09 13:31:32 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\ASUS
[2013/10/17 19:25:06 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\AVG2014
[2013/10/05 17:54:15 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Canon
[2013/04/09 22:51:54 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Dev-Cpp
[2014/04/30 20:48:41 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Dropbox
[2013/06/30 12:25:58 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Foxit Software
[2013/05/04 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\gnupg
[2013/10/28 12:01:53 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\ICAClient
[2013/09/14 13:11:35 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\MySQL
[2013/09/07 09:24:41 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\NetBeans
[2013/07/12 23:55:27 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Notepad++
[2013/05/28 19:14:36 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\OpenOffice.org
[2013/09/14 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Oracle
[2013/05/04 18:32:11 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\PerformerSoft
[2013/11/17 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\RStudio
[2013/07/05 23:05:00 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Spotify
[2013/08/19 19:22:05 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\SSDQS
[2013/01/17 00:39:15 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\TeamViewer
[2014/04/25 14:22:25 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Tinn-R
[2013/01/12 00:02:57 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\TuneUp Software
[2014/04/25 01:35:55 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\WinEdt

========== Purity Check ==========

< End of report >

#2 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #2$
Valinorum

Posted 01 May 2014 - 03:24 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi rocket-ron,

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
Please do not install any new software while we are working on this system as it may hinder our process.
Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
Please do not try to fix anything without being ask.
Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
If you are confused about any instruction stop and ask. Do not keep on going.
Do not repeat the steps if you face any problems.
I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Those files are part of pirated keygen. From where are you downloading your 3D Max?

Step #1 Fix with AdwCleaner
- Download AdwCleaner by Xplode to your Desktop from the following link.
  - Download Link #1
  - Download Link #2
- Right-click on AdwCleaner.exe and choose Run as administrator;
- Click on Scan and let the program run unhindered;
- When done, click on Clean and allow the system to reboot after it is done;
- A log will be opened automatically after the restart;
- Copy and Paste the contents of this log in your reply.

Step #2 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below.
Download Link 1
Download Link 2
- Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
- Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
- Please be patient as the tool cleans your system;
- After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
- Copy and Paste the contents of the log in your next reply.

Re-run OTL.exe and click on Quick Scan. After the scan, post the log.

Required Log(s):
- AdwCleaner Log;
- Junkware Removal Tool Log;
- OTL.txt

Regards,
Valinorum

#3 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #3$
rocket-ron

Posted 02 May 2014 - 05:19 AM

Member

Topic Starter
Member
42 posts

Hi Valinorum,

Thank you for getting in contact and the help, it is very much appreciated. In the time before your post I upgraded to Windows 8.1. But as advised I will not install any further software. The details of the 3 requested logs are below.

Thanks again,

rocket-ron.

AdwCleaner Report
============================================================================================

# AdwCleaner v3.205 - Report created 02/05/2014 at 11:27:19
# Updated 28/04/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Kiran - RON-HAL
# Running from : D:\Kiran\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Kiran\AppData\Roaming\PerformerSoft
File Deleted : C:\Users\Kiran\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Kiran\AppData\Roaming\Mozilla\Firefox\Profiles\vheyhumz.default\searchplugins\holasearch.xml
File Deleted : C:\Users\Kiran\AppData\Roaming\Mozilla\Firefox\Profiles\vheyhumz.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\530d8d9e669bf10
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Guest_2\AppData\Roaming\Mozilla\Firefox\Profiles\ea1v7ho7.default\prefs.js ]

[ File : C:\Users\Kiran\AppData\Roaming\Mozilla\Firefox\Profiles\vheyhumz.default\prefs.js ]

Line Deleted : user_pref("extensions.holasearch.admin", false);
Line Deleted : user_pref("extensions.holasearch.aflt", "babsst");
Line Deleted : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Line Deleted : user_pref("extensions.holasearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.holasearch.dfltLng", "en");
Line Deleted : user_pref("extensions.holasearch.excTlbr", false);
Line Deleted : user_pref("extensions.holasearch.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.holasearch.id", "8660beca0000000000003085a98ce5fe");
Line Deleted : user_pref("extensions.holasearch.instlDay", "15829");
Line Deleted : user_pref("extensions.holasearch.instlRef", "sst");
Line Deleted : user_pref("extensions.holasearch.newTab", false);
Line Deleted : user_pref("extensions.holasearch.prdct", "holasearch");
Line Deleted : user_pref("extensions.holasearch.prtnrId", "holasearch");
Line Deleted : user_pref("extensions.holasearch.rvrt", "false");
Line Deleted : user_pref("extensions.holasearch.smplGrp", "none");
Line Deleted : user_pref("extensions.holasearch.tlbrId", "base");
Line Deleted : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.holasearch.vrsnTs", "1.8.16.1618:02:15");
Line Deleted : user_pref("extensions.holasearch.vrsni", "1.8.16.16");

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Homepage] : hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=86603085A98CE5FE
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [3711 octets] - [02/05/2014 10:34:53]
AdwCleaner[R1].txt - [3771 octets] - [02/05/2014 11:25:19]
AdwCleaner[S0].txt - [3687 octets] - [02/05/2014 11:27:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3747 octets] ##########

=======================================================================================================================================================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Kiran on 02/05/2014 at 11:46:46.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-280055749-1860663235-353711739-1003\Software\sweetim

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Kiran\AppData\Roaming\mozilla\firefox\profiles\vheyhumz.default\minidumps [17 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/05/2014 at 11:51:17.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

================================================================================================================================================

OTL logfile created on: 02/05/2014 12:09:01 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kiran\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

31.95 Gb Total Physical Memory | 29.75 Gb Available Physical Memory | 93.11% Memory free
36.95 Gb Paging File | 34.64 Gb Available in Paging File | 93.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.23 Gb Total Space | 86.47 Gb Free Space | 38.74% Space Free | Partition Type: NTFS
Drive D: | 2794.39 Gb Total Space | 2593.10 Gb Free Space | 92.80% Space Free | Partition Type: NTFS

Computer Name: RON-HAL | User Name: Kiran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/02 12:08:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kiran\Desktop\OTL(2).exe
PRC - [2014/04/14 21:00:03 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/04/09 10:51:38 | 022,415,104 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/04/06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/04/01 10:25:26 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/04/01 03:16:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/02/07 11:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2014/01/03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kiran\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/10 03:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/10/01 20:09:06 | 000,928,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/10/01 20:08:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
PRC - [2013/10/01 20:08:04 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2013/10/01 16:29:04 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2013/08/09 14:53:42 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/16 15:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/01/14 01:41:25 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2012/11/16 18:32:40 | 002,150,400 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar Xense Audio\Customapp\AsusAudioCenter.exe
PRC - [2012/11/01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/11/01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/11/01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/08/24 10:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/02 11:35:07 | 001,175,040 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\wx._core_.pyd
MOD - [2014/05/02 11:35:07 | 001,159,680 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\_ssl.pyd
MOD - [2014/05/02 11:35:07 | 001,062,400 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\wx._controls_.pyd
MOD - [2014/05/02 11:35:07 | 000,811,008 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\wx._windows_.pyd
MOD - [2014/05/02 11:35:07 | 000,805,888 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\wx._gdi_.pyd
MOD - [2014/05/02 11:35:07 | 000,735,232 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\wx._misc_.pyd
MOD - [2014/05/02 11:35:07 | 000,713,216 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\_hashlib.pyd
MOD - [2014/05/02 11:35:07 | 000,686,080 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\unicodedata.pyd
MOD - [2014/05/02 11:35:07 | 000,557,056 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\pysqlite2._sqlite.pyd
MOD - [2014/05/02 11:35:07 | 000,525,640 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\windows._lib_cacheinvalidation.pyd
MOD - [2014/05/02 11:35:07 | 000,364,544 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\pythoncom27.dll
MOD - [2014/05/02 11:35:07 | 000,320,512 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32com.shell.shell.pyd
MOD - [2014/05/02 11:35:07 | 000,167,936 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32gui.pyd
MOD - [2014/05/02 11:35:07 | 000,128,512 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\_elementtree.pyd
MOD - [2014/05/02 11:35:07 | 000,127,488 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\pyexpat.pyd
MOD - [2014/05/02 11:35:07 | 000,122,368 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\wx._wizard.pyd
MOD - [2014/05/02 11:35:07 | 000,119,808 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32file.pyd
MOD - [2014/05/02 11:35:07 | 000,110,080 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\pywintypes27.dll
MOD - [2014/05/02 11:35:07 | 000,108,544 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32security.pyd
MOD - [2014/05/02 11:35:07 | 000,098,816 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32api.pyd
MOD - [2014/05/02 11:35:07 | 000,087,552 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\_ctypes.pyd
MOD - [2014/05/02 11:35:07 | 000,078,336 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\wx._animate.pyd
MOD - [2014/05/02 11:35:07 | 000,070,656 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\wx._html2.pyd
MOD - [2014/05/02 11:35:07 | 000,045,568 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\_socket.pyd
MOD - [2014/05/02 11:35:07 | 000,038,912 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32inet.pyd
MOD - [2014/05/02 11:35:07 | 000,035,840 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32process.pyd
MOD - [2014/05/02 11:35:07 | 000,027,136 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\_multiprocessing.pyd
MOD - [2014/05/02 11:35:07 | 000,025,600 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32pdh.pyd
MOD - [2014/05/02 11:35:07 | 000,024,064 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32pipe.pyd
MOD - [2014/05/02 11:35:07 | 000,022,528 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32ts.pyd
MOD - [2014/05/02 11:35:07 | 000,018,432 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32event.pyd
MOD - [2014/05/02 11:35:07 | 000,017,408 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32profile.pyd
MOD - [2014/05/02 11:35:07 | 000,011,264 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\win32crypt.pyd
MOD - [2014/05/02 11:35:07 | 000,010,240 | ---- | M] () -- C:\Users\Kiran\AppData\Local\Temp\_MEI60882\select.pyd
MOD - [2014/04/14 20:59:59 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014/04/01 03:16:39 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/03 01:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Kiran\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Kiran\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/06/06 09:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar Xense Audio\Customapp\VmixP8.dll
MOD - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2014/05/01 17:36:52 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/05/01 17:36:52 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/05/01 17:36:52 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/18 16:27:51 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/18 16:27:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/18 16:27:40 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 16:27:40 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 16:27:35 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 16:27:33 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 16:27:32 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 16:27:30 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/18 16:27:30 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/03/18 16:27:30 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/03/18 16:27:28 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/12/10 03:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/22 13:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 13:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2014/04/18 15:22:28 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/04/01 03:16:39 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/03/18 16:27:21 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/02/07 11:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013/01/14 01:41:25 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2013/01/12 01:58:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/11/01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/11/01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/10/11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/07/25 19:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 19:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2006/09/29 13:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/01 17:36:53 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/05/01 17:36:52 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/05/01 17:36:52 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/05/01 17:36:52 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/04/18 15:01:56 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/03/31 16:06:48 | 000,274,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014/03/31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/03/27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/03/27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/03/27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/03/27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/03/27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/03/20 23:02:52 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/03/18 16:27:56 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/18 16:27:34 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 16:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 16:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/18 16:27:20 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 16:27:19 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/03/18 16:27:19 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/03/18 16:27:19 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 16:27:18 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/03/18 16:27:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 16:27:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 16:27:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 16:27:18 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/03/18 16:27:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 16:10:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/03/18 16:10:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/12/18 18:16:44 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/12/05 09:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/09/24 08:10:34 | 000,097,768 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/09/04 15:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013/08/22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 13:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 13:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 13:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 12:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 15:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/12/01 13:41:38 | 000,446,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012/11/30 14:32:20 | 002,734,080 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2012/11/01 02:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/11/01 02:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/11/01 02:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/11/01 02:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/11/01 02:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
DRV:64bit: - [2012/10/24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/02/11 08:59:34 | 000,334,936 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0200.sys -- (RsFx0200)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/04/12 09:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\scdemu.sys -- (SCDEmu)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 40 50 5A 3C 5F CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.50.4: C:\Users\Kiran\AppData\Local\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/01 03:16:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/01 03:16:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/01 03:16:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/01 03:16:37 | 000,000,000 | ---D | M]

[2013/01/11 03:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiran\AppData\Roaming\mozilla\Extensions
[2014/03/28 12:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiran\AppData\Roaming\mozilla\Firefox\Profiles\vheyhumz.default\extensions
[2014/04/25 01:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/01 03:16:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/11 13:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/08/11 00:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/08/11 13:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/08/11 13:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/08/11 13:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2012/06/28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/08/11 00:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: First user (Disabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Kiran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Reg Error: Value error.) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - Reg Error: Value error. File not found
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe (Oracle Corporation)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Kiran\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Spotify] C:\Users\Kiran\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Kiran\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kiran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: lloydstsb.co.uk ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: lloydstsb.com ([]* in Local intranet)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...-131_03-win.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} http://java.sun.com/...-131_03-win.cab (Java Plug-in 1.3.1_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B903C76-883B-4F06-9962-CDBAABBCD658}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/02 12:08:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kiran\Desktop\OTL(2).exe
[2014/05/02 11:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/05/02 10:35:31 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014/05/02 10:34:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/01 21:29:14 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vsock.sys
[2014/05/01 21:29:14 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\vsocklib.dll
[2014/05/01 21:29:14 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysWow64\vsocklib.dll
[2014/05/01 21:29:13 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmx86.sys
[2014/05/01 21:28:43 | 000,032,920 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\VMkbd.sys
[2014/05/01 21:27:25 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysWow64\vmnetdhcp.exe
[2014/05/01 21:27:22 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\vnetlib64.dll
[2014/05/01 21:27:22 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysWow64\vmnat.exe
[2014/05/01 21:27:22 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmnetuserif.sys
[2014/05/01 21:27:20 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\hcmon.sys
[2014/05/01 21:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2014/05/01 21:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2014/05/01 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2014/05/01 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2014/05/01 21:25:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/05/01 17:37:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/05/01 17:37:17 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/05/01 17:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014/05/01 17:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2014/05/01 17:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/05/01 17:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/05/01 17:07:07 | 000,000,000 | ---D | C] -- C:\Users\Kiran\AppData\Roaming\Identities
[2014/05/01 16:42:51 | 000,000,000 | --SD | C] -- C:\Users\Kiran\AppData\Roaming\Microsoft
[2014/05/01 16:42:51 | 000,000,000 | R--D | C] -- C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/05/01 16:42:51 | 000,000,000 | R--D | C] -- C:\Users\Kiran\Favorites
[2014/05/01 16:42:51 | 000,000,000 | R--D | C] -- C:\Users\Kiran\Desktop
[2014/05/01 16:42:51 | 000,000,000 | R--D | C] -- C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/05/01 16:42:51 | 000,000,000 | R--D | C] -- C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/05/01 16:42:51 | 000,000,000 | -H-D | C] -- C:\Users\Kiran\AppData
[2014/05/01 16:42:51 | 000,000,000 | ---D | C] -- C:\Users\Kiran\AppData\Local\Temp
[2014/05/01 16:42:51 | 000,000,000 | ---D | C] -- C:\Users\Kiran\AppData\Local\Microsoft
[2014/05/01 16:42:51 | 000,000,000 | ---D | C] -- C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/05/01 16:39:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2014/05/01 16:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/05/01 16:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/05/01 16:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014/05/01 16:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/05/01 16:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/05/01 16:38:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/05/01 12:17:48 | 000,000,000 | ---D | C] -- C:\Users\Kiran\Canopy
[2014/05/01 12:16:42 | 000,000,000 | ---D | C] -- C:\Users\Kiran\AppData\Roaming\Enthought
[2014/05/01 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)
[2014/05/01 12:12:40 | 000,000,000 | ---D | C] -- C:\Users\Kiran\AppData\Local\Enthought
[2014/04/30 21:02:17 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/04/30 11:32:59 | 000,000,000 | ---D | C] -- C:\Users\Kiran\bluej
[2014/04/30 11:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueJ
[2014/04/30 11:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueJ
[2014/04/25 17:02:03 | 000,000,000 | ---D | C] -- C:\Users\Kiran\AppData\Local\Apps
[2014/04/18 15:01:56 | 000,237,336 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys

========== Files - Modified Within 30 Days ==========

[2014/05/02 12:08:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kiran\Desktop\OTL(2).exe
[2014/05/02 11:34:50 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/02 11:34:48 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 11:34:18 | 001,160,008 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/05/02 11:34:18 | 000,938,194 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/05/02 11:34:18 | 000,223,322 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/05/02 11:32:09 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/02 11:30:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/05/02 11:29:58 | 1671,237,626 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/02 10:30:57 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/01 21:27:19 | 001,164,614 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/05/01 21:27:19 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/01 17:36:52 | 000,387,210 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/05/01 16:55:50 | 000,068,583 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014/05/01 16:55:50 | 000,068,583 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014/05/01 16:55:43 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/05/01 16:51:50 | 000,573,352 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/05/01 12:17:50 | 000,002,491 | ---- | M] () -- C:\Users\Kiran\.enstaller4rc
[2014/05/01 12:16:55 | 000,001,161 | ---- | M] () -- C:\Users\Kiran\Desktop\PyLab (64-bit).lnk
[2014/05/01 12:13:30 | 000,002,094 | ---- | M] () -- C:\Users\Kiran\Desktop\Enthought Canopy (64-bit).lnk
[2014/04/30 11:29:24 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\BlueJ.lnk
[2014/04/24 20:20:37 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/04/18 15:01:56 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys
[2014/04/16 04:31:06 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/04/16 04:31:06 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/04/16 04:31:06 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk

========== Files Created - No Company Name ==========

[2014/05/01 21:27:19 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/01 17:36:52 | 000,387,210 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/05/01 17:07:08 | 000,001,442 | ---- | C] () -- C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/05/01 16:55:43 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/05/01 16:50:37 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/05/01 16:42:54 | 000,068,583 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014/05/01 16:42:54 | 000,068,583 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2014/05/01 16:42:51 | 000,000,369 | ---- | C] () -- C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014/05/01 16:42:51 | 000,000,369 | ---- | C] () -- C:\Users\Kiran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014/05/01 16:39:37 | 001,164,614 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/05/01 16:39:06 | 003,649,185 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2014/05/01 12:17:50 | 000,002,491 | ---- | C] () -- C:\Users\Kiran\.enstaller4rc
[2014/05/01 12:16:55 | 000,001,161 | ---- | C] () -- C:\Users\Kiran\Desktop\PyLab (64-bit).lnk
[2014/05/01 12:13:30 | 000,002,094 | ---- | C] () -- C:\Users\Kiran\Desktop\Enthought Canopy (64-bit).lnk
[2014/04/30 11:29:24 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\BlueJ.lnk
[2014/03/18 16:27:42 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 16:27:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/09/14 13:09:47 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/08/22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/07/05 21:51:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\SysWow64\VmixP8.dll
[2013/01/09 10:28:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\HsMgr.exe
[2013/01/09 10:28:18 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SysWow64\cmasiop.ini
[2013/01/09 10:28:14 | 000,123,043 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfl
[2013/01/09 10:28:12 | 000,001,041 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.imi
[2013/01/09 10:28:10 | 000,004,629 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfg
[2013/01/09 10:28:09 | 000,000,560 | ---- | C] () -- C:\WINDOWS\cmudaxp.ini
[2012/09/17 16:17:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/05/01 17:36:52 | 021,232,792 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/05/01 17:36:53 | 018,679,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/04 18:38:34 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\aacs
[2013/02/09 13:31:32 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\ASUS
[2013/10/17 19:25:06 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\AVG2014
[2013/10/05 17:54:15 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Canon
[2013/04/09 22:51:54 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Dev-Cpp
[2014/05/02 11:35:29 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Dropbox
[2014/05/01 12:16:42 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Enthought
[2013/06/30 12:25:58 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Foxit Software
[2013/05/04 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\gnupg
[2013/10/28 12:01:53 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\ICAClient
[2013/09/14 13:11:35 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\MySQL
[2013/09/07 09:24:41 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\NetBeans
[2013/07/12 23:55:27 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Notepad++
[2013/05/28 19:14:36 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\OpenOffice.org
[2013/09/14 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Oracle
[2013/11/17 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\RStudio
[2014/05/01 16:28:25 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Spotify
[2013/08/19 19:22:05 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\SSDQS
[2013/01/17 00:39:15 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\TeamViewer
[2014/04/30 21:35:19 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\Tinn-R
[2013/01/12 00:02:57 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\TuneUp Software
[2014/04/30 21:41:08 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\WinEdt

========== Purity Check ==========

< End of report >

#4 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #4$
Valinorum

Posted 02 May 2014 - 05:44 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi rocket-ron,

Step #3 Fix with OTL
- Re-run OTL by right clicking and choosing Run as administrator;
- Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').
  :Commands
  [createrestorepoint]
  
  :OTL
  O2:64bit: - BHO: (Reg Error: Value error.) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - Reg Error: Value error. File not found
  O1364bit: - gopher Prefix: missing
  O13 - gopher Prefix: missing
  O15 - HKCU\..Trusted Domains: lloydstsb.co.uk ([]* in Local intranet)
  O15 - HKCU\..Trusted Domains: lloydstsb.com ([]* in Local intranet)
  [2013/01/12 00:02:57 | 000,000,000 | ---D | M] -- C:\Users\Kiran\AppData\Roaming\TuneUp Software
  
  :Commands
  [emptytemp]
- Click on "Run Fix" and let the program run unhindered;
- Your PC will reboot automatically and a log will be opened;
- Please post it in your next reply.

How is your system running?

Required Log(s):
- OTL Fix Log

Regards,
Valinorum

#5 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #5$
rocket-ron

Posted 02 May 2014 - 10:18 AM

Member

Topic Starter
Member
42 posts

Hi Valinorum,

Thank you very much for the quick repsonse. I have run OTL.exe with the fix details you provided. The log is below.

My current system status is:

1) Mouse seems less responsive and more difficult to do highlighting text from web pages, etc.

2) Sometimes there are problems grabbing the titlebar of windows to drag and move them around.

3) Sometimes when I do a single click on a file to copy and paste the system opens the file.

4) VMware when running a guest system does not appear in the task bar and is only visible in the Task manager (this could be a Windows 8.1 upgrade issue?)

Thanks again and any advice on the above issues would be much appreciated.

Kind regards,

rocket-ron.

===============================================================================================================================================

OLT log below

==============

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lloydstsb.co.uk\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lloydstsb.com\ deleted successfully.
C:\Users\Kiran\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Kiran\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Kiran\AppData\Roaming\TuneUp Software folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Guest_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 57066644 bytes
->Flash cache emptied: 779 bytes

User: Kiran
->Temp folder emptied: 167172783 bytes
->Temporary Internet Files folder emptied: 906394 bytes
->Java cache emptied: 3502180 bytes
->FireFox cache emptied: 354321776 bytes
->Google Chrome cache emptied: 172161481 bytes
->Flash cache emptied: 4401 bytes

User: MsDtsServer110
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSSQLFDLauncher
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSSQLSERVER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSSQLServerOLAPService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ReportServer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 814519 bytes
RecycleBin emptied: 137996182 bytes

Total Files Cleaned = 853.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05022014_165839

Files\Folders moved on Reboot...
C:\Users\Kiran\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
C:\WINDOWS\temp\vmware-SYSTEM-474498808\vmauthd.log moved successfully.
C:\WINDOWS\temp\vmware-SYSTEM-474498808\vmware-usbarb-2652.log moved successfully.
File move failed. C:\WINDOWS\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_c2ruidll(20140502113011764).log not found!
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_streamserver(20140502113011764).log not found!
File move failed. C:\WINDOWS\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\RON-HAL-20140502-1130.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#6 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #6$
Valinorum

Posted 02 May 2014 - 12:50 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Can you try a different USB port for the mouse? Did you try different computer?

#7 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #7$
rocket-ron

Posted 03 May 2014 - 05:11 AM

Member

Topic Starter
Member
42 posts

Hi Valinorum,

The problem with the mouse does not seem to have appeared this morning when checking again. It seems to be resolved or intermitent. If it returns I will further test the mouse and USB, sometimes I only think it is the software not the hardware. :yes:

I have not seen any more AVG alerts. Are there any other checks we should implement?

Thanks again for all the help.

Kind regards,

rocket-ron.

#8 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #8$
rocket-ron

Posted 03 May 2014 - 05:12 AM

Member

Topic Starter
Member
42 posts

I will be away for up to 2 days from today, so please keep my topic open if there are any more steps and bear with me.

Thanks,

rr.

#9 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #9$
Valinorum

Posted 03 May 2014 - 06:14 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi rocket-ron,

Acknowledged. In the meantime please do not install any new program(s) in your computer.

Step #4 Scan with Malwarebytes' Anti-Malware
- Download Malwarebytes' Anti-Malware from the suitable link below --
- Double-click mbam-setup.exe to install the application.
- Before clicking Finish perform the following actions --
  - Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
  - Check the box beside Launch Malwarebytes Anti-Malware
- Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
- Click on Setting--
  - Navigate to the tab Detection and Protection and check all the boxes under Detection Options
- From the Dashboard click on Scan Now;
- If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
- On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
- Copy and Paste the contents of the log in your next reply.

Step #5 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
- Download esetsmartinstaller_enu.exe by clicking here.
- Right-click on the program and choose Run as administrator.
- Accept their terms and condition and proceed.
- Install Add-On/Active X if prompted.
- From the Computer Scan Setting --
  - Uncheck the box beside Remove Found Threats;
  - Check the box beside Scan archives
- Click on Advanced Setting and check the following boxes--
  - Scan for potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth Technology
- Click on Start and wait for the virus signature database to update.
- The online scan will begin automatically and can take several hours.
  - Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
- After the Scan finishes --
  - If no threats were found:
    - Put a checkmark in Uninstall application on close.
    - Close the program and report that nothing was found
  - If threats were found:
    - Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
    - Copy and Paste contents of the log file in your next reply.
Note: Enable your security programs afterwards.

Required Log(s):
- Malwarebytes' Anti-Malware Log;
- ESET Scan Log

Regards,
Valinorum

#10 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #10$
rocket-ron

Posted 06 May 2014 - 09:30 AM

Member

Topic Starter
Member
42 posts

Dear Valinorum,

Thanks for your patience and hope you are well. Please find my logs below.

Kind regards and thanks for the on-going help,

rocket-ron.

==================================================================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/05/2014
Scan Time: 12:03:03
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.06.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kiran

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 479434
Time Elapsed: 10 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

=====================================================

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=07b06ed1b1432040ae9794dd4831a804
# engine=18153
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-06 02:41:50
# local_time=2014-05-06 03:41:50 (+0000, GMT Summer Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 4233795 24268603 0 0
# scanned=631966
# found=8
# cleaned=0
# scan_time=11931
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Kiran\Downloads\cbsidlm-tr1_10a-Daemon_Tools_Lite-ORG-10778842.exe"
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="D:\Kiran\Downloads\cbsidlm-tr1_10a-Free_HTML_to_PDF_Converter-ORG-10691753.exe"
sh=5FB6822B24CE1EDC510AD20BBAEA3DFDA97F87B8 ft=1 fh=86f5f05c7551e90b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Kiran\Downloads\ccsetup311.exe"
sh=180C8ED7C81E3AE7B0507B26C927EA93584B017C ft=1 fh=b0b83453fcc7b480 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\Kiran\Downloads\ccsetup327.exe"
sh=B9DFDDD0DD350D380F1BA6D97667B5671F387EBC ft=1 fh=2702b615f7b8f074 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="D:\Kiran\Downloads\FoxitReader545.0114_enu_Setup.exe"
sh=E0CD4F64168973BF0ADCD5E301F932BEB2458A88 ft=1 fh=1e5657717efbacd4 vn="Win32/InstallCore.BN potentially unwanted application" ac=I fn="D:\Kiran\Downloads\ZipOpenerSetup.exe"
sh=C7D9DD032E415706468EE6B89F1C53AB0E0EBD40 ft=1 fh=652b75961704fed4 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="D:\Kiran\MisysMachine_2012\Downloads\CuteWriter.exe"
sh=15F206847ED96BAFF20511D16ACFD9B73C4E8B5A ft=1 fh=fb99d5d7b6aacd8e vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Kiran\MisysMachine_2012\Downloads\media.player.codec.pack.v4.2.2.setup.exe"

#11 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #11$
Valinorum

Posted 06 May 2014 - 09:47 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi rocket-ron,

Step #6 Fix with OTL
- Re-run OTL by right clicking and choosing Run as administrator;
- Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').
  :Commands
  [createrestorepoint]
  
  :Files
  C:\Users\Kiran\Downloads\cbsidlm-tr1_10a-Daemon_Tools_Lite-ORG-10778842.exe
  D:\Kiran\Downloads\cbsidlm-tr1_10a-Free_HTML_to_PDF_Converter-ORG-10691753.exe
  D:\Kiran\Downloads\ccsetup311.exe
  D:\Kiran\Downloads\ccsetup327.exe
  D:\Kiran\Downloads\FoxitReader545.0114_enu_Setup.exe
  D:\Kiran\Downloads\ZipOpenerSetup.exe
  D:\Kiran\MisysMachine_2012\Downloads\CuteWriter.exe
  D:\Kiran\MisysMachine_2012\Downloads\media.player.codec.pack.v4.2.2.setup.exe
  
  :Commands
  [emptytemp]
- Click on "Run Fix" and let the program run unhindered;
- Your PC will reboot automatically and a log will be opened;
- Please post it in your next reply.

How is your system running?

Required Log(s):
- OTL Fix Log

Regards,
Valinorum

#12 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #12$
rocket-ron

Posted 06 May 2014 - 02:16 PM

Member

Topic Starter
Member
42 posts

Hi Valinorum,

Please find the OTL log below. Thanks for the quick response again :-).

Kind regards,

rocket-ron. :yes:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Kiran\Downloads\cbsidlm-tr1_10a-Daemon_Tools_Lite-ORG-10778842.exe moved successfully.
D:\Kiran\Downloads\cbsidlm-tr1_10a-Free_HTML_to_PDF_Converter-ORG-10691753.exe moved successfully.
D:\Kiran\Downloads\ccsetup311.exe moved successfully.
D:\Kiran\Downloads\ccsetup327.exe moved successfully.
D:\Kiran\Downloads\FoxitReader545.0114_enu_Setup.exe moved successfully.
D:\Kiran\Downloads\ZipOpenerSetup.exe moved successfully.
D:\Kiran\MisysMachine_2012\Downloads\CuteWriter.exe moved successfully.
D:\Kiran\MisysMachine_2012\Downloads\media.player.codec.pack.v4.2.2.setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Guest_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kiran
->Temp folder emptied: 134308032 bytes
->Temporary Internet Files folder emptied: 140273 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 199472439 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1015 bytes

User: MsDtsServer110
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSSQLFDLauncher
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSSQLSERVER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSSQLServerOLAPService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ReportServer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2227572 bytes
RecycleBin emptied: 5660635 bytes

Total Files Cleaned = 326.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05062014_205233

Files\Folders moved on Reboot...
C:\Users\Kiran\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\WINDOWS\temp\vmware-SYSTEM\vmware-usbarb-3228.log moved successfully.
File move failed. C:\WINDOWS\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_c2ruidll(20140506101442984).log not found!
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_streamserver(20140506101442984).log not found!
File move failed. C:\WINDOWS\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\RON-HAL-20140506-1014.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#13 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #13$
Valinorum

Posted 06 May 2014 - 09:33 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

♣ Removal of Tools and Quarantined Files ♣

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

Cleanup with Delfix
Please download DelFix by Xplode to your Desktop.
Download Link
- Double-click to run the program;
  - Note: Windows Vista/7/8 users right-click and choose Run as administrator
- Make sure that all the boxes are checked;
- Click Run;
- A log will be opened after the operation is finished;
- Copy and Paste it in your next reply

♣ Prevention and Future Guidelines ♣

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

Keep Windows up-to-date.
It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
Run antivirus software and keep it up-to-date, too.
Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
Keep your web browser plugins and other programs updated also.
This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

Download NoSript by Giorgio Maone.

Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
Watch out for new threat named CryptoLocker
CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
How to prevent your computer from becoming infected by CryptoLocker.
And last of all, surf smart.
It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum

#14 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #14$
rocket-ron

Posted 07 May 2014 - 05:54 AM

Member

Topic Starter
Member
42 posts

Hi Valinorum,

Thanks for all your help and time on cleaning up my machine, it is very much appreciated.

Also, the additional advice looks very useful and I will take it on-board. Below is my log from Delfix.

Thanks again,

rocket-ron.

=====================

Delfix log

=====================

# DelFix v10.7 - Logfile created 07/05/2014 at 12:51:10
# Updated 27/04/2014 by Xplode
# Username : Kiran - RON-HAL
# Operating System : Windows 8.1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\Kiran\Desktop\Extras.Txt
Deleted : C:\Users\Kiran\Desktop\JRT.txt
Deleted : C:\Users\Kiran\Desktop\OTL.Txt
Deleted : C:\Users\Kiran\Desktop\OTL(2).exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #2 [Installed AVG 2014 | 05/01/2014 16:09:27]
Deleted : RP #3 [Installed AVG 2014 | 05/02/2014 16:20:46]
Deleted : RP #4 [Windows Update | 05/06/2014 11:00:13]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

#15 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #15$
Valinorum

Posted 07 May 2014 - 06:00 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Log looks good. Browse safely.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Windows 8, AVG, Crack.UX, d:\3d\max9keygen.exe

Windows Xp Retired Forums → Windows XP, 2000, 2003, NT → My online history seems to have disappeared on my Win XP, Firefox sys Started by dowsp , 20 Apr 2024 Windows Xp, History	0 replies 11,660 views	dowsp 20 Apr 2024
Security → Virus, Spyware, Malware Removal → Help removing a suspected Trojan Started by RobJames , 01 Feb 2024 FXSAPIDebugLogFile and 2 more...	11 replies 11,019 views	RKinner 07 Feb 2024
Hardware → Hardware, Components and Peripherals → Recover the hard drive Started by Andrew Board , 16 Jan 2024 data recovery, hard drive, help and 1 more...	2 replies 668 views	phillpower2 16 Jan 2024
Security → Virus, Spyware, Malware Removal → Hijacked Windows defender [Closed] Started by relay , 17 Nov 2023 shell, spyware, keylogger and 2 more...	8 replies 3,047 views	DR M 23 Nov 2023
#linux Discussion → Off-Topic → Two different OS on two different drivers - recommended? Started by Killian Gharrah , 17 Sep 2023 #linux, #windows, #SSD, #HDD	1 reply 2,607 views	Killian Gharrah 17 Sep 2023

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Geeks to Go Forum 343,326 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign

#1 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #1$
rocket-ron

Posted 30 April 2014 - 02:22 PM

Advertisements

#2 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #2$
Valinorum

Posted 01 May 2014 - 03:24 PM

#3 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #3$
rocket-ron

Posted 02 May 2014 - 05:19 AM

#4 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #4$
Valinorum

Posted 02 May 2014 - 05:44 AM

#5 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #5$
rocket-ron

Posted 02 May 2014 - 10:18 AM

#6 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #6$
Valinorum

Posted 02 May 2014 - 12:50 PM

#7 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #7$
rocket-ron

Posted 03 May 2014 - 05:11 AM

#8 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #8$
rocket-ron

Posted 03 May 2014 - 05:12 AM

#9 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #9$
Valinorum

Posted 03 May 2014 - 06:14 AM

#10 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #10$
rocket-ron

Posted 06 May 2014 - 09:30 AM

Advertisements

#11 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #11$
Valinorum

Posted 06 May 2014 - 09:47 AM

#12 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #12$
rocket-ron

Posted 06 May 2014 - 02:16 PM

#13 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #13$
Valinorum

Posted 06 May 2014 - 09:33 PM

#14 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #14$
rocket-ron

Posted 07 May 2014 - 05:54 AM

#15 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #15$
Valinorum

Posted 07 May 2014 - 06:00 AM

Similar Topics

Also tagged with one or more of these keywords: Windows 8, AVG, Crack.UX, d:\3d\max9keygen.exe

My online history seems to have disappeared on my Win XP, Firefox sys

Help removing a suspected Trojan

Recover the hard drive

Hijacked Windows defender [Closed]

Two different OS on two different drivers - recommended?

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign

#1 rocket-ron Posted 30 April 2014 - 02:22 PM

Advertisements

#2 Valinorum Posted 01 May 2014 - 03:24 PM

#3 rocket-ron Posted 02 May 2014 - 05:19 AM

#4 Valinorum Posted 02 May 2014 - 05:44 AM

#5 rocket-ron Posted 02 May 2014 - 10:18 AM

#6 Valinorum Posted 02 May 2014 - 12:50 PM

#7 rocket-ron Posted 03 May 2014 - 05:11 AM

#8 rocket-ron Posted 03 May 2014 - 05:12 AM

#9 Valinorum Posted 03 May 2014 - 06:14 AM

#10 rocket-ron Posted 06 May 2014 - 09:30 AM

Advertisements

#11 Valinorum Posted 06 May 2014 - 09:47 AM

#12 rocket-ron Posted 06 May 2014 - 02:16 PM

#13 Valinorum Posted 06 May 2014 - 09:33 PM

#14 rocket-ron Posted 07 May 2014 - 05:54 AM

#15 Valinorum Posted 07 May 2014 - 06:00 AM

Similar Topics

Also tagged with one or more of these keywords: Windows 8, AVG, Crack.UX, d:\3d\max9keygen.exe

0 user(s) are reading this topic

As Featured On:

Connect With Us

Sign In

#1 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #1$
rocket-ron

Posted 30 April 2014 - 02:22 PM

#2 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #2$
Valinorum

Posted 01 May 2014 - 03:24 PM

#3 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #3$
rocket-ron

Posted 02 May 2014 - 05:19 AM

#4 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #4$
Valinorum

Posted 02 May 2014 - 05:44 AM

#5 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #5$
rocket-ron

Posted 02 May 2014 - 10:18 AM

#6 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #6$
Valinorum

Posted 02 May 2014 - 12:50 PM

#7 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #7$
rocket-ron

Posted 03 May 2014 - 05:11 AM

#8 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #8$
rocket-ron

Posted 03 May 2014 - 05:12 AM

#9 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #9$
Valinorum

Posted 03 May 2014 - 06:14 AM

#10 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #10$
rocket-ron

Posted 06 May 2014 - 09:30 AM

#11 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #11$
Valinorum

Posted 06 May 2014 - 09:47 AM

#12 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #12$
rocket-ron

Posted 06 May 2014 - 02:16 PM

#13 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #13$
Valinorum

Posted 06 May 2014 - 09:33 PM

#14 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #14$
rocket-ron

Posted 07 May 2014 - 05:54 AM

#15 $Help making sure Crack.UX (d:\3d\max9keygen.exe) and MalSign: post #15$
Valinorum

Posted 07 May 2014 - 06:00 AM