Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus/malware detection [Solved]

Started by liscat , May 01 2014 03:26 AM
virus malware

  • This topic is locked This topic is locked

#1
liscat
Posted 01 May 2014 - 03:26 AM

liscat

    New Member

  • Member
  • Pip
  • 7 posts

Hi, Im pretty new to this and would appreciate any help possible.

 

About a week ago I opened an attachment in an email, knew straight away it was dodgy and took all measure to try and rectify the situation. Since then everythings being going a little wonky.

 

My laptop seems to work ok, a little slow.

Mcafee stopped working all together kept saying need to restart to do updates constantly

Laptop would not shut down through start menu all the time, had to do it through task manager.

 

Today I unianstalled mcafee and installed another and it wont run. I have ran rogue killer and it said infected with root.necurs I have attached the note pad file. Also whenever i restart the comouter it says windows operating system has stopped working and trys to solve the issue. It does this 2 or 3 times before letting me continue.

 

Any help to get this sorted would be appreciated. I dont want to have to send this off to be fixed as I work from home. Please note it does not show root.necurs now after I ran the scan a second time. But I'm still not convinced everything is fine.

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lisa [Admin rights]
Mode : Remove -- Date : 05/01/2014 10:23:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ejyne.exe -- C:\Users\Lisa\AppData\Local\Temp\Ceiwet\ejyne.exe [x] -> ERROR [5]

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Ejyne (C:\Users\Lisa\AppData\Local\Temp\Ceiwet\ejyne.exe [x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2964522286-2092028268-1510466465-1001\[...]\Run : Ejyne (C:\Users\Lisa\AppData\Local\Temp\Ceiwet\ejyne.exe [x]) -> [0x2] The system cannot find the file specified.

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @firefox.exe (GdipAddPathArc) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C074C6)
[Address] EAT @firefox.exe (GdipAddPathArcI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07599)
[Address] EAT @firefox.exe (GdipAddPathBezier) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0760F)
[Address] EAT @firefox.exe (GdipAddPathBezierI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C076F4)
[Address] EAT @firefox.exe (GdipAddPathBeziers) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07778)
[Address] EAT @firefox.exe (GdipAddPathBeziersI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07838)
[Address] EAT @firefox.exe (GdipAddPathClosedCurve) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07F15)
[Address] EAT @firefox.exe (GdipAddPathClosedCurve2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C080DE)
[Address] EAT @firefox.exe (GdipAddPathClosedCurve2I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C081A5)
[Address] EAT @firefox.exe (GdipAddPathClosedCurveI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07FD5)
[Address] EAT @firefox.exe (GdipAddPathCurve) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07941)
[Address] EAT @firefox.exe (GdipAddPathCurve2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07B2D)
[Address] EAT @firefox.exe (GdipAddPathCurve2I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07BFB)
[Address] EAT @firefox.exe (GdipAddPathCurve3) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07D2E)
[Address] EAT @firefox.exe (GdipAddPathCurve3I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07DFF)
[Address] EAT @firefox.exe (GdipAddPathCurveI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07A01)
[Address] EAT @firefox.exe (GdipAddPathEllipse) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C085A8)
[Address] EAT @firefox.exe (GdipAddPathEllipseI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C08667)
[Address] EAT @firefox.exe (GdipAddPathLine) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C071D4)
[Address] EAT @firefox.exe (GdipAddPathLine2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C072FD)
[Address] EAT @firefox.exe (GdipAddPathLine2I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C073BD)
[Address] EAT @firefox.exe (GdipAddPathLineI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07295)
[Address] EAT @firefox.exe (GdipAddPathPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C089E1)
[Address] EAT @firefox.exe (GdipAddPathPie) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C086CF)
[Address] EAT @firefox.exe (GdipAddPathPieI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C087A2)
[Address] EAT @firefox.exe (GdipAddPathPolygon) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C08818)
[Address] EAT @firefox.exe (GdipAddPathPolygonI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C088D8)
[Address] EAT @firefox.exe (GdipAddPathRectangle) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C082B5)
[Address] EAT @firefox.exe (GdipAddPathRectangleI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C08376)
[Address] EAT @firefox.exe (GdipAddPathRectangles) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C083DE)
[Address] EAT @firefox.exe (GdipAddPathRectanglesI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0849E)
[Address] EAT @firefox.exe (GdipAddPathString) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C08A8A)
[Address] EAT @firefox.exe (GdipAddPathStringI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C08C03)
[Address] EAT @firefox.exe (GdipAlloc) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C224CB)
[Address] EAT @firefox.exe (GdipBeginContainer) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20E5E)
[Address] EAT @firefox.exe (GdipBeginContainer2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20F5F)
[Address] EAT @firefox.exe (GdipBeginContainerI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21023)
[Address] EAT @firefox.exe (GdipBitmapApplyEffect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17307)
[Address] EAT @firefox.exe (GdipBitmapConvertFormat) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1709C)
[Address] EAT @firefox.exe (GdipBitmapCreateApplyEffect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1726A)
[Address] EAT @firefox.exe (GdipBitmapGetHistogram) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C173BB)
[Address] EAT @firefox.exe (GdipBitmapGetHistogramSize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17490)
[Address] EAT @firefox.exe (GdipBitmapGetPixel) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16CFA)
[Address] EAT @firefox.exe (GdipBitmapLockBits) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16B83)
[Address] EAT @firefox.exe (GdipBitmapSetPixel) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16DC0)
[Address] EAT @firefox.exe (GdipBitmapSetResolution) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1762F)
[Address] EAT @firefox.exe (GdipBitmapUnlockBits) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16C43)
[Address] EAT @firefox.exe (GdipClearPathMarkers) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06FD4)
[Address] EAT @firefox.exe (GdipCloneBitmapArea) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C26C2A)
[Address] EAT @firefox.exe (GdipCloneBitmapAreaI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16A8F)
[Address] EAT @firefox.exe (GdipCloneBrush) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D87E)
[Address] EAT @firefox.exe (GdipCloneCustomLineCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12EB5)
[Address] EAT @firefox.exe (GdipCloneFont) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22FAC)
[Address] EAT @firefox.exe (GdipCloneFontFamily) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22A1B)
[Address] EAT @firefox.exe (GdipCloneImage) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14C90)
[Address] EAT @firefox.exe (GdipCloneImageAttributes) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C177B1)
[Address] EAT @firefox.exe (GdipCloneMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0AA39)
[Address] EAT @firefox.exe (GdipClonePath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0651A)
[Address] EAT @firefox.exe (GdipClonePen) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10B54)
[Address] EAT @firefox.exe (GdipCloneRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0BEC7)
[Address] EAT @firefox.exe (GdipCloneStringFormat) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23F8B)
[Address] EAT @firefox.exe (GdipClosePathFigure) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06DEB)
[Address] EAT @firefox.exe (GdipClosePathFigures) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06E8E)
[Address] EAT @firefox.exe (GdipCombineRegionPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C310)
[Address] EAT @firefox.exe (GdipCombineRegionRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C1BC)
[Address] EAT @firefox.exe (GdipCombineRegionRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C293)
[Address] EAT @firefox.exe (GdipCombineRegionRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C43E)
[Address] EAT @firefox.exe (GdipComment) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2325C)
[Address] EAT @firefox.exe (GdipConvertToEmfPlus) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24F0F)
[Address] EAT @firefox.exe (GdipConvertToEmfPlusToFile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24FEF)
[Address] EAT @firefox.exe (GdipConvertToEmfPlusToStream) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C250E3)
[Address] EAT @firefox.exe (GdipCreateAdjustableArrowCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C26B65)
[Address] EAT @firefox.exe (GdipCreateBitmapFromDirectDrawSurface) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16518)
[Address] EAT @firefox.exe (GdipCreateBitmapFromFile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15EB5)
[Address] EAT @firefox.exe (GdipCreateBitmapFromFileICM) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16151)
[Address] EAT @firefox.exe (GdipCreateBitmapFromGdiDib) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16605)
[Address] EAT @firefox.exe (GdipCreateBitmapFromGraphics) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C163C5)
[Address] EAT @firefox.exe (GdipCreateBitmapFromHBITMAP) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16707)
[Address] EAT @firefox.exe (GdipCreateBitmapFromHICON) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16885)
[Address] EAT @firefox.exe (GdipCreateBitmapFromResource) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16917)
[Address] EAT @firefox.exe (GdipCreateBitmapFromScan0) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C162A0)
[Address] EAT @firefox.exe (GdipCreateBitmapFromStream) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15D68)
[Address] EAT @firefox.exe (GdipCreateBitmapFromStreamICM) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16003)
[Address] EAT @firefox.exe (GdipCreateCachedBitmap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24A81)
[Address] EAT @firefox.exe (GdipCreateCustomLineCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12CCB)
[Address] EAT @firefox.exe (GdipCreateEffect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16E69)
[Address] EAT @firefox.exe (GdipCreateFont) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C227CA)
[Address] EAT @firefox.exe (GdipCreateFontFamilyFromName) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22590)
[Address] EAT @firefox.exe (GdipCreateFontFromDC) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23636)
[Address] EAT @firefox.exe (GdipCreateFontFromLogfontA) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23730)
[Address] EAT @firefox.exe (GdipCreateFontFromLogfontW) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23833)
[Address] EAT @firefox.exe (GdipCreateFromHDC) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18301)
[Address] EAT @firefox.exe (GdipCreateFromHDC2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C183AB)
[Address] EAT @firefox.exe (GdipCreateFromHWND) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18456)
[Address] EAT @firefox.exe (GdipCreateFromHWNDICM) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18500)
[Address] EAT @firefox.exe (GdipCreateHBITMAPFromBitmap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1679C)
[Address] EAT @firefox.exe (GdipCreateHICONFromBitmap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C169AC)
[Address] EAT @firefox.exe (GdipCreateHalftonePalette) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24D8C)
[Address] EAT @firefox.exe (GdipCreateHatchBrush) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C262CA)
[Address] EAT @firefox.exe (GdipCreateImageAttributes) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C176DE)
[Address] EAT @firefox.exe (GdipCreateLineBrush) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0DFFA)
[Address] EAT @firefox.exe (GdipCreateLineBrushFromRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E1BF)
[Address] EAT @firefox.exe (GdipCreateLineBrushFromRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E2AF)
[Address] EAT @firefox.exe (GdipCreateLineBrushFromRectWithAngle) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E377)
[Address] EAT @firefox.exe (GdipCreateLineBrushFromRectWithAngleI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E46E)
[Address] EAT @firefox.exe (GdipCreateLineBrushI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E0F0)
[Address] EAT @firefox.exe (GdipCreateMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A68E)
[Address] EAT @firefox.exe (GdipCreateMatrix2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A744)
[Address] EAT @firefox.exe (GdipCreateMatrix3) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A884)
[Address] EAT @firefox.exe (GdipCreateMatrix3I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A94C)
[Address] EAT @firefox.exe (GdipCreateMetafileFromEmf) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2153C)
[Address] EAT @firefox.exe (GdipCreateMetafileFromFile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21614)
[Address] EAT @firefox.exe (GdipCreateMetafileFromStream) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C217C3)
[Address] EAT @firefox.exe (GdipCreateMetafileFromWmf) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2145F)
[Address] EAT @firefox.exe (GdipCreateMetafileFromWmfFile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C216EB)
[Address] EAT @firefox.exe (GdipCreatePath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C261D9)
[Address] EAT @firefox.exe (GdipCreatePath2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0627E)
[Address] EAT @firefox.exe (GdipCreatePath2I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0634F)
[Address] EAT @firefox.exe (GdipCreatePathGradient) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C26893)
[Address] EAT @firefox.exe (GdipCreatePathGradientFromPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C26AA7)
[Address] EAT @firefox.exe (GdipCreatePathGradientI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C26955)
[Address] EAT @firefox.exe (GdipCreatePathIter) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C09AB7)
[Address] EAT @firefox.exe (GdipCreatePen1) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C108D0)
[Address] EAT @firefox.exe (GdipCreatePen2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10A01)
[Address] EAT @firefox.exe (GdipCreateRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B9CE)
[Address] EAT @firefox.exe (GdipCreateRegionHrgn) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0BDF8)
[Address] EAT @firefox.exe (GdipCreateRegionPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0BBF4)
[Address] EAT @firefox.exe (GdipCreateRegionRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0BA87)
[Address] EAT @firefox.exe (GdipCreateRegionRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0BB49)
[Address] EAT @firefox.exe (GdipCreateRegionRgnData) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0BD16)
[Address] EAT @firefox.exe (GdipCreateSolidFill) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2707F)
[Address] EAT @firefox.exe (GdipCreateStreamOnFile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C05877)
[Address] EAT @firefox.exe (GdipCreateStringFormat) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23DC1)
[Address] EAT @firefox.exe (GdipCreateTexture) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C263AB)
[Address] EAT @firefox.exe (GdipCreateTexture2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C264CD)
[Address] EAT @firefox.exe (GdipCreateTexture2I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C267B9)
[Address] EAT @firefox.exe (GdipCreateTextureIA) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2660F)
[Address] EAT @firefox.exe (GdipCreateTextureIAI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C26859)
[Address] EAT @firefox.exe (GdipDeleteBrush) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D958)
[Address] EAT @firefox.exe (GdipDeleteCachedBitmap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24BEC)
[Address] EAT @firefox.exe (GdipDeleteCustomLineCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13069)
[Address] EAT @firefox.exe (GdipDeleteEffect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16EFA)
[Address] EAT @firefox.exe (GdipDeleteFont) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23065)
[Address] EAT @firefox.exe (GdipDeleteFontFamily) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22922)
[Address] EAT @firefox.exe (GdipDeleteGraphics) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C185AA)
[Address] EAT @firefox.exe (GdipDeleteMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0AB0E)
[Address] EAT @firefox.exe (GdipDeletePath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C065EE)
[Address] EAT @firefox.exe (GdipDeletePathIter) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C09B70)
[Address] EAT @firefox.exe (GdipDeletePen) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10C2B)
[Address] EAT @firefox.exe (GdipDeletePrivateFontCollection) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23A7D)
[Address] EAT @firefox.exe (GdipDeleteRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0BFE6)
[Address] EAT @firefox.exe (GdipDeleteStringFormat) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24036)
[Address] EAT @firefox.exe (GdipDisposeImage) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14D5E)
[Address] EAT @firefox.exe (GdipDisposeImageAttributes) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1787F)
[Address] EAT @firefox.exe (GdipDrawArc) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A4A5)
[Address] EAT @firefox.exe (GdipDrawArcI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A5DF)
[Address] EAT @firefox.exe (GdipDrawBezier) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A658)
[Address] EAT @firefox.exe (GdipDrawBezierI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A7A0)
[Address] EAT @firefox.exe (GdipDrawBeziers) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A827)
[Address] EAT @firefox.exe (GdipDrawBeziersI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A951)
[Address] EAT @firefox.exe (GdipDrawCachedBitmap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24C86)
[Address] EAT @firefox.exe (GdipDrawClosedCurve) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1BC79)
[Address] EAT @firefox.exe (GdipDrawClosedCurve2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1BEBC)
[Address] EAT @firefox.exe (GdipDrawClosedCurve2I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1BFED)
[Address] EAT @firefox.exe (GdipDrawClosedCurveI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1BDA3)
[Address] EAT @firefox.exe (GdipDrawCurve) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1B581)
[Address] EAT @firefox.exe (GdipDrawCurve2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1B7C4)
[Address] EAT @firefox.exe (GdipDrawCurve2I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1B8FC)
[Address] EAT @firefox.exe (GdipDrawCurve3) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1BA1C)
[Address] EAT @firefox.exe (GdipDrawCurve3I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1BB53)
[Address] EAT @firefox.exe (GdipDrawCurveI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1B6AB)
[Address] EAT @firefox.exe (GdipDrawDriverString) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1DA1A)
[Address] EAT @firefox.exe (GdipDrawEllipse) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1AE82)
[Address] EAT @firefox.exe (GdipDrawEllipseI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1AFA6)
[Address] EAT @firefox.exe (GdipDrawImage) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1DF1E)
[Address] EAT @firefox.exe (GdipDrawImageFX) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1EB79)
[Address] EAT @firefox.exe (GdipDrawImageI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1E099)
[Address] EAT @firefox.exe (GdipDrawImagePointRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1E553)
[Address] EAT @firefox.exe (GdipDrawImagePointRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1E6EF)
[Address] EAT @firefox.exe (GdipDrawImagePoints) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1E2BF)
[Address] EAT @firefox.exe (GdipDrawImagePointsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1E417)
[Address] EAT @firefox.exe (GdipDrawImagePointsRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1E78B)
[Address] EAT @firefox.exe (GdipDrawImagePointsRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1E9EA)
[Address] EAT @firefox.exe (GdipDrawImageRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1E0F5)
[Address] EAT @firefox.exe (GdipDrawImageRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1E254)
[Address] EAT @firefox.exe (GdipDrawImageRectRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C26CAE)
[Address] EAT @firefox.exe (GdipDrawImageRectRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C26F04)
[Address] EAT @firefox.exe (GdipDrawLine) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A0D1)
[Address] EAT @firefox.exe (GdipDrawLineI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A1F5)
[Address] EAT @firefox.exe (GdipDrawLines) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A260)
[Address] EAT @firefox.exe (GdipDrawLinesI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A38C)
[Address] EAT @firefox.exe (GdipDrawPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1B407)
[Address] EAT @firefox.exe (GdipDrawPie) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1B011)
[Address] EAT @firefox.exe (GdipDrawPieI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1B14B)
[Address] EAT @firefox.exe (GdipDrawPolygon) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1B1C4)
[Address] EAT @firefox.exe (GdipDrawPolygonI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1B2EE)
[Address] EAT @firefox.exe (GdipDrawRectangle) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1AA8D)
[Address] EAT @firefox.exe (GdipDrawRectangleI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1ABB1)
[Address] EAT @firefox.exe (GdipDrawRectangles) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1AC1C)
[Address] EAT @firefox.exe (GdipDrawRectanglesI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1AD46)
[Address] EAT @firefox.exe (GdipDrawString) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1D512)
[Address] EAT @firefox.exe (GdipEmfToWmfBits) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24EB9)
[Address] EAT @firefox.exe (GdipEndContainer) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C210D0)
[Address] EAT @firefox.exe (GdipEnumerateMetafileDestPoint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1ECBA)
[Address] EAT @firefox.exe (GdipEnumerateMetafileDestPointI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1EE6B)
[Address] EAT @firefox.exe (GdipEnumerateMetafileDestPoints) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1F0F8)
[Address] EAT @firefox.exe (GdipEnumerateMetafileDestPointsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1F2AC)
[Address] EAT @firefox.exe (GdipEnumerateMetafileDestRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1EED3)
[Address] EAT @firefox.exe (GdipEnumerateMetafileDestRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1F084)
[Address] EAT @firefox.exe (GdipEnumerateMetafileSrcRectDestPoint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1F417)
[Address] EAT @firefox.exe (GdipEnumerateMetafileSrcRectDestPointI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1F5F7)
[Address] EAT @firefox.exe (GdipEnumerateMetafileSrcRectDestPoints) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1F8F5)
[Address] EAT @firefox.exe (GdipEnumerateMetafileSrcRectDestPointsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1FAD8)
[Address] EAT @firefox.exe (GdipEnumerateMetafileSrcRectDestRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1F680)
[Address] EAT @firefox.exe (GdipEnumerateMetafileSrcRectDestRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1F860)
[Address] EAT @firefox.exe (GdipFillClosedCurve) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1CEEC)
[Address] EAT @firefox.exe (GdipFillClosedCurve2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1D13E)
[Address] EAT @firefox.exe (GdipFillClosedCurve2I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1D275)
[Address] EAT @firefox.exe (GdipFillClosedCurveI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1D025)
[Address] EAT @firefox.exe (GdipFillEllipse) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1CA23)
[Address] EAT @firefox.exe (GdipFillEllipseI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1CB4E)
[Address] EAT @firefox.exe (GdipFillPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1CD6F)
[Address] EAT @firefox.exe (GdipFillPie) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1CBB9)
[Address] EAT @firefox.exe (GdipFillPieI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1CCF6)
[Address] EAT @firefox.exe (GdipFillPolygon) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1C591)
[Address] EAT @firefox.exe (GdipFillPolygon2) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1C7DD)
[Address] EAT @firefox.exe (GdipFillPolygon2I) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1C90A)
[Address] EAT @firefox.exe (GdipFillPolygonI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1C6C1)
[Address] EAT @firefox.exe (GdipFillRectangle) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1C1B5)
[Address] EAT @firefox.exe (GdipFillRectangleI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1C2E0)
[Address] EAT @firefox.exe (GdipFillRectangles) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1C34B)
[Address] EAT @firefox.exe (GdipFillRectanglesI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1C478)
[Address] EAT @firefox.exe (GdipFillRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1D398)
[Address] EAT @firefox.exe (GdipFindFirstImageItem) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15ABA)
[Address] EAT @firefox.exe (GdipFindNextImageItem) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15B60)
[Address] EAT @firefox.exe (GdipFlattenPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C08C93)
[Address] EAT @firefox.exe (GdipFlush) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18645)
[Address] EAT @firefox.exe (GdipFree) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22546)
[Address] EAT @firefox.exe (GdipGetAdjustableArrowCapFillState) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13CA4)
[Address] EAT @firefox.exe (GdipGetAdjustableArrowCapHeight) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13897)
[Address] EAT @firefox.exe (GdipGetAdjustableArrowCapMiddleInset) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13B4D)
[Address] EAT @firefox.exe (GdipGetAdjustableArrowCapWidth) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C139F2)
[Address] EAT @firefox.exe (GdipGetAllPropertyItems) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14AB3)
[Address] EAT @firefox.exe (GdipGetBrushType) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D9F5)
[Address] EAT @firefox.exe (GdipGetCellAscent) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23456)
[Address] EAT @firefox.exe (GdipGetCellDescent) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C234F6)
[Address] EAT @firefox.exe (GdipGetClip) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C204CC)
[Address] EAT @firefox.exe (GdipGetClipBounds) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C205C4)
[Address] EAT @firefox.exe (GdipGetClipBoundsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20677)
[Address] EAT @firefox.exe (GdipGetCompositingMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C188EF)
[Address] EAT @firefox.exe (GdipGetCompositingQuality) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18A3F)
[Address] EAT @firefox.exe (GdipGetCustomLineCapBaseCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13485)
[Address] EAT @firefox.exe (GdipGetCustomLineCapBaseInset) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C135DC)
[Address] EAT @firefox.exe (GdipGetCustomLineCapStrokeCaps) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C131A9)
[Address] EAT @firefox.exe (GdipGetCustomLineCapStrokeJoin) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13325)
[Address] EAT @firefox.exe (GdipGetCustomLineCapType) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12FB2)
[Address] EAT @firefox.exe (GdipGetCustomLineCapWidthScale) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13733)
[Address] EAT @firefox.exe (GdipGetDC) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C230DD)
[Address] EAT @firefox.exe (GdipGetDpiX) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19BE3)
[Address] EAT @firefox.exe (GdipGetDpiY) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19C94)
[Address] EAT @firefox.exe (GdipGetEffectParameterSize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16FCE)
[Address] EAT @firefox.exe (GdipGetEffectParameters) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17033)
[Address] EAT @firefox.exe (GdipGetEmHeight) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C233B6)
[Address] EAT @firefox.exe (GdipGetEncoderParameterList) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14145)
[Address] EAT @firefox.exe (GdipGetEncoderParameterListSize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C140A4)
[Address] EAT @firefox.exe (GdipGetFamily) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24140)
[Address] EAT @firefox.exe (GdipGetFamilyName) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1DE91)
[Address] EAT @firefox.exe (GdipGetFontCollectionFamilyCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23B31)
[Address] EAT @firefox.exe (GdipGetFontCollectionFamilyList) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23BCD)
[Address] EAT @firefox.exe (GdipGetFontHeight) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22DFB)
[Address] EAT @firefox.exe (GdipGetFontHeightGivenDPI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22F03)
[Address] EAT @firefox.exe (GdipGetFontSize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22D5D)
[Address] EAT @firefox.exe (GdipGetFontStyle) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22ABB)
[Address] EAT @firefox.exe (GdipGetFontUnit) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2432A)
[Address] EAT @firefox.exe (GdipGetGenericFontFamilyMonospace) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22751)
[Address] EAT @firefox.exe (GdipGetGenericFontFamilySansSerif) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2265F)
[Address] EAT @firefox.exe (GdipGetGenericFontFamilySerif) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C226D8)
[Address] EAT @firefox.exe (GdipGetHatchBackgroundColor) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0DC14)
[Address] EAT @firefox.exe (GdipGetHatchForegroundColor) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0DB5E)
[Address] EAT @firefox.exe (GdipGetHatchStyle) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0DAA8)
[Address] EAT @firefox.exe (GdipGetHemfFromMetafile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C213A4)
[Address] EAT @firefox.exe (GdipGetImageAttributesAdjustedPalette) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18219)
[Address] EAT @firefox.exe (GdipGetImageBounds) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14F73)
[Address] EAT @firefox.exe (GdipGetImageDecoders) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C220EC)
[Address] EAT @firefox.exe (GdipGetImageDecodersSize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22063)
[Address] EAT @firefox.exe (GdipGetImageDimension) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15048)
[Address] EAT @firefox.exe (GdipGetImageEncoders) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22320)
[Address] EAT @firefox.exe (GdipGetImageEncodersSize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22297)
[Address] EAT @firefox.exe (GdipGetImageFlags) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15459)
[Address] EAT @firefox.exe (GdipGetImageGraphicsContext) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14E9C)
[Address] EAT @firefox.exe (GdipGetImageHeight) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C151DA)
[Address] EAT @firefox.exe (GdipGetImageHorizontalResolution) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C152AF)
[Address] EAT @firefox.exe (GdipGetImageItemData) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15C06)
[Address] EAT @firefox.exe (GdipGetImagePalette) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C156DC)
[Address] EAT @firefox.exe (GdipGetImagePaletteSize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15864)
[Address] EAT @firefox.exe (GdipGetImagePixelFormat) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15607)
[Address] EAT @firefox.exe (GdipGetImageRawFormat) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1552E)
[Address] EAT @firefox.exe (GdipGetImageThumbnail) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C159E3)
[Address] EAT @firefox.exe (GdipGetImageType) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15933)
[Address] EAT @firefox.exe (GdipGetImageVerticalResolution) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15384)
[Address] EAT @firefox.exe (GdipGetImageWidth) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15105)
[Address] EAT @firefox.exe (GdipGetInterpolationMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19195)
[Address] EAT @firefox.exe (GdipGetLineBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E767)
[Address] EAT @firefox.exe (GdipGetLineBlendCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E6B1)
[Address] EAT @firefox.exe (GdipGetLineColors) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E5F2)
[Address] EAT @firefox.exe (GdipGetLineGammaCorrection) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C057EC)
[Address] EAT @firefox.exe (GdipGetLinePresetBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E90F)
[Address] EAT @firefox.exe (GdipGetLinePresetBlendCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0FC74)
[Address] EAT @firefox.exe (GdipGetLineRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F8E3)
[Address] EAT @firefox.exe (GdipGetLineRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F998)
[Address] EAT @firefox.exe (GdipGetLineSpacing) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23596)
[Address] EAT @firefox.exe (GdipGetLineTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C101D0)
[Address] EAT @firefox.exe (GdipGetLineWrapMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1011D)
[Address] EAT @firefox.exe (GdipGetLogFontA) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22B59)
[Address] EAT @firefox.exe (GdipGetLogFontW) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22C5B)
[Address] EAT @firefox.exe (GdipGetMatrixElements) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B67E)
[Address] EAT @firefox.exe (GdipGetMetafileDownLevelRasterizationLimit) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21F4B)
[Address] EAT @firefox.exe (GdipGetMetafileHeaderFromEmf) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C211D9)
[Address] EAT @firefox.exe (GdipGetMetafileHeaderFromFile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2123C)
[Address] EAT @firefox.exe (GdipGetMetafileHeaderFromMetafile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21300)
[Address] EAT @firefox.exe (GdipGetMetafileHeaderFromStream) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2129D)
[Address] EAT @firefox.exe (GdipGetMetafileHeaderFromWmf) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2116F)
[Address] EAT @firefox.exe (GdipGetNearestColor) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1A01A)
[Address] EAT @firefox.exe (GdipGetPageScale) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19A8D)
[Address] EAT @firefox.exe (GdipGetPageUnit) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1991E)
[Address] EAT @firefox.exe (GdipGetPathData) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06CA4)
[Address] EAT @firefox.exe (GdipGetPathFillMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06B4A)
[Address] EAT @firefox.exe (GdipGetPathGradientBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0FBA0)
[Address] EAT @firefox.exe (GdipGetPathGradientBlendCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E6B1)
[Address] EAT @firefox.exe (GdipGetPathGradientCenterColor) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F067)
[Address] EAT @firefox.exe (GdipGetPathGradientCenterPoint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F500)
[Address] EAT @firefox.exe (GdipGetPathGradientCenterPointI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F5BA)
[Address] EAT @firefox.exe (GdipGetPathGradientFocusScales) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10744)
[Address] EAT @firefox.exe (GdipGetPathGradientGammaCorrection) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0FAED)
[Address] EAT @firefox.exe (GdipGetPathGradientPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F4BD)
[Address] EAT @firefox.exe (GdipGetPathGradientPointCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F776)
[Address] EAT @firefox.exe (GdipGetPathGradientPresetBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0FD2E)
[Address] EAT @firefox.exe (GdipGetPathGradientPresetBlendCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0FC74)
[Address] EAT @firefox.exe (GdipGetPathGradientRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F8E3)
[Address] EAT @firefox.exe (GdipGetPathGradientRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F998)
[Address] EAT @firefox.exe (GdipGetPathGradientSurroundColorCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F829)
[Address] EAT @firefox.exe (GdipGetPathGradientSurroundColorsWithCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F1D3)
[Address] EAT @firefox.exe (GdipGetPathGradientTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C101D0)
[Address] EAT @firefox.exe (GdipGetPathGradientWrapMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1011D)
[Address] EAT @firefox.exe (GdipGetPathLastPoint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0711A)
[Address] EAT @firefox.exe (GdipGetPathPoints) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C068FA)
[Address] EAT @firefox.exe (GdipGetPathPointsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06A06)
[Address] EAT @firefox.exe (GdipGetPathTypes) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C067F1)
[Address] EAT @firefox.exe (GdipGetPathWorldBounds) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C092AF)
[Address] EAT @firefox.exe (GdipGetPathWorldBoundsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0947B)
[Address] EAT @firefox.exe (GdipGetPenBrushFill) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12462)
[Address] EAT @firefox.exe (GdipGetPenColor) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12297)
[Address] EAT @firefox.exe (GdipGetPenCompoundArray) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12C11)
[Address] EAT @firefox.exe (GdipGetPenCompoundCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12AA7)
[Address] EAT @firefox.exe (GdipGetPenCustomEndCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11856)
[Address] EAT @firefox.exe (GdipGetPenCustomStartCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11697)
[Address] EAT @firefox.exe (GdipGetPenDashArray) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C129ED)
[Address] EAT @firefox.exe (GdipGetPenDashCap197819) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1138A)
[Address] EAT @firefox.exe (GdipGetPenDashCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12883)
[Address] EAT @firefox.exe (GdipGetPenDashOffset) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12735)
[Address] EAT @firefox.exe (GdipGetPenDashStyle) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C125E4)
[Address] EAT @firefox.exe (GdipGetPenEndCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C112DA)
[Address] EAT @firefox.exe (GdipGetPenFillType) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12527)
[Address] EAT @firefox.exe (GdipGetPenLineJoin) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C114DF)
[Address] EAT @firefox.exe (GdipGetPenMiterLimit) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C119B2)
[Address] EAT @firefox.exe (GdipGetPenMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11B05)
[Address] EAT @firefox.exe (GdipGetPenStartCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1122A)
[Address] EAT @firefox.exe (GdipGetPenTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11CBB)
[Address] EAT @firefox.exe (GdipGetPenUnit) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10EF0)
[Address] EAT @firefox.exe (GdipGetPenWidth) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10D81)
[Address] EAT @firefox.exe (GdipGetPixelOffsetMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18D3E)
[Address] EAT @firefox.exe (GdipGetPointCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0673E)
[Address] EAT @firefox.exe (GdipGetPropertyCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1479D)
[Address] EAT @firefox.exe (GdipGetPropertyIdList) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14838)
[Address] EAT @firefox.exe (GdipGetPropertyItem) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14974)
[Address] EAT @firefox.exe (GdipGetPropertyItemSize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C148D6)
[Address] EAT @firefox.exe (GdipGetPropertySize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14A15)
[Address] EAT @firefox.exe (GdipGetRegionBounds) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C754)
[Address] EAT @firefox.exe (GdipGetRegionBoundsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C876)
[Address] EAT @firefox.exe (GdipGetRegionData) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D062)
[Address] EAT @firefox.exe (GdipGetRegionDataSize) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0CF89)
[Address] EAT @firefox.exe (GdipGetRegionHRgn) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C9F1)
[Address] EAT @firefox.exe (GdipGetRegionScans) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D62C)
[Address] EAT @firefox.exe (GdipGetRegionScansCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D504)
[Address] EAT @firefox.exe (GdipGetRegionScansI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D755)
[Address] EAT @firefox.exe (GdipGetRenderingOrigin) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1877D)
[Address] EAT @firefox.exe (GdipGetSmoothingMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18BAF)
[Address] EAT @firefox.exe (GdipGetSolidFillColor) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0DF44)
[Address] EAT @firefox.exe (GdipGetStringFormatAlign) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C22ABB)
[Address] EAT @firefox.exe (GdipGetStringFormatDigitSubstitution) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C248AF)
[Address] EAT @firefox.exe (GdipGetStringFormatFlags) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24140)
[Address] EAT @firefox.exe (GdipGetStringFormatHotkeyPrefix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24469)
[Address] EAT @firefox.exe (GdipGetStringFormatLineAlign) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2432A)
[Address] EAT @firefox.exe (GdipGetStringFormatMeasurableCharacterRangeCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24704)
[Address] EAT @firefox.exe (GdipGetStringFormatTabStopCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C245B7)
[Address] EAT @firefox.exe (GdipGetStringFormatTabStops) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24659)
[Address] EAT @firefox.exe (GdipGetStringFormatTrimming) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C249DF)
[Address] EAT @firefox.exe (GdipGetTextContrast) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18F4F)
[Address] EAT @firefox.exe (GdipGetTextRenderingHint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19000)
[Address] EAT @firefox.exe (GdipGetTextureImage) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0DD6E)
[Address] EAT @firefox.exe (GdipGetTextureTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C101D0)
[Address] EAT @firefox.exe (GdipGetTextureWrapMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1011D)
[Address] EAT @firefox.exe (GdipGetVisibleClipBounds) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20837)
[Address] EAT @firefox.exe (GdipGetVisibleClipBoundsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C208EA)
[Address] EAT @firefox.exe (GdipGetWorldTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19782)
[Address] EAT @firefox.exe (GdipGraphicsClear) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1C10D)
[Address] EAT @firefox.exe (GdipGraphicsSetAbort) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17590)
[Address] EAT @firefox.exe (GdipImageForceValidation) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15CAC)
[Address] EAT @firefox.exe (GdipImageGetFrameCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C145B5)
[Address] EAT @firefox.exe (GdipImageGetFrameDimensionsCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14482)
[Address] EAT @firefox.exe (GdipImageGetFrameDimensionsList) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1451A)
[Address] EAT @firefox.exe (GdipImageRotateFlip) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14705)
[Address] EAT @firefox.exe (GdipImageSelectActiveFrame) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14650)
[Address] EAT @firefox.exe (GdipImageSetAbort) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C174EA)
[Address] EAT @firefox.exe (GdipInitializePalette) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1718C)
[Address] EAT @firefox.exe (GdipInvertMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B0F4)
[Address] EAT @firefox.exe (GdipIsClipEmpty) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20782)
[Address] EAT @firefox.exe (GdipIsEmptyRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0CB35)
[Address] EAT @firefox.exe (GdipIsEqualRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0CDC5)
[Address] EAT @firefox.exe (GdipIsInfiniteRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0CC7D)
[Address] EAT @firefox.exe (GdipIsMatrixEqual) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B899)
[Address] EAT @firefox.exe (GdipIsMatrixIdentity) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B7E6)
[Address] EAT @firefox.exe (GdipIsMatrixInvertible) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B731)
[Address] EAT @firefox.exe (GdipIsOutlineVisiblePathPoint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0982D)
[Address] EAT @firefox.exe (GdipIsOutlineVisiblePathPointI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C09A55)
[Address] EAT @firefox.exe (GdipIsStyleAvailable) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23317)
[Address] EAT @firefox.exe (GdipIsVisibleClipEmpty) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C209F5)
[Address] EAT @firefox.exe (GdipIsVisiblePathPoint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C09647)
[Address] EAT @firefox.exe (GdipIsVisiblePathPointI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C097CE)
[Address] EAT @firefox.exe (GdipIsVisiblePoint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20AAA)
[Address] EAT @firefox.exe (GdipIsVisiblePointI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20B6F)
[Address] EAT @firefox.exe (GdipIsVisibleRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20BCB)
[Address] EAT @firefox.exe (GdipIsVisibleRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20C9F)
[Address] EAT @firefox.exe (GdipIsVisibleRegionPoint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D155)
[Address] EAT @firefox.exe (GdipIsVisibleRegionPointI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D2C0)
[Address] EAT @firefox.exe (GdipIsVisibleRegionRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D31F)
[Address] EAT @firefox.exe (GdipIsVisibleRegionRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0D496)
[Address] EAT @firefox.exe (GdipLoadImageFromFile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13E2B)
[Address] EAT @firefox.exe (GdipLoadImageFromFileICM) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13FD1)
[Address] EAT @firefox.exe (GdipLoadImageFromStream) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13D58)
[Address] EAT @firefox.exe (GdipLoadImageFromStreamICM) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13EFE)
[Address] EAT @firefox.exe (GdipMeasureCharacterRanges) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1D896)
[Address] EAT @firefox.exe (GdipMeasureDriverString) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1DC8D)
[Address] EAT @firefox.exe (GdipMeasureString) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1D6FB)
[Address] EAT @firefox.exe (GdipMultiplyLineTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10485)
[Address] EAT @firefox.exe (GdipMultiplyMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0AC7D)
[Address] EAT @firefox.exe (GdipMultiplyPathGradientTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10485)
[Address] EAT @firefox.exe (GdipMultiplyPenTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11E61)
[Address] EAT @firefox.exe (GdipMultiplyTextureTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10485)
[Address] EAT @firefox.exe (GdipMultiplyWorldTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C193D4)
[Address] EAT @firefox.exe (GdipNewInstalledFontCollection) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23936)
[Address] EAT @firefox.exe (GdipNewPrivateFontCollection) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C239B9)
[Address] EAT @firefox.exe (GdipPathIterCopyData) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A586)
[Address] EAT @firefox.exe (GdipPathIterEnumerate) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A481)
[Address] EAT @firefox.exe (GdipPathIterGetCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A0EA)
[Address] EAT @firefox.exe (GdipPathIterGetSubpathCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A1A7)
[Address] EAT @firefox.exe (GdipPathIterHasCurve) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A321)
[Address] EAT @firefox.exe (GdipPathIterIsValid) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A264)
[Address] EAT @firefox.exe (GdipPathIterNextMarker) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C09F2B)
[Address] EAT @firefox.exe (GdipPathIterNextMarkerPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A02A)
[Address] EAT @firefox.exe (GdipPathIterNextPathType) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C09E0D)
[Address] EAT @firefox.exe (GdipPathIterNextSubpath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C09C0A)
[Address] EAT @firefox.exe (GdipPathIterNextSubpathPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C09D28)
[Address] EAT @firefox.exe (GdipPathIterRewind) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0A3D2)
[Address] EAT @firefox.exe (GdipPlayMetafileRecord) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1FC76)
[Address] EAT @firefox.exe (GdipPlayTSClientRecord) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C251D7)
[Address] EAT @firefox.exe (GdipPrivateAddFontFile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23C82)
[Address] EAT @firefox.exe (GdipPrivateAddMemoryFont) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23D20)
[Address] EAT @firefox.exe (GdipRecordMetafile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21898)
[Address] EAT @firefox.exe (GdipRecordMetafileFileName) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21A6D)
[Address] EAT @firefox.exe (GdipRecordMetafileFileNameI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21BA5)
[Address] EAT @firefox.exe (GdipRecordMetafileI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C219B7)
[Address] EAT @firefox.exe (GdipRecordMetafileStream) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21C5E)
[Address] EAT @firefox.exe (GdipRecordMetafileStreamI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21D96)
[Address] EAT @firefox.exe (GdipReleaseDC) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C231A4)
[Address] EAT @firefox.exe (GdipRemovePropertyItem) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14B54)
[Address] EAT @firefox.exe (GdipResetClip) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20328)
[Address] EAT @firefox.exe (GdipResetImageAttributes) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C179D5)
[Address] EAT @firefox.exe (GdipResetLineTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C103E2)
[Address] EAT @firefox.exe (GdipResetPageTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19878)
[Address] EAT @firefox.exe (GdipResetPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0669B)
[Address] EAT @firefox.exe (GdipResetPathGradientTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C103E2)
[Address] EAT @firefox.exe (GdipResetPenTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11DC1)
[Address] EAT @firefox.exe (GdipResetTextureTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C103E2)
[Address] EAT @firefox.exe (GdipResetWorldTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19336)
[Address] EAT @firefox.exe (GdipRestoreGraphics) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20DBF)
[Address] EAT @firefox.exe (GdipReversePath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C07077)
[Address] EAT @firefox.exe (GdipRotateLineTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10677)
[Address] EAT @firefox.exe (GdipRotateMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0AF5C)
[Address] EAT @firefox.exe (GdipRotatePathGradientTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10677)
[Address] EAT @firefox.exe (GdipRotatePenTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12123)
[Address] EAT @firefox.exe (GdipRotateTextureTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10677)
[Address] EAT @firefox.exe (GdipRotateWorldTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C196BA)
[Address] EAT @firefox.exe (GdipSaveAdd) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1433D)
[Address] EAT @firefox.exe (GdipSaveAddImage) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C143DB)
[Address] EAT @firefox.exe (GdipSaveGraphics) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20D0A)
[Address] EAT @firefox.exe (GdipSaveImageToFile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14293)
[Address] EAT @firefox.exe (GdipSaveImageToStream) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C141E9)
[Address] EAT @firefox.exe (GdipScaleLineTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1059E)
[Address] EAT @firefox.exe (GdipScaleMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0AE8A)
[Address] EAT @firefox.exe (GdipScalePathGradientTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1059E)
[Address] EAT @firefox.exe (GdipScalePenTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1204D)
[Address] EAT @firefox.exe (GdipScaleTextureTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1059E)
[Address] EAT @firefox.exe (GdipScaleWorldTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C195E6)
[Address] EAT @firefox.exe (GdipSetAdjustableArrowCapFillState) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13C01)
[Address] EAT @firefox.exe (GdipSetAdjustableArrowCapHeight) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C137F0)
[Address] EAT @firefox.exe (GdipSetAdjustableArrowCapMiddleInset) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13AA6)
[Address] EAT @firefox.exe (GdipSetAdjustableArrowCapWidth) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1394B)
[Address] EAT @firefox.exe (GdipSetClipGraphics) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1FD64)
[Address] EAT @firefox.exe (GdipSetClipHrgn) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2023B)
[Address] EAT @firefox.exe (GdipSetClipPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1FFDA)
[Address] EAT @firefox.exe (GdipSetClipRect) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1FE90)
[Address] EAT @firefox.exe (GdipSetClipRectI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1FF6F)
[Address] EAT @firefox.exe (GdipSetClipRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2010D)
[Address] EAT @firefox.exe (GdipSetCompositingMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18850)
[Address] EAT @firefox.exe (GdipSetCompositingQuality) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C189A0)
[Address] EAT @firefox.exe (GdipSetCustomLineCapBaseCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C133E2)
[Address] EAT @firefox.exe (GdipSetCustomLineCapBaseInset) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13542)
[Address] EAT @firefox.exe (GdipSetCustomLineCapStrokeCaps) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13103)
[Address] EAT @firefox.exe (GdipSetCustomLineCapStrokeJoin) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1328B)
[Address] EAT @firefox.exe (GdipSetCustomLineCapWidthScale) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C13699)
[Address] EAT @firefox.exe (GdipSetEffectParameters) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C16F65)
[Address] EAT @firefox.exe (GdipSetEmpty) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C11E)
[Address] EAT @firefox.exe (GdipSetImageAttributesCachedBackground) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C180CD)
[Address] EAT @firefox.exe (GdipSetImageAttributesColorKeys) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17DA9)
[Address] EAT @firefox.exe (GdipSetImageAttributesColorMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17A92)
[Address] EAT @firefox.exe (GdipSetImageAttributesGamma) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17C22)
[Address] EAT @firefox.exe (GdipSetImageAttributesNoOp) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17CE9)
[Address] EAT @firefox.exe (GdipSetImageAttributesOutputChannel) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17E81)
[Address] EAT @firefox.exe (GdipSetImageAttributesOutputChannelColorProfile) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17F44)
[Address] EAT @firefox.exe (GdipSetImageAttributesRemapTable) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18007)
[Address] EAT @firefox.exe (GdipSetImageAttributesThreshold) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17B5B)
[Address] EAT @firefox.exe (GdipSetImageAttributesToIdentity) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C17918)
[Address] EAT @firefox.exe (GdipSetImageAttributesWrapMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18170)
[Address] EAT @firefox.exe (GdipSetImagePalette) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C15796)
[Address] EAT @firefox.exe (GdipSetInfinite) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C080)
[Address] EAT @firefox.exe (GdipSetInterpolationMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C190B1)
[Address] EAT @firefox.exe (GdipSetLineBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E83B)
[Address] EAT @firefox.exe (GdipSetLineColors) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E53D)
[Address] EAT @firefox.exe (GdipSetLineGammaCorrection) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C05793)
[Address] EAT @firefox.exe (GdipSetLineLinearBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0EE2A)
[Address] EAT @firefox.exe (GdipSetLinePresetBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0EB24)
[Address] EAT @firefox.exe (GdipSetLineSigmaBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0ED78)
[Address] EAT @firefox.exe (GdipSetLineTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C102D9)
[Address] EAT @firefox.exe (GdipSetLineWrapMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0EEDC)
[Address] EAT @firefox.exe (GdipSetMatrixElements) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0ABB9)
[Address] EAT @firefox.exe (GdipSetMetafileDownLevelRasterizationLimit) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C21E4F)
[Address] EAT @firefox.exe (GdipSetPageScale) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19B3E)
[Address] EAT @firefox.exe (GdipSetPageUnit) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C199CF)
[Address] EAT @firefox.exe (GdipSetPathFillMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06C00)
[Address] EAT @firefox.exe (GdipSetPathGradientBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0E83B)
[Address] EAT @firefox.exe (GdipSetPathGradientCenterColor) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F12F)
[Address] EAT @firefox.exe (GdipSetPathGradientCenterPoint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F64E)
[Address] EAT @firefox.exe (GdipSetPathGradientCenterPointI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F708)
[Address] EAT @firefox.exe (GdipSetPathGradientFocusScales) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10829)
[Address] EAT @firefox.exe (GdipSetPathGradientGammaCorrection) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0FA50)
[Address] EAT @firefox.exe (GdipSetPathGradientLinearBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0EE2A)
[Address] EAT @firefox.exe (GdipSetPathGradientPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F4BD)
[Address] EAT @firefox.exe (GdipSetPathGradientPresetBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0FEDA)
[Address] EAT @firefox.exe (GdipSetPathGradientSigmaBlend) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0ED78)
[Address] EAT @firefox.exe (GdipSetPathGradientSurroundColorsWithCount) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0F301)
[Address] EAT @firefox.exe (GdipSetPathGradientTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C102D9)
[Address] EAT @firefox.exe (GdipSetPathGradientWrapMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0DCCA)
[Address] EAT @firefox.exe (GdipSetPathMarker) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06F31)
[Address] EAT @firefox.exe (GdipSetPenBrushFill) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12357)
[Address] EAT @firefox.exe (GdipSetPenColor) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C121ED)
[Address] EAT @firefox.exe (GdipSetPenCompoundArray) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12B57)
[Address] EAT @firefox.exe (GdipSetPenCustomEndCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1174E)
[Address] EAT @firefox.exe (GdipSetPenCustomStartCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1158F)
[Address] EAT @firefox.exe (GdipSetPenDashArray) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12933)
[Address] EAT @firefox.exe (GdipSetPenDashCap197819) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11189)
[Address] EAT @firefox.exe (GdipSetPenDashOffset) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C127E5)
[Address] EAT @firefox.exe (GdipSetPenDashStyle) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C12694)
[Address] EAT @firefox.exe (GdipSetPenEndCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C110E8)
[Address] EAT @firefox.exe (GdipSetPenLineCap197819) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10FA0)
[Address] EAT @firefox.exe (GdipSetPenLineJoin) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11441)
[Address] EAT @firefox.exe (GdipSetPenMiterLimit) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C1190D)
[Address] EAT @firefox.exe (GdipSetPenMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11A62)
[Address] EAT @firefox.exe (GdipSetPenStartCap) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11047)
[Address] EAT @firefox.exe (GdipSetPenTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11BB5)
[Address] EAT @firefox.exe (GdipSetPenUnit) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10E31)
[Address] EAT @firefox.exe (GdipSetPenWidth) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C10CE3)
[Address] EAT @firefox.exe (GdipSetPixelOffsetMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18C85)
[Address] EAT @firefox.exe (GdipSetPropertyItem) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C14BEF)
[Address] EAT @firefox.exe (GdipSetRenderingOrigin) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C186DB)
[Address] EAT @firefox.exe (GdipSetSmoothingMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18AF0)
[Address] EAT @firefox.exe (GdipSetSolidFillColor) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0DEA1)
[Address] EAT @firefox.exe (GdipSetStringFormatAlign) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C241DE)
[Address] EAT @firefox.exe (GdipSetStringFormatDigitSubstitution) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2481E)
[Address] EAT @firefox.exe (GdipSetStringFormatFlags) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C240B4)
[Address] EAT @firefox.exe (GdipSetStringFormatHotkeyPrefix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C243C8)
[Address] EAT @firefox.exe (GdipSetStringFormatLineAlign) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24284)
[Address] EAT @firefox.exe (GdipSetStringFormatMeasurableCharacterRanges) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24786)
[Address] EAT @firefox.exe (GdipSetStringFormatTabStops) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C2450B)
[Address] EAT @firefox.exe (GdipSetStringFormatTrimming) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24940)
[Address] EAT @firefox.exe (GdipSetTextContrast) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18EAE)
[Address] EAT @firefox.exe (GdipSetTextRenderingHint) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C18DEF)
[Address] EAT @firefox.exe (GdipSetTextureTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C102D9)
[Address] EAT @firefox.exe (GdipSetTextureWrapMode) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0DCCA)
[Address] EAT @firefox.exe (GdipSetWorldTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19232)
[Address] EAT @firefox.exe (GdipShearMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B022)
[Address] EAT @firefox.exe (GdipStartPathFigure) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06D4A)
[Address] EAT @firefox.exe (GdipStringFormatGetGenericDefault) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23E91)
[Address] EAT @firefox.exe (GdipStringFormatGetGenericTypographic) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C23F14)
[Address] EAT @firefox.exe (GdipTestControl) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C24E42)
[Address] EAT @firefox.exe (GdipTransformMatrixPoints) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B192)
[Address] EAT @firefox.exe (GdipTransformMatrixPointsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B24B)
[Address] EAT @firefox.exe (GdipTransformPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C091A8)
[Address] EAT @firefox.exe (GdipTransformPoints) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19D45)
[Address] EAT @firefox.exe (GdipTransformPointsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19E06)
[Address] EAT @firefox.exe (GdipTransformRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C64E)
[Address] EAT @firefox.exe (GdipTranslateClip) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C203C6)
[Address] EAT @firefox.exe (GdipTranslateClipI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C20473)
[Address] EAT @firefox.exe (GdipTranslateLineTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0EF8E)
[Address] EAT @firefox.exe (GdipTranslateMatrix) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0ADB8)
[Address] EAT @firefox.exe (GdipTranslatePathGradientTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0EF8E)
[Address] EAT @firefox.exe (GdipTranslatePenTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C11F77)
[Address] EAT @firefox.exe (GdipTranslateRegion) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C56E)
[Address] EAT @firefox.exe (GdipTranslateRegionI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0C5F5)
[Address] EAT @firefox.exe (GdipTranslateTextureTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0EF8E)
[Address] EAT @firefox.exe (GdipTranslateWorldTransform) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C19512)
[Address] EAT @firefox.exe (GdipVectorTransformMatrixPoints) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B3C1)
[Address] EAT @firefox.exe (GdipVectorTransformMatrixPointsI) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0B47A)
[Address] EAT @firefox.exe (GdipWarpPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C09048)
[Address] EAT @firefox.exe (GdipWidenPath) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C08EC5)
[Address] EAT @firefox.exe (GdipWindingModeOutline) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C08DAB)
[Address] EAT @firefox.exe (GdiplusNotificationHook) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06189)
[Address] EAT @firefox.exe (GdiplusNotificationUnhook) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C06205)
[Address] EAT @firefox.exe (GdiplusShutdown) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C056EC)
[Address] EAT @firefox.exe (GdiplusStartup) : MSIMG32.dll -> HOOKED (C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x74C0562E)
[Address] EAT @firefox.exe (BeginBufferedAnimation) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2DF38)
[Address] EAT @firefox.exe (BeginBufferedPaint) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2B741)
[Address] EAT @firefox.exe (BeginPanningFeedback) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B476AF)
[Address] EAT @firefox.exe (BufferedPaintClear) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2BBDB)
[Address] EAT @firefox.exe (BufferedPaintInit) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2B8D4)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2DE83)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4CE19)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2E428)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B37525)
[Address] EAT @firefox.exe (CloseThemeData) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B21FA1)
[Address] EAT @firefox.exe (DrawThemeBackground) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2D464)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B3436D)
[Address] EAT @firefox.exe (DrawThemeEdge) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4C01C)
[Address] EAT @firefox.exe (DrawThemeIcon) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4D123)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2E776)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2E5C5)
[Address] EAT @firefox.exe (DrawThemeText) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2DB21)
[Address] EAT @firefox.exe (DrawThemeTextEx) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2A70C)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B3786D)
[Address] EAT @firefox.exe (EnableTheming) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4C9FF)
[Address] EAT @firefox.exe (EndBufferedAnimation) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2ACE8)
[Address] EAT @firefox.exe (EndBufferedPaint) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2ACE8)
[Address] EAT @firefox.exe (EndPanningFeedback) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4762C)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2CF26)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4CDCF)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4CD86)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4C893)
[Address] EAT @firefox.exe (GetCurrentThemeName) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B363AE)
[Address] EAT @firefox.exe (GetThemeAppProperties) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2EBD6)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2DA9E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B37155)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B30190)
[Address] EAT @firefox.exe (GetThemeBitmap) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B24B9C)
[Address] EAT @firefox.exe (GetThemeBool) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B26651)
[Address] EAT @firefox.exe (GetThemeColor) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B227C0)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4C346)
[Address] EAT @firefox.exe (GetThemeEnumValue) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B227C0)
[Address] EAT @firefox.exe (GetThemeFilename) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4B997)
[Address] EAT @firefox.exe (GetThemeFont) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B376A2)
[Address] EAT @firefox.exe (GetThemeInt) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B227C0)
[Address] EAT @firefox.exe (GetThemeIntList) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4B86E)
[Address] EAT @firefox.exe (GetThemeMargins) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B22F97)
[Address] EAT @firefox.exe (GetThemeMetric) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B355B4)
[Address] EAT @firefox.exe (GetThemePartSize) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2289F)
[Address] EAT @firefox.exe (GetThemePosition) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4B80D)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B30923)
[Address] EAT @firefox.exe (GetThemeRect) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4B936)
[Address] EAT @firefox.exe (GetThemeStream) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4B8CF)
[Address] EAT @firefox.exe (GetThemeString) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4B7A1)
[Address] EAT @firefox.exe (GetThemeSysBool) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4CB86)
[Address] EAT @firefox.exe (GetThemeSysColor) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B35530)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4CA32)
[Address] EAT @firefox.exe (GetThemeSysFont) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4C3D8)
[Address] EAT @firefox.exe (GetThemeSysInt) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4C5E7)
[Address] EAT @firefox.exe (GetThemeSysSize) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4CC61)
[Address] EAT @firefox.exe (GetThemeSysString) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4C553)
[Address] EAT @firefox.exe (GetThemeTextExtent) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B289FE)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B3778C)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2E1A1)
[Address] EAT @firefox.exe (GetWindowTheme) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B3535B)
[Address] EAT @firefox.exe (HitTestThemeBackground) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B32DC1)
[Address] EAT @firefox.exe (IsAppThemed) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B37009)
[Address] EAT @firefox.exe (IsCompositionActive) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B265DF)
[Address] EAT @firefox.exe (IsThemeActive) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B36F36)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B2281C)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4CB3F)
[Address] EAT @firefox.exe (IsThemePartDefined) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B230CF)
[Address] EAT @firefox.exe (OpenThemeData) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B25F29)
[Address] EAT @firefox.exe (OpenThemeDataEx) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B306FE)
[Address] EAT @firefox.exe (SetThemeAppProperties) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B4CCEC)
[Address] EAT @firefox.exe (SetWindowTheme) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B37AFC)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B29E39)
[Address] EAT @firefox.exe (ThemeInitApiHook) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B24571)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : oleacc.dll -> HOOKED (C:\windows\system32\UxTheme.dll @ 0x74B475ED)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] f42f3ea09089f7bb98e34bf8a40ac79b
[BSP] bef1996a9ff3396afb991378af277e85 : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 183296 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 375597056 | Size: 273127 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 934961152 | Size: 20416 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05012014_102349.txt >>
RKreport[0]_S_05012014_101904.txt;RKreport[0]_S_05012014_102101.txt


 


  • 0

Advertisements

#2
Machiavelli
Posted 01 May 2014 - 09:46 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello and Welcome on board liscat :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Hiya,
I like to see an OTL Log and let's have a look at a ASWMBR Log.

Step 1: OTL Custom Scan

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
 

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt
    Step 2: ASWMBR

    Please download aswMBR from one of the links below and save it to your Desktop.

    Download Mirror #1

    • Right-click on aswMBR.exe and select Run as Administrator.
    • Click Yes when asked to download the Avast! definitions.
    • Click Scan to initiate the scan.
    • When the scan finishes, click Save Log and save this to your Desktop.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 0

#3
liscat
Posted 01 May 2014 - 01:40 PM

liscat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi Machiavelli

 

Thank you for your reply. Here are the logs you requested.

 

OTL

 

OTL logfile created on: 01/05/2014 19:50:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
5.92 Gb Total Physical Memory | 3.08 Gb Available Physical Memory | 51.98% Memory free
11.83 Gb Paging File | 7.87 Gb Available in Paging File | 66.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 73.57 Gb Free Space | 41.10% Space Free | Partition Type: NTFS
Drive D: | 266.72 Gb Total Space | 256.39 Gb Free Space | 96.12% Space Free | Partition Type: NTFS
 
Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/01 19:48:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.com
PRC - [2014/05/01 10:42:03 | 001,225,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
PRC - [2014/05/01 10:42:03 | 000,679,464 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
PRC - [2014/05/01 08:09:27 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe
PRC - [2014/04/24 01:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/18 19:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/29 11:29:33 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/21 02:40:50 | 002,691,480 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/03/20 11:24:00 | 005,288,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/03/18 23:18:30 | 000,419,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/02/19 07:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2013/12/21 07:04:50 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/27 17:19:36 | 000,310,208 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE
PRC - [2013/08/27 17:19:36 | 000,207,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE
PRC - [2013/02/21 16:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012/11/26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe
PRC - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/18 11:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/09/27 23:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/14 23:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
PRC - [2011/09/06 08:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 08:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/19 04:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/08/17 08:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/29 23:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/06/24 09:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/06/05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/05/05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/12 10:34:48 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\T-Mobile Internet Manager\AssistantServices.exe
PRC - [2009/06/12 10:34:10 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/01 11:40:52 | 000,041,984 | ---- | M] () -- c:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphpomcp.dll
MOD - [2014/05/01 07:52:21 | 000,593,464 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
MOD - [2014/04/24 01:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/24 01:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 01:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/24 01:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/24 01:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 01:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/03/29 11:29:33 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/20 11:24:00 | 005,288,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/03/18 23:22:06 | 032,733,088 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2014/03/18 23:22:06 | 000,742,816 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libGLESv2.dll
MOD - [2014/03/18 23:22:06 | 000,136,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libEGL.dll
MOD - [2014/01/03 04:42:50 | 003,610,624 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/27 17:19:50 | 000,093,120 | ---- | M] () -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\FSGUI\strres.eng
MOD - [2013/08/27 17:19:46 | 000,056,256 | ---- | M] () -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\FSGUI\fsavures.eng
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/02/16 16:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/12 10:34:10 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe
MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/17 18:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/16 01:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/26 09:52:08 | 000,152,640 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE -- (EPSON_PM_RPCV4_06)
SRV:64bit: - [2012/08/23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/08/23 17:04:00 | 000,629,040 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/08/23 17:03:14 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2014/05/01 08:09:27 | 000,060,352 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2014/04/29 12:08:19 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/29 11:29:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/27 17:19:36 | 000,207,808 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2013/02/21 16:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
SRV - [2013/01/21 19:36:47 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe -- (fshoster)
SRV - [2012/05/03 11:27:58 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/09/14 23:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32)
SRV - [2011/06/05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/05/05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/12 10:34:48 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\T-Mobile Internet Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/01 10:46:22 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2014/03/17 18:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 18:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/07/25 17:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/02/12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/30 12:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 15:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/11 13:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 16:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/09/15 09:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/29 16:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/23 06:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/07/29 23:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/17 04:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/06/05 00:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/19 01:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/22 11:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/07 17:47:16 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/05/07 17:47:16 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/05/07 17:47:16 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/05/07 17:47:16 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2014/05/01 10:43:17 | 000,203,304 | ---- | M] (F-Secure Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2014/05/01 10:42:05 | 000,069,480 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2014/05/01 08:12:53 | 000,041,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2013/08/27 17:19:32 | 000,013,248 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2013/04/25 12:52:40 | 000,080,832 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys -- (fsni)
DRV - [2012/04/13 00:32:12 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes,DefaultScope = {9DA05571-9AF2-4CD7-B60A-C01CBF81DBC6}
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{77C7D53D-AA3D-4AEB-AE1D-45108C8A553D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{7D7817CC-4960-4340-9FD8-5541C41CA988}: "URL" = https://www.google.c...q={searchTerms}
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{9DA05571-9AF2-4CD7-B60A-C01CBF81DBC6}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{C7B00B56-7E90-4875-B78D-E4908F4411AA}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-53c562c888894ea7\\NPRobloxProxy.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha294\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha883\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2232\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/04/20 20:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 11:29:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/24 19:26:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
[2012/10/24 18:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\extensions
[2013/03/30 11:44:56 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/03/30 11:44:56 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2014/05/01 09:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\extensions
[2012/10/24 14:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2014/05/01 15:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions
[2013/10/22 19:35:16 | 000,000,000 | ---D | M] (British English Dictionary (Updated)) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\[email protected]
[2014/04/10 09:13:18 | 000,034,670 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\[email protected]
[2013/06/20 21:59:48 | 000,207,024 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\[email protected]
[2014/01/06 22:07:44 | 000,443,916 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{12B72A0D-0B85-456E-9DD9-203529B36DF0}.xpi
[2013/05/15 21:18:07 | 000,004,590 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{421e87b4-d3d2-49c8-b08f-b83f4dc88444}.xpi
[2013/06/23 18:16:48 | 000,151,038 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2014/05/01 15:04:25 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/29 11:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 11:29:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dictanote - Speech Recognizer = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk\8_0\
CHR - Extension: Google Drive = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.6.70_0\
CHR - Extension: Pandoraâ„¢ Voice Recognition = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\egdjohngfdcoknddingdjfnfijdncino\0.2_0\
CHR - Extension: Speech Recognition for Text Inputs = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\heennmclhgoopfpeahknkiammigjllce\1.1.0_0\
CHR - Extension: Voice Recognition = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn\2.0_0\
CHR - Extension: Google Wallet = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/05/01 10:10:19 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [F-Secure Hoster (44515)] C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TwinitySetup] C:\Users\Lisa\Downloads\TwinitySetup.exe File not found
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [POEngine5]  File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [RaysHarvester] C:\Program Files (x86)\Utherverse Digital Inc\Utherverse VWW Client QA\harvester\RaysHarvester.exe File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll File not found
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: adobe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: course-source.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: epautotest.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: learndirect.co.uk ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: learndirect.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: learndirect-business.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: mindleaders.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: thirdforce.com ([]* in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{252DE15D-7575-4F20-8511-57A2D303115C}: DhcpNameServer = 172.30.139.17 172.31.139.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C8ED0D3-D844-40C5-BA2D-E1F12CAA973F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B4CE63-D559-4D59-9BC4-E6D287327B5F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7b86701a-1ce6-11e2-8c11-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{7b86701a-1ce6-11e2-8c11-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b867025-1ce6-11e2-8c11-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{7b867025-1ce6-11e2-8c11-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b867055-1ce6-11e2-8c11-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{7b867055-1ce6-11e2-8c11-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db4123ae-30bc-11e2-8e59-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{db4123ae-30bc-11e2-8e59-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db4123bb-30bc-11e2-8e59-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{db4123bb-30bc-11e2-8e59-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/01 19:51:13 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2014/05/01 19:48:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.com
[2014/05/01 10:09:13 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\CrashDumps
[2014/05/01 09:45:30 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/05/01 09:45:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/01 07:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Safe Boost
[2014/05/01 07:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TalkTalk
[2014/05/01 07:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2014/04/30 22:53:20 | 000,522,360 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfefirek.sys
[2014/04/30 22:53:20 | 000,180,272 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeapfk.sys
[2014/04/30 22:53:20 | 000,070,592 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\cfwids.sys
[2014/04/30 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Logo animation JD designs templates
[2014/04/30 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Adobe
[2014/04/30 16:01:57 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\uniquefx_sparkle_reveal
[2014/04/30 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Logo animations After effects
[2014/04/30 15:48:20 | 000,000,000 | ---D | C] -- C:\adobeTemp
[2014/04/29 21:50:45 | 000,000,000 | ---D | C] -- C:\tmp
[2014/04/29 18:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2014/04/29 18:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2014/04/29 17:30:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\3dsMax
[2014/04/29 16:47:28 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\New folder (9)
[2014/04/29 12:57:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/04/29 12:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/29 12:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/04/29 12:08:12 | 017,931,952 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2014/04/27 23:00:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Skype
[2014/04/27 11:38:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Invoices
[2014/04/26 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Ian PPH
[2014/04/23 15:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoScribe
[2014/04/23 15:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sparkol
[2014/04/23 15:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\com.sparkol.VideoScribeDesktop
[2014/04/23 14:27:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\McAfee
[2014/04/23 14:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/04/23 14:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/04/21 21:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/04/21 21:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photoshop CS6
[2014/04/21 18:50:07 | 002,808,712 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Lisa\Desktop\CreativeCloudSet-Up.exe
[2014/04/21 18:27:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\New folder (8)
[2014/04/21 18:27:18 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\New folder (7)
[2014/04/21 18:25:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\ADOBE_CC_KEYGEN_WIN_MACOSX-XFORCE
[2014/04/19 10:20:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\logo templates
[2014/04/18 08:30:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Wood Engraved Logo Mock-Up
[2014/04/09 13:30:31 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2014/04/09 13:30:31 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2014/04/09 13:30:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iologmsg.dll
[2014/04/09 13:30:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iologmsg.dll
[2014/04/09 13:30:24 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/04/09 13:30:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2014/04/09 13:30:24 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2014/04/09 13:30:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2014/04/09 13:30:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2014/04/09 13:30:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2014/04/09 13:30:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2014/04/09 13:30:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2014/04/09 13:30:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2014/04/09 13:30:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2014/04/08 19:12:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\x-formation
[2014/04/08 19:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Muvizu
[2014/04/08 18:59:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Muvizu Play
[2014/04/08 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Muvizu Play
[2014/04/05 14:57:32 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\inkscape
[2014/04/04 11:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2014/04/02 22:39:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\HandHistory
[2014/04/02 22:39:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\AuxClient
[2014/04/02 06:39:58 | 000,061,120 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\wStLibG64.sys
[2 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/01 19:52:00 | 000,000,911 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {4210B272-BDC6-451E-8E00-419490997D13}.job
[2014/05/01 19:52:00 | 000,000,725 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {4210B272-BDC6-451E-8E00-419490997D13}.job
[2014/05/01 19:51:19 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2014/05/01 19:51:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/01 19:48:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.com
[2014/05/01 19:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 11:49:42 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 11:49:42 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 11:38:48 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2014/05/01 11:38:45 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/01 11:38:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/01 11:38:22 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/01 10:46:22 | 000,056,016 | ---- | M] () -- C:\windows\SysNative\drivers\fsbts.sys
[2014/05/01 10:38:41 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/05/01 10:10:19 | 000,000,741 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/05/01 08:12:53 | 000,041,024 | ---- | M] () -- C:\windows\SysWow64\drivers\fsbts.sys
[2014/05/01 08:11:15 | 000,019,653 | ---- | M] () -- C:\windows\prodsett_copy.ini
[2014/04/30 22:38:46 | 000,001,047 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/30 22:38:27 | 000,001,013 | ---- | M] () -- C:\Users\Lisa\Desktop\Dropbox.lnk
[2014/04/30 22:33:44 | 005,186,152 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/04/30 16:37:02 | 000,354,666 | ---- | M] () -- C:\Users\Lisa\Desktop\140430134111_09.png
[2014/04/30 16:37:01 | 000,000,132 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/04/30 16:34:45 | 000,300,950 | ---- | M] () -- C:\Users\Lisa\Desktop\140430134111_09.jpg
[2014/04/30 07:24:21 | 000,014,539 | ---- | M] () -- C:\Users\Lisa\Desktop\living-room-1019053-m.jpg
[2014/04/29 12:57:17 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/29 12:08:19 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/04/29 12:08:19 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/29 12:08:12 | 017,931,952 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2014/04/28 16:15:59 | 067,885,490 | ---- | M] () -- C:\Users\Lisa\Desktop\Stephanie PPH.mov
[2014/04/28 16:10:12 | 002,122,943 | ---- | M] () -- C:\Users\Lisa\Desktop\alaughaamileandakiss.mp3
[2014/04/27 08:31:37 | 000,084,392 | ---- | M] () -- C:\Users\Lisa\Desktop\cartoon wth legs.png
[2014/04/26 21:30:09 | 000,158,204 | ---- | M] () -- C:\Users\Lisa\Desktop\gigatagz logo.png
[2014/04/26 15:32:37 | 000,167,407 | ---- | M] () -- C:\Users\Lisa\Desktop\a-newspaper-articl.jpg
[2014/04/24 14:00:09 | 000,413,739 | ---- | M] () -- C:\Users\Lisa\Desktop\Lotus-2.png
[2014/04/23 21:41:31 | 000,012,797 | ---- | M] () -- C:\Users\Lisa\Desktop\12708195561883855498masjid-silhouette.svg.hi.png
[2014/04/23 21:21:08 | 000,003,297 | ---- | M] () -- C:\Users\Lisa\AppData\Local\recently-used.xbel
[2014/04/23 20:38:30 | 000,025,325 | ---- | M] () -- C:\Users\Lisa\Desktop\cute-baby-22.svg
[2014/04/23 15:12:14 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\VideoScribe Desktop.lnk
[2014/04/23 13:20:40 | 000,078,800 | ---- | M] () -- C:\windows\SysNative\drivers\b5298fd4f8a6695.sys
[2014/04/22 12:40:41 | 000,000,132 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Adobe AIFF Format CS6 Prefs
[2014/04/21 21:50:55 | 000,000,208 | -H-- | M] () -- C:\B8781944CC8A
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\F1F091392447
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\D5529463E6F1
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\BC012D09253B
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\4F25AC132B75
[2014/04/21 21:47:20 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Photoshop CS6.lnk
[2014/04/21 21:47:19 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Photoshop CS6 x64.lnk
[2014/04/21 18:54:48 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2014/04/21 18:50:07 | 002,808,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Lisa\Desktop\CreativeCloudSet-Up.exe
[2014/04/20 17:40:28 | 000,000,132 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/04/14 17:29:04 | 042,378,341 | ---- | M] () -- C:\Users\Lisa\Desktop\Andy PPH.zip
[2014/04/09 14:05:29 | 000,670,038 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/09 14:05:29 | 000,127,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/09 14:05:28 | 000,786,622 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/04 11:38:08 | 000,000,995 | ---- | M] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/04/04 11:38:08 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2014/04/02 06:39:58 | 000,061,120 | ---- | M] (StdLib) -- C:\windows\SysNative\drivers\wStLibG64.sys
[2 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/01 10:46:22 | 000,056,016 | ---- | C] () -- C:\windows\SysNative\drivers\fsbts.sys
[2014/05/01 08:12:53 | 000,041,024 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys
[2014/05/01 08:11:15 | 000,019,653 | ---- | C] () -- C:\windows\prodsett_copy.ini
[2014/04/30 16:37:00 | 000,354,666 | ---- | C] () -- C:\Users\Lisa\Desktop\140430134111_09.png
[2014/04/30 15:52:07 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC.lnk
[2014/04/30 15:48:43 | 000,300,950 | ---- | C] () -- C:\Users\Lisa\Desktop\140430134111_09.jpg
[2014/04/30 07:24:21 | 000,014,539 | ---- | C] () -- C:\Users\Lisa\Desktop\living-room-1019053-m.jpg
[2014/04/29 12:57:17 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/28 16:21:05 | 067,885,490 | ---- | C] () -- C:\Users\Lisa\Desktop\Stephanie PPH.mov
[2014/04/28 16:10:16 | 002,122,943 | ---- | C] () -- C:\Users\Lisa\Desktop\alaughaamileandakiss.mp3
[2014/04/27 08:31:34 | 000,084,392 | ---- | C] () -- C:\Users\Lisa\Desktop\cartoon wth legs.png
[2014/04/26 21:30:09 | 000,158,204 | ---- | C] () -- C:\Users\Lisa\Desktop\gigatagz logo.png
[2014/04/26 15:32:36 | 000,167,407 | ---- | C] () -- C:\Users\Lisa\Desktop\a-newspaper-articl.jpg
[2014/04/24 14:00:07 | 000,413,739 | ---- | C] () -- C:\Users\Lisa\Desktop\Lotus-2.png
[2014/04/23 21:41:30 | 000,012,797 | ---- | C] () -- C:\Users\Lisa\Desktop\12708195561883855498masjid-silhouette.svg.hi.png
[2014/04/23 21:21:08 | 000,003,297 | ---- | C] () -- C:\Users\Lisa\AppData\Local\recently-used.xbel
[2014/04/23 20:36:49 | 000,025,325 | ---- | C] () -- C:\Users\Lisa\Desktop\cute-baby-22.svg
[2014/04/23 15:12:14 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\VideoScribe Desktop.lnk
[2014/04/23 13:20:40 | 000,078,800 | ---- | C] () -- C:\windows\SysNative\drivers\b5298fd4f8a6695.sys
[2014/04/22 12:40:41 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe AIFF Format CS6 Prefs
[2014/04/21 21:50:55 | 000,000,208 | -H-- | C] () -- C:\B8781944CC8A
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\F1F091392447
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\D5529463E6F1
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\BC012D09253B
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\4F25AC132B75
[2014/04/21 21:47:20 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Photoshop CS6.lnk
[2014/04/21 21:47:19 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Photoshop CS6 x64.lnk
[2014/04/21 19:24:49 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
[2014/04/21 19:22:56 | 000,001,164 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
[2014/04/21 18:54:48 | 000,001,273 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[2014/04/21 18:54:48 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2014/04/14 17:29:20 | 042,378,341 | ---- | C] () -- C:\Users\Lisa\Desktop\Andy PPH.zip
[2014/04/07 12:46:22 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC.lnk
[2014/04/04 11:38:37 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2014/04/04 11:38:08 | 000,000,995 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/04/04 11:38:08 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2014/03/11 13:28:23 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2014/02/27 12:00:53 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/02/13 20:57:21 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/01/29 22:12:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/22 15:00:20 | 000,214,512 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2014/01/01 23:28:58 | 000,005,052 | ---- | C] () -- C:\ProgramData\flwjycbm.bab
[2014/01/01 23:20:06 | 000,005,002 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2013/11/06 22:26:52 | 000,012,800 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/19 16:40:30 | 000,007,599 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg
[2013/06/06 17:38:42 | 000,000,044 | ---- | C] () -- C:\windows\vzones.ini
[2013/05/05 19:50:12 | 000,000,423 | ---- | C] () -- C:\windows\wininit.ini
[2013/01/21 18:39:50 | 000,770,932 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/30 13:37:37 | 000,017,408 | ---- | C] () -- C:\Users\Lisa\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2013/06/06 16:09:38 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/29 19:00:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\.Temp_Updater_Directory
[2013/01/21 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Autodesk
[2012/12/17 21:44:39 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Awesomium
[2012/12/21 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Blender Foundation
[2014/01/19 12:33:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\bwincom
[2014/01/19 12:33:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\cef-cache
[2012/10/24 19:14:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/09/01 20:03:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\deluge
[2014/05/01 11:42:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Dropbox
[2014/03/14 08:16:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DropboxMaster
[2013/06/06 18:09:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Firestorm
[2014/04/05 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\inkscape
[2014/02/12 23:08:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IrfanView
[2014/02/12 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\KompoZer
[2012/12/28 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum
[2013/11/19 23:03:55 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Open Download Manager
[2012/10/26 16:11:46 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
[2013/09/02 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Origin
[2014/03/18 15:03:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OutWit
[2014/01/20 19:09:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PacificPoker
[2013/02/21 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Party
[2014/02/10 19:08:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PDAppFlex
[2013/04/09 17:44:13 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\player
[2013/05/02 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlayFirst
[2013/01/06 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SecondLife
[2014/03/10 11:25:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SolidDocuments
[2012/10/23 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\T-Mobile
[2013/11/20 13:46:32 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\T-Mobile Internet Manager
[2013/02/12 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Temp
[2013/09/19 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Utherverse
[2014/04/30 22:32:03 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\uTorrent
[2014/03/12 10:01:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\VideoScribeDesktop
[2013/04/27 20:17:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WildTangent
[2014/02/17 16:22:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinZip
[2013/02/21 17:34:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WPT
[2013/10/18 12:09:38 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Xilisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 06:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: MPSVC.DLL  >
[2013/05/27 06:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll
[2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll
[2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\windows\SysNative\qmgr.dll
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
 
< MD5 for: SERVICES  >
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 21:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 07:05:04 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.JSM  >
[2014/03/16 08:48:13 | 000,003,727 | ---- | M] () MD5=E748A66CB296B3B5448F98029AD18821 -- C:\Program Files (x86)\OutWit\OutWit Hub\modules\Services.jsm
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.RDB  >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 09:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011/03/01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011/03/01 09:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is CCAA-DBC7
 Directory of C:\
14/07/2009  06:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  06:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  06:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  06:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  06:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  06:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  06:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  06:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  06:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa
30/06/2012  13:29    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Roaming]
30/06/2012  13:29    <JUNCTION>     Cookies [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies]
30/06/2012  13:29    <JUNCTION>     Local Settings [C:\Users\Lisa\AppData\Local]
30/06/2012  13:29    <JUNCTION>     My Documents [C:\Users\Lisa\Documents]
30/06/2012  13:29    <JUNCTION>     NetHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/06/2012  13:29    <JUNCTION>     PrintHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/06/2012  13:29    <JUNCTION>     Recent [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Recent]
30/06/2012  13:29    <JUNCTION>     SendTo [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\SendTo]
30/06/2012  13:29    <JUNCTION>     Start Menu [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu]
30/06/2012  13:29    <JUNCTION>     Templates [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\AppData\Local
30/06/2012  13:29    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Local]
30/06/2012  13:29    <JUNCTION>     History [C:\Users\Lisa\AppData\Local\Microsoft\Windows\History]
30/06/2012  13:29    <JUNCTION>     Temporary Internet Files [C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\Documents
30/06/2012  13:29    <JUNCTION>     My Music [C:\Users\Lisa\Music]
30/06/2012  13:29    <JUNCTION>     My Pictures [C:\Users\Lisa\Pictures]
30/06/2012  13:29    <JUNCTION>     My Videos [C:\Users\Lisa\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser
29/02/2012  07:35    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Roaming]
29/02/2012  07:35    <JUNCTION>     Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
29/02/2012  07:35    <JUNCTION>     Local Settings [C:\Users\UpdatusUser\AppData\Local]
29/02/2012  07:35    <JUNCTION>     My Documents [C:\Users\UpdatusUser\Documents]
29/02/2012  07:35    <JUNCTION>     NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/02/2012  07:35    <JUNCTION>     PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/02/2012  07:35    <JUNCTION>     Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
29/02/2012  07:35    <JUNCTION>     SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
29/02/2012  07:35    <JUNCTION>     Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
29/02/2012  07:35    <JUNCTION>     Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\AppData\Local
29/02/2012  07:35    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Local]
29/02/2012  07:35    <JUNCTION>     History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
29/02/2012  07:35    <JUNCTION>     Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\Documents
29/02/2012  07:35    <JUNCTION>     My Music [C:\Users\UpdatusUser\Music]
29/02/2012  07:35    <JUNCTION>     My Pictures [C:\Users\UpdatusUser\Pictures]
29/02/2012  07:35    <JUNCTION>     My Videos [C:\Users\UpdatusUser\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              66 Dir(s)  79,055,671,296 bytes free
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A1EDB939

< End of report >

 

aswMBR

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-01 20:12:25
-----------------------------
20:12:25.214    OS Version: Windows x64 6.1.7601 Service Pack 1
20:12:25.214    Number of processors: 4 586 0x2A07
20:12:25.215    ComputerName: LISA-PC  UserName: Lisa
20:12:35.839    Initialize success
20:14:20.459    AVAST engine defs: 14042901
20:14:44.625    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:14:44.627    Disk 0 Vendor: ST950032 0004 Size: 476940MB BusType: 3
20:14:44.756    Disk 0 MBR read successfully
20:14:44.758    Disk 0 MBR scan
20:14:44.789    Disk 0 unknown MBR code
20:14:44.800    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:14:44.817    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       183296 MB offset 206848
20:14:44.829    Disk 0 Partition - 00     0F Extended LBA            273127 MB offset 375597056
20:14:44.860    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        20416 MB offset 934961152
20:14:44.921    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       273126 MB offset 375599104
20:14:45.113    Disk 0 scanning C:\windows\system32\drivers
20:15:04.686    Service scanning
20:15:44.557    Modules scanning
20:15:44.891    Disk 0 trace - called modules:
20:15:45.009    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:15:45.013    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008180060]
20:15:45.017    3 CLASSPNP.SYS[fffff88001bc443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006304050]
20:15:46.789    AVAST engine scan C:\windows
20:15:51.798    AVAST engine scan C:\windows\system32
20:21:48.650    AVAST engine scan C:\windows\system32\drivers
20:22:09.925    AVAST engine scan C:\Users\Lisa
20:35:52.007    Disk 0 MBR has been saved successfully to "C:\Users\Lisa\Desktop\MBR.dat"
20:35:52.013    The log file has been saved successfully to "C:\Users\Lisa\Desktop\aswMBR.txt"

 


  • 0

#4
Machiavelli
Posted 01 May 2014 - 01:43 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey liscat, :)

You forgot to post the Extras Log. It should be located on your Desktop (C:\Users\Lisa\Desktop)

If there is no Extras Log please follow the steps below:
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Click the none Button
  • Change the following options:
    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, Extras.txt will open
  • Copy (Ctrl+C) and Paste (Ctrl+V) the content of Extras.txt into your next post please.

  • 0

#5
liscat
Posted 01 May 2014 - 01:54 PM

liscat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Here it is :)

 

OTL Extras logfile created on: 01/05/2014 20:50:26 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
5.92 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 44.02% Memory free
11.83 Gb Paging File | 7.62 Gb Available in Paging File | 64.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 73.28 Gb Free Space | 40.94% Space Free | Partition Type: NTFS
Drive D: | 266.72 Gb Total Space | 256.39 Gb Free Space | 96.12% Space Free | Partition Type: NTFS
 
Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033F7245-4C8F-4F31-B0E8-6D093BEAE8AC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0435181A-03B0-4913-8C18-A035FC4E9FC3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{045571A8-E745-4543-8D47-48F03225AB90}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0A11EA58-B6AF-4652-AC54-0A4F9EF573DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{0C7CC665-66E6-4567-A368-1EF8F1A00EAA}" = lport=6124 | protocol=17 | dir=in | name=udp 6124 |
"{107329E9-A191-4BEB-AA9E-5319BFE53F52}" = lport=9595 | protocol=6 | dir=in | name=tcp 9595 |
"{11BD9328-CFC5-4581-A695-7181E2B165C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{132C7E15-BB54-40EC-B99B-CDB6B0829C51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{142DD43D-83B8-415A-97FD-897B52B12B51}" = lport=2869 | protocol=6 | dir=in | app=system |
"{14DA817D-93F5-448E-9BAB-2D7825E15BF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2028CDF5-6F99-4DC9-A2E8-A19E8F30D440}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{21064741-9892-4003-A089-F10BFD5B7741}" = lport=137 | protocol=17 | dir=in | app=system |
"{33B65420-5CB9-4733-8B1E-AFB9564E16DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{346AFB57-BEF1-4D35-BCA1-E9622907DA98}" = lport=6624 | protocol=6 | dir=in | name=tcp 6624 |
"{3917B393-0ED0-40F5-9A72-BB33C1C4BE9E}" = lport=9595 | protocol=6 | dir=in | name=tcp 9595 |
"{41E02453-2E3C-454B-854C-6DDDD8D0AC89}" = lport=6624 | protocol=6 | dir=in | name=tcp 6624 |
"{4587167C-1365-4980-9624-DFE6E6EB78C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45A86C48-8BC2-4BDE-A1F0-676B25A8C17C}" = lport=4614 | protocol=17 | dir=in | name=udp 4614 |
"{46A174AC-60A7-470C-84E2-1A51B7D08502}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5325A3E4-6BC5-47ED-823C-35EACF18E06E}" = lport=4614 | protocol=17 | dir=in | name=udp 4614 |
"{579A6A89-E053-49F9-8D72-4B2451D0DDEF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F040652-51D2-4C32-90A0-7C2D086FB33A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6211FDD3-00B8-45AA-B567-CA57B5490B14}" = lport=6124 | protocol=17 | dir=in | name=udp 6124 |
"{62E12541-8EA0-4B7D-8C85-11308BD17A35}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A9CF8E9-92C3-4270-8898-A53846943F32}" = rport=139 | protocol=6 | dir=out | app=system |
"{7021760B-FA54-4F88-A0E0-CFFB4CCA471D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E10C31A-2206-421C-8493-3A3EA261B981}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90F17CCE-0FBB-4620-8AED-2139EA958503}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{956075EB-8CE5-46D9-A3EF-EDB3F3A9E236}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C34CFDD-0B2E-46D6-BD04-8E194AC27ACC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D5F0C22-840F-4909-AF55-53AB2A10B635}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{9F6B2A7B-725F-4C28-A54D-1009701C1AB9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AF2C1E06-9E20-4570-82C2-179D74B3EA44}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B3C4E114-B09F-43F5-BDBB-02623AD21EC2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B8140A5A-BED6-4948-BDCD-264F57F3478A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BBD9870E-21B9-4233-A49D-D7BD1A8FB734}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CE6A1EF1-94D2-4604-8F7C-D822E9B5FDC1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CE9DCD88-2673-4C93-AEFE-9175306F9505}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D97AEF25-DC27-4FF6-B72B-F67E325487B4}" = rport=137 | protocol=17 | dir=out | app=system |
"{DBB732B0-3E82-4497-AD21-AF1E3611F952}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD7F4B1F-6DFA-4B5A-BA24-7F5733CCDC8B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E04F1CA9-D465-478B-A09C-06348A627183}" = lport=445 | protocol=6 | dir=in | app=system |
"{E39950E4-C041-416B-B697-65364C8A20CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F12C5CEF-13B4-461F-B2D0-087EC33C60B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1784CF3-35EF-44C9-AF74-426E6B31AC40}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{F97DA8A4-5C78-4109-B977-63223C058D61}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA063081-D339-44E9-A269-DA4A45B1C79D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FDF79530-56A0-41C8-BAAE-A8126034B702}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF0BDC4A-10EA-444A-B88D-F2F9A58B8E26}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02131160-B932-48EF-A9AB-06C0D0951C3B}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32server.exe |
"{04561193-DD26-40C7-AF01-A22AC9866B95}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{04BB5CF5-DBC6-4F82-AB66-40A44653DF9A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{0AA7206E-55DD-42A6-B9CD-AFA96CC56B8B}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{0AEA2BFE-B262-4E4A-80E1-2EDC347AD38D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{0D2081AC-EEB3-4826-8D54-D34F291FB823}" = protocol=6 | dir=out | app=system |
"{120C66B5-44B6-4089-A7E4-BDDE61241227}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{1351014C-BE8A-492C-BB25-02AF33FF01C5}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{1443492D-4F16-4C8E-B4DA-B38EAFA6BBD9}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{168841F9-14E6-4A8E-BD49-94B069C929C1}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32.exe |
"{1A5A9D37-34F2-4AF5-97FB-CDAF87824B00}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{1AF254C9-9E12-4054-9FA5-3E6640894528}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{1DF7C505-6A33-4198-B303-CE07BCC3149A}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\3dsmax.exe |
"{1E75E629-D8D6-4F8C-8811-FB0701708AD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{202A9CA2-EB3A-40FF-9CCE-BD7E9610123A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{21C03EEF-FE9F-4CC5-8D35-B1CAF9822EC8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{2F51F468-33CE-4CCD-B9A3-B9D29402ED50}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe photoshop cc (64 bit)\photoshop.exe |
"{303D6CB9-A516-4437-873C-B93159DFF18E}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32.exe |
"{30D8FFA1-E181-4968-96F2-D6B6A48EEBC1}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{353B7DDD-6B3C-4AB9-827D-852BC5472173}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe photoshop cc (64 bit)\photoshop.exe |
"{38BF5B52-6C46-46C0-94ED-4F933862558E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A500F2F-7B6A-421E-88FF-8115AA4F09DE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3ECAE41E-70E8-489F-9511-7829A5D4F740}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{4869B49F-C9B3-46B9-BDAC-29BA5EC6D687}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{4A3E864A-3069-4F11-A6B0-EC36D2074D87}" = protocol=1 | dir=in | [email protected],-28543 |
"{4B083361-F9E0-4911-8F76-D27EBA4EEA4A}" = protocol=6 | dir=in | app=c:\program files (x86)\holdem indicator\holdemindicator.exe |
"{4E23A0D4-F596-49CA-9404-51E815E53B48}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32server.exe |
"{50E7FD39-EB8B-4463-AD06-853B7A6550BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{51AF15D8-72EE-46B0-BE6A-FF51AE735CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{58824B78-C153-4F71-9A8B-2C4E2561AFE5}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe photoshop cc\photoshop.exe |
"{5CF4CD37-8835-41CD-8D3E-DCE40051AB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\holdem indicator\holdemindicator.exe |
"{60B348A9-E04B-4DED-BA0B-0302CABD920A}" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe |
"{617FEC8E-CF6B-46E6-AF16-1B3086E94876}" = protocol=58 | dir=in | [email protected],-28545 |
"{6249BF20-2404-4741-A5E4-E633D7F8C07B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{62916FC8-778C-40CA-B093-C892DDFCEFF6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{647183D2-D179-4127-AAD7-60BBFDAF4F43}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{6473A9C2-D90E-4945-BC90-892CBE0ED90E}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{657E1F2E-499B-46BB-97E6-66D4E8462F12}" = dir=in | app=c:\users\lisa\appdata\local\microsoft\skydrive\skydrive.exe |
"{662383A2-2340-41A5-A504-1F7745651AF7}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2013\3dsmax.exe |
"{69A72F44-F35A-4EDE-AEC6-24B489F2B46E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A4AFAD9-4798-4FCF-9754-B0BE186048DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C1798B9-C5A7-4EA5-BB49-42873F240E67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{74291A32-5369-4C43-BA28-B9D8FA8652F0}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
"{76F7772F-1176-497B-A3FB-0AD86458653B}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{79FE8923-DE10-423F-B950-BBCDBDA662DA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7B6B7B18-0CD8-409E-BFFD-4FA48913FC7D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{873AE895-21AD-41D6-B3DB-B38D541FF083}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{8C22A4C3-1BBE-4803-801D-812516AF6F5D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{8F03BB64-FE00-443D-8C63-361D636DF040}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9140D095-C52A-410B-B113-102C4B279794}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93AE13D9-C753-458F-87E9-8116565DEC74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{983281D1-CE04-4965-8F9B-320873815A0B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{A12A5148-112C-4963-8703-BFBA5003B9C7}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{A212747D-A704-470E-B2CB-640C01894D08}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{A49C11E0-8987-4EFA-A1D6-7BDF3CD8AAFB}" = protocol=17 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe |
"{A4B1A1CA-F891-4D44-BB23-00F805C6B9E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4B93C44-B6EB-4754-9D76-E3FA17077DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe |
"{A4CDFA3C-8439-423B-97B8-CF939D954BEA}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{A53CF541-9F6B-41D3-9601-F32751C2C3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A682C865-A5F4-4E26-970E-36FC5026FA67}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A844F519-CEEF-493C-BA54-590B8D02CE24}" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe |
"{AB299490-92CF-4DF4-A03A-EE94DBF48BBA}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{AEB2EDE7-974D-4065-AF72-12A4AFDAD5F3}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B3B82651-2594-4FEC-8296-94C9D6FF180E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B8A1A853-0E25-497F-BD83-74158DB44D3B}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{BA040DA4-C066-4D3D-B231-F8BFE056BB07}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA67E475-C94B-4840-8134-08085931E030}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFC7A90F-C251-4D68-AAC3-1E5E2BFEC47D}" = protocol=58 | dir=out | [email protected],-28546 |
"{C732C1D6-8048-4597-9881-06891AC98D73}" = protocol=1 | dir=out | [email protected],-28544 |
"{CF0C6832-F4A6-4CFC-840D-744DA0177D7A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CFBADBE4-DE54-4D4A-99D7-84CFC78FCC8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{D0F57CD0-EB9B-4F60-B28D-CE8D8F1E7A62}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{D58A4CA4-2124-4A30-B43C-2486BAF1393E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D8F71ED9-AD04-42CD-90B3-F1F89A4BDACF}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{DC9E474E-6C8B-4DD0-8CD4-C417F1B0B5A9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{E1AFE6F1-7635-4AA0-9337-77E438303991}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E388BA87-6060-4D1E-80B3-D9FEC3C56CE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E82ADE83-C4B1-493B-BEE4-9FDA3875F9F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EAF4839F-4002-4AB1-9FEA-FE1F50399BC9}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe photoshop cc\photoshop.exe |
"{F3409B6E-C977-42B9-BA90-CEB56538E455}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3C40F48-68C2-41B7-A0AB-00C967B1F679}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{6AFEEE32-95E2-44FC-9A7F-FFFE30747296}C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F062A618-4C6F-440A-B144-F16A29232907}C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{539A70A8-95EC-474A-BDDF-92AB7A53762C}" = S Agent
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}" = WinZip 18.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi Software
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"Blender" = Blender
"Elantech" = ETDWare PS/2-X64 10.0.7.2_WHQL
"EPSON XP-312 313 315 Series" = EPSON XP-312 313 315 Series Printer Uninstall
"McAfee Security Scan" = McAfee Security Scan Plus
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{19522497-1DF2-40E8-AB3A-F1E133173060}" = Online Safety 2.71.927.655
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{23D3F585-AE29-4670-8E3E-64A0EFB29240}" = Adobe Acrobat XI Pro
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FFABB79-E4B1-430A-AAE8-ACA886F3A34A}" = F-Secure Network CCF 1.02.126
"{317243C1-6580-4F43-AED7-37D4438C3DD5}" = Adobe After Effects CC
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}" = Adobe Premiere Pro CC
"{5061ACBA-7A0A-42FE-93FF-403B2099D200}" = Autodesk Essential Skills Movies for 3ds Max 2013 32-bit
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6531175A-067C-42EA-B3BC-8FFDBB470377}" = SW Update
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.71.105.0 (release)
"{696BB53C-28E6-1632-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 32-bit
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79130390-599A-0409-93EB-B6A759E2ABB0}" = Autodesk 3ds Max 2013 32-bit
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7B44A0FF-7F4F-4553-BD98-282640E6BEC7}" = Super Safe Boost
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92203FA0-7C43-429F-857C-0AE197D8199C}" = Composite 2013
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Internet Manager
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}" = Adobe Flash Professional CC
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD9555FF-C3B6-4654-BE94-C4E3EDD731D2}" = Cisco WebEx Meeting Center for Internet Explorer
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DFB8132A-6EFC-40F1-B054-E77FDBA2735E}" = Sparkol VideoScribe
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E36439A3-5F71-45B7-B515-7C79AF6A64B8}" = F-Secure CCF Scanning 1.23.124.8831 (release)
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}" = SISShortcut
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Autodesk 3ds Max 2013 32-bit" = Autodesk 3ds Max 2013 32-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max 2013" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013
"Betfred Poker" = Betfred Poker
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"F-Secure ServiceEnabler 44515" = Super Safe Boost
"Google Chrome" = Google Chrome
"Inkscape" = Inkscape 0.48.4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IrfanView" = IrfanView (remove only)
"KNOWHOW™ APP CENTRE 22447" = KNOWHOW™ APP CENTRE
"Kobo" = Kobo
"McAfee Virtual Technician" = McAfee Virtual Technician
"MediaPlayerV1alpha883" = Media Player
"MediaViewV1alpha2232" = Media View
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Muvizu" = Muvizu:Play
"Origin" = Origin
"OutWit Hub 4.0.6.15 (x86 en-US)" = OutWit Hub 4.0.6.15 (x86 en-US)
"Poker 770" = Poker 770
"Pokeroid_is1" = Pokeroid v1.1.0.95
"PokerStars" = PokerStars
"PrintProjects" = PrintProjects
"Red Light Center 3D Client" = Red Light Center 3D Client
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Sparkol VideoScribe 1.3.26" = Sparkol VideoScribe
"The Logo Creator v6" = The Logo Creator v6 6.0
"Titan Poker" = Titan Poker
"Utherverse 3D Client" = Utherverse 3D Client
"Utherverse QA 3D Client" = Utherverse QA 3D Client
"WildTangent wildgames Master Uninstall" = WildTangent Games
"William Hill Poker" = William Hill Poker
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
"WTA-26490c13-f8fc-4129-b6a8-81ee8a6d5944" = Diner Dash - Flo Through Time
"WTA-5fef2f51-74a2-465b-af83-79974086dd3e" = Chocolatier
"WTA-657ebb4f-0b98-4711-92dc-5390f3846d34" = Cake Mania
"WTA-703ada14-c278-47ec-92b1-7ef808af9ec7" = Diner Dash
"WTA-93fbcdc1-304b-40a8-8304-234dc75ca05c" = Cake Mania 3
"WTA-a74efcea-0d9f-4aa4-8784-80e4d9d3e863" = Cake Mania Main Street
"WTA-d1fc1587-4a2a-4d5f-9327-264d99448f1f" = Diner Dash - Flo on the Go
"WTA-eee3efa8-0dbc-4903-810b-cae4652dea17" = Delicious - Emily's Wonder Wedding Premium Edition
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"OneDriveSetup.exe" = Microsoft OneDrive
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28/09/2013 05:41:56 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 28/09/2013 05:41:56 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 28/09/2013 05:41:57 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 28/09/2013 05:41:57 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 28/09/2013 05:41:57 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 28/09/2013 06:46:30 | Computer Name = Lisa-PC | Source = Microsoft Office 15 | ID = 2011
Description = Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId:
 {E456C122-51FD-436F-A847-FD9396888A93}
 
Error - 28/09/2013 07:33:35 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 28/09/2013 07:33:35 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 28/09/2013 07:33:35 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 28/09/2013 07:33:36 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 28/09/2013 07:33:36 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description =
 
[ Media Center Events ]
Error - 30/12/2013 14:41:54 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 18:41:54 - Error connecting to the internet.  18:41:54 -     Unable
to contact server..  
 
Error - 30/12/2013 14:42:05 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 18:41:59 - Error connecting to the internet.  18:41:59 -     Unable
to contact server..  
 
Error - 03/01/2014 15:20:13 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 19:20:13 - Error connecting to the internet.  19:20:13 -     Unable
to contact server..  
 
Error - 05/01/2014 14:16:53 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 18:16:53 - Error connecting to the internet.  18:16:53 -     Unable
to contact server..  
 
Error - 06/01/2014 13:38:39 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 17:38:39 - Error connecting to the internet.  17:38:39 -     Unable
to contact server..  
 
Error - 06/01/2014 13:39:07 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 17:38:47 - Error connecting to the internet.  17:38:47 -     Unable
to contact server..  
 
Error - 09/01/2014 15:19:55 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 19:19:55 - Error connecting to the internet.  19:19:55 -     Unable
to contact server..  
 
Error - 09/01/2014 15:20:07 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 19:20:00 - Error connecting to the internet.  19:20:00 -     Unable
to contact server..  
 
Error - 10/01/2014 15:52:44 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 19:52:44 - Error connecting to the internet.  19:52:44 -     Unable
to contact server..  
 
Error - 10/01/2014 15:52:51 | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 19:52:49 - Error connecting to the internet.  19:52:49 -     Unable
to contact server..  
 
[ System Events ]
Error - 01/05/2014 05:43:20 | Computer Name = Lisa-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error - 01/05/2014 06:17:22 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee AP Service service failed to start due to the following
 error:   %%2
 
Error - 01/05/2014 06:18:12 | Computer Name = Lisa-PC | Source = DCOM | ID = 10016
Description =
 
Error - 01/05/2014 06:20:51 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error - 01/05/2014 06:23:07 | Computer Name = Lisa-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =
 
Error - 01/05/2014 06:25:36 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7022
Description = The NVIDIA Update Service Daemon service hung on starting.
 
Error - 01/05/2014 06:28:32 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
Error - 01/05/2014 06:30:34 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7022
Description = The Intel® Management and Security Application User Notification
 Service service hung on starting.
 
Error - 01/05/2014 06:38:54 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee AP Service service failed to start due to the following
 error:   %%2
 
Error - 01/05/2014 06:39:42 | Computer Name = Lisa-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
 


  • 0

#6
Machiavelli
Posted 01 May 2014 - 02:29 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hiya,
 

C:\AdwCleaner

Did you run Adwarecleaner? Can you please post the log? The log can be found in here: C:\AdwCleaner\

Can you tell me what is in that folder: C:\tmp

Also, do you know these folders:
 
C:\B8781944CC8A
C:\F1F091392447
C:\D5529463E6F1
C:\BC012D09253B
C:\4F25AC132B75
 

Step 1: Illegal Software Warning

In your log(s) I see some things which are related to illegal Sofware. We do not support illegal Software. With the fix below we will remove the illegal software. If you opt not to remove I will have to withdraw my free assistance per this forums terms of use.

Following file(s) is/are illegal:
  • C:\Users\Lisa\Desktop\ADOBE_CC_KEYGEN_WIN_MACOSX-XFORCE
Step 2: P2P Warning
 

IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Step 3: Sidebar Advice

In your logs I see that Windows SideBar is running! At the moment Windows SideBar has a security vulnerability and so I recommend you to disable it for a while. More information is here so far I noticed.

To disable Windows SideBar please follow the instructions below:
  • Download the FixIt from here to your Desktop
  • Double click on MicrosoftFixit50906.msi and follow the prompts to disable Windows SideBar and gadgets. Once finished, reboot your computer if not advised to do so.
Step 4: Uninstalls
  • Click on the Start Start%20Orb.jpg button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:
    • Yahoo! Toolbar
  • Once you have done this, reboot your computer
Step 5: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{C7B00B56-7E90-4875-B78D-E4908F4411AA}: "URL" = http://search.condui...&ctid=CT3220468
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha883\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2232\ff
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [TwinitySetup] C:\Users\Lisa\Downloads\TwinitySetup.exe File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [POEngine5]  File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [RaysHarvester] C:\Program Files (x86)\Utherverse Digital Inc\Utherverse VWW Client QA\harvester\RaysHarvester.exe File not found
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk =  File not found
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll File not found
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: adobe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: course-source.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: epautotest.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: learndirect.co.uk ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: learndirect.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: learndirect-business.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: mindleaders.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..Trusted Domains: thirdforce.com ([]* in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{7b86701a-1ce6-11e2-8c11-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{7b86701a-1ce6-11e2-8c11-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b867025-1ce6-11e2-8c11-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{7b867025-1ce6-11e2-8c11-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b867055-1ce6-11e2-8c11-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{7b867055-1ce6-11e2-8c11-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db4123ae-30bc-11e2-8e59-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{db4123ae-30bc-11e2-8e59-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db4123bb-30bc-11e2-8e59-b803058097e1}\Shell - "" = AutoRun
O33 - MountPoints2\{db4123bb-30bc-11e2-8e59-b803058097e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2014/04/21 18:25:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\ADOBE_CC_KEYGEN_WIN_MACOSX-XFORCE
[2014/04/02 06:39:58 | 000,061,120 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\wStLibG64.sys
[2014/01/01 23:28:58 | 000,005,052 | ---- | C] () -- C:\ProgramData\flwjycbm.bab
[2014/01/01 23:20:06 | 000,005,002 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A1EDB939

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.
Step 6: Adwarecleaner Fix

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

Step 7: JRT Scan

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 8: OTL Custom Scan

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
  • You will see a console like the one below:

    OTL_Main_Tutorial.gif
  • Click the box beside Scan All Users at the top of the console
  • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
  • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop.
  • Please copy the contents of the file and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

  • 0

#7
liscat
Posted 01 May 2014 - 04:32 PM

liscat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi, Heres all the info you wanted. :) thx

**I ran adwCleaner this morning before I found this forum. Here is the log

# AdwCleaner v3.205 - Report created 01/05/2014 at 09:45:03
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lisa - LISA-PC
# Running from : C:\Users\Lisa\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : wStLibG64

***** [ Files / Folders ] *****

File Found : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\user.js
File Found : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\Extensions\[email protected]
File Found : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\searchplugins\conduit-search.xml
File Found : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\searchplugins\iminent.xml
File Found : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\user.js
File Found : C:\windows\System32\Tasks\GoforFilesUpdate
File Found : C:\windows\System32\Tasks\LaunchApp
Folder Found : C:\Program Files (x86)\BetterSurf
Folder Found : C:\Program Files (x86)\Better-Surf
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\IminentToolbar
Folder Found : C:\Program Files (x86)\MediaPlayerV1
Folder Found : C:\Program Files (x86)\MediaViewV1
Folder Found : C:\Program Files (x86)\MediaWatchV1
Folder Found : C:\Program Files (x86)\TornTV.com
Folder Found : C:\Program Files (x86)\tuguu sl
Folder Found : C:\Program Files (x86)\uTorrentControl_v2
Folder Found : C:\Program Files (x86)\VideoPlayerV3
Folder Found : C:\Program Files (x86)\WebexpEnhancedV1
Folder Found : C:\Program Files\DomaIQ Uninstaller
Folder Found : C:\Users\Lisa\AppData\Local\Conduit
Folder Found : C:\Users\Lisa\AppData\Local\cool_mirage
Folder Found : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Found : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found : C:\Users\Lisa\AppData\Local\SwvUpdater
Folder Found : C:\Users\Lisa\AppData\Local\Temp\Iminent
Folder Found : C:\Users\Lisa\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Lisa\AppData\LocalLow\Conduit
Folder Found : C:\Users\Lisa\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Lisa\AppData\LocalLow\uTorrentControl_v2
Folder Found : C:\Users\Lisa\AppData\Roaming\goforfiles
Folder Found : C:\Users\Lisa\AppData\Roaming\IminentToolbar
Folder Found : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\Extensions\[email protected]
Folder Found : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\Extensions\[email protected]

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\8558f88e06ebf46
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311551178}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311551178}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551178}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551178}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\uTorrentControl_v2
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\GoforFiles
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\uTorrentControl_v2
Key Found : HKLM\SOFTWARE\8558f88e06ebf46
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311551178}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311551178}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552278}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035578.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035578.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035578.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035578.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355555578}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556678}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344554478}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\MediaPlayerV1
Key Found : HKLM\Software\MediaViewV1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FC4CB85-3111-4389-9970-D10F0DC08D2B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA883060-6A79-4111-8C9F-E106FA81035E}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551178}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551178}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Found : HKLM\Software\uTorrentControl_v2
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355555578}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556678}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3321738&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP76183B90-37D6-4A95-AB49-BA2F4DF78962&SSPV=

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\prefs.js ]


[ File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\prefs.js ]

Line Found : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("extensions.crossrider.bic", "1451eb3b972fe33bdc2afc4cdad45382");
Line Found : user_pref("extensions.iminent.admin", false);
Line Found : user_pref("extensions.iminent.aflt", "orgnl");
Line Found : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Found : user_pref("extensions.iminent.autoRvrt", "false");
Line Found : user_pref("extensions.iminent.dfltLng", "");
Line Found : user_pref("extensions.iminent.excTlbr", false);
Line Found : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Found : user_pref("extensions.iminent.id", "ccaadbc7000000000000b803058097de");
Line Found : user_pref("extensions.iminent.instlDay", "16161");
Line Found : user_pref("extensions.iminent.instlRef", "");
Line Found : user_pref("extensions.iminent.newTab", false);
Line Found : user_pref("extensions.iminent.prdct", "iminent");
Line Found : user_pref("extensions.iminent.prtnrId", "iminent");
Line Found : user_pref("extensions.iminent.rvrt", "false");
Line Found : user_pref("extensions.iminent.smplGrp", "none");
Line Found : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Found : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Found : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Line Found : user_pref("extensions.iminent.vrsnTs", "1.8.28.320:12:24");
Line Found : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Line Found : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Line Found : user_pref("extentions.y2layers.installId", "52001196-d29d-4d38-81b4-b989fe9142a7");
Line Found : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.015904255744,\"s\":0,\"es\":1}");
Line Found : user_pref("iminent.adapters", "{\"start.iminent.com\":{\"CountryCode\":\"GB\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.275,\"expireTime\":\"139637956[...]
Line Found : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Line Found : user_pref("iminent.registerToolbarEvent102", "1396379599800");
Line Found : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : pacgpkgadgmibnhpdidcnfafllnmeomc

*************************

AdwCleaner[R0].txt - [18480 octets] - [01/05/2014 09:45:03]


########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18541 octets] ##########

**C:\tmp has PNG files in from one of my after effects project i think.

**C:\B8781944CC8A
C:\F1F091392447
C:\D5529463E6F1
C:\BC012D09253B
C:\4F25AC132B75

These files are hidden files but I think they are from adobe as I found the exact same named files in an adobe folder.

**I have removed the illegal software.

**I have removed Utorrent.

**I have disabled the sidebar.

**Yahoo toolbar has been uninstalled.

**OTLfix
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C7B00B56-7E90-4875-B78D-E4908F4411AA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7B00B56-7E90-4875-B78D-E4908F4411AA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\adobe.com/AdobeAAMDetect\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha883\ff not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2232\ff not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TwinitySetup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\Software\Microsoft\Windows\CurrentVersion\Run\\POEngine5 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RaysHarvester deleted successfully.
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\course-source.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\epautotest.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\learndirect.co.uk\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\learndirect.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\learndirect-business.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mindleaders.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\thirdforce.com\ deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b86701a-1ce6-11e2-8c11-b803058097e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b86701a-1ce6-11e2-8c11-b803058097e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b86701a-1ce6-11e2-8c11-b803058097e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b86701a-1ce6-11e2-8c11-b803058097e1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b867025-1ce6-11e2-8c11-b803058097e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b867025-1ce6-11e2-8c11-b803058097e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b867025-1ce6-11e2-8c11-b803058097e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b867025-1ce6-11e2-8c11-b803058097e1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b867055-1ce6-11e2-8c11-b803058097e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b867055-1ce6-11e2-8c11-b803058097e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b867055-1ce6-11e2-8c11-b803058097e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b867055-1ce6-11e2-8c11-b803058097e1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db4123ae-30bc-11e2-8e59-b803058097e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db4123ae-30bc-11e2-8e59-b803058097e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db4123ae-30bc-11e2-8e59-b803058097e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db4123ae-30bc-11e2-8e59-b803058097e1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db4123bb-30bc-11e2-8e59-b803058097e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db4123bb-30bc-11e2-8e59-b803058097e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db4123bb-30bc-11e2-8e59-b803058097e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db4123bb-30bc-11e2-8e59-b803058097e1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Folder C:\Users\Lisa\Desktop\ADOBE_CC_KEYGEN_WIN_MACOSX-XFORCE\ not found.
C:\Windows\SysNative\drivers\wStLibG64.sys moved successfully.
C:\ProgramData\flwjycbm.bab moved successfully.
C:\ProgramData\bltofzsb.qlf moved successfully.
ADS C:\ProgramData\Temp:A1EDB939 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lisa
->Temp folder emptied: 2072252568 bytes
->Temporary Internet Files folder emptied: 237919643 bytes
->Java cache emptied: 47505 bytes
->FireFox cache emptied: 19982165 bytes
->Google Chrome cache emptied: 165961737 bytes
->Flash cache emptied: 59251 bytes
 
User: M4553ff3Ct
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174200188 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42358910 bytes
RecycleBin emptied: 2742235 bytes
 
Total Files Cleaned = 2,590.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05012014_224228

Files\Folders moved on Reboot...
C:\Users\Lisa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\LISA-PC-20140501-2234.log moved successfully.
File\Folder C:\windows\temp\officeclicktorun.exe_c2ruidll(2014050122341971C).log not found!
File\Folder C:\windows\temp\officeclicktorun.exe_streamserver(2014050122342071C).log not found!
File move failed. C:\windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
File move failed. C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

**AdwCleaner
# AdwCleaner v3.205 - Report created 01/05/2014 at 22:54:25
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lisa - LISA-PC
# Running from : C:\Users\Lisa\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\prefs.js ]


[ File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18698 octets] - [01/05/2014 09:45:03]
AdwCleaner[R1].txt - [1125 octets] - [01/05/2014 22:53:00]
AdwCleaner[S0].txt - [17135 octets] - [01/05/2014 09:46:02]
AdwCleaner[S1].txt - [1047 octets] - [01/05/2014 22:54:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1107 octets] ##########

**JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lisa on 01/05/2014 at 23:01:22.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2964522286-2092028268-1510466465-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{16EE53A3-B476-408A-9F7B-3564EDCD583C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{21338AA9-C728-4E4A-8491-E1A345B75362}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4034CBC1-B83B-42EA-9C3E-D35FEDCB68C7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4040FE44-5BA9-4128-A7FC-6BBC5A211734}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{41C0934D-8311-48C7-8CC9-FFE322C2E749}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{42C1FEAA-6DFB-4CE5-9097-6E7CA82F4A6A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{579CBEA1-9B85-49DA-AE76-4EC1AD32F69A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6C776DA7-C259-4319-9AB9-3F43C713D9C7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{772F5FA2-EFB4-4278-AC3E-46CC221001DE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7C24150C-5024-47F0-9B60-82B599A85C1D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{86AB643F-11BF-4E63-97F6-DACDE39EA57D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9E6B2E7D-E25A-44DE-8F60-0CC51C888373}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B0806520-39B4-4B91-9EF3-6FE2336C7C62}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E8934FF8-0964-4A2C-9A2C-F1B4D5F5FF22}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F15DF94A-8898-4D4A-A067-D89E54550A6C}



~~~ FireFox

Emptied folder: C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\mvdozpvn.default-1364642001268\minidumps [123 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/05/2014 at 23:17:12.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**OTL

OTL logfile created on: 01/05/2014 23:19:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
5.92 Gb Total Physical Memory | 3.60 Gb Available Physical Memory | 60.92% Memory free
11.83 Gb Paging File | 8.52 Gb Available in Paging File | 72.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 74.88 Gb Free Space | 41.83% Space Free | Partition Type: NTFS
Drive D: | 266.72 Gb Total Space | 256.39 Gb Free Space | 96.12% Space Free | Partition Type: NTFS
 
Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/01 19:48:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.com
PRC - [2014/05/01 10:42:03 | 001,225,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
PRC - [2014/05/01 10:42:03 | 000,679,464 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
PRC - [2014/05/01 08:09:27 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe
PRC - [2014/04/18 19:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/29 11:29:33 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/21 02:40:50 | 002,691,480 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/03/20 11:24:00 | 005,288,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/03/18 23:18:30 | 000,419,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/02/19 07:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2013/12/21 07:04:50 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/27 17:19:36 | 000,310,208 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE
PRC - [2013/08/27 17:19:36 | 000,207,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE
PRC - [2013/02/21 16:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012/11/26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe
PRC - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/09/14 23:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
PRC - [2011/09/06 08:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 08:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/19 04:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/08/17 08:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/29 23:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/06/24 09:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/06/05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/05/05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/12 10:34:48 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\T-Mobile Internet Manager\AssistantServices.exe
PRC - [2009/06/12 10:34:10 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/01 22:57:02 | 000,041,984 | ---- | M] () -- c:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg_yl87.dll
MOD - [2014/05/01 07:52:21 | 000,593,464 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
MOD - [2014/03/29 11:29:33 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/20 11:24:00 | 005,288,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/03/18 23:22:06 | 032,733,088 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2014/03/18 23:22:06 | 000,742,816 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libGLESv2.dll
MOD - [2014/03/18 23:22:06 | 000,136,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libEGL.dll
MOD - [2014/01/03 04:42:50 | 003,610,624 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/27 17:19:50 | 000,093,120 | ---- | M] () -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\FSGUI\strres.eng
MOD - [2013/08/27 17:19:46 | 000,056,256 | ---- | M] () -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\FSGUI\fsavures.eng
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/02/16 16:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/12 10:34:10 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe
MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/17 18:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/16 01:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/26 09:52:08 | 000,152,640 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE -- (EPSON_PM_RPCV4_06)
SRV:64bit: - [2012/08/23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/08/23 17:04:00 | 000,629,040 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/08/23 17:03:14 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2014/05/01 08:09:27 | 000,060,352 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2014/04/29 12:08:19 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/29 11:29:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/27 17:19:36 | 000,207,808 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2013/02/21 16:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
SRV - [2013/01/21 19:36:47 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe -- (fshoster)
SRV - [2012/05/03 11:27:58 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/09/14 23:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32)
SRV - [2011/06/05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/05/05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/12 10:34:48 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\T-Mobile Internet Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/01 10:46:22 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2014/03/17 18:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 18:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/07/25 17:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/02/12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/30 12:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 15:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/11 13:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 16:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/09/15 09:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/29 16:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/23 06:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/07/29 23:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/17 04:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/06/05 00:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/19 01:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/22 11:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/07 17:47:16 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/05/07 17:47:16 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/05/07 17:47:16 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/05/07 17:47:16 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2014/05/01 10:43:17 | 000,203,304 | ---- | M] (F-Secure Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2014/05/01 10:42:05 | 000,069,480 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2014/05/01 08:12:53 | 000,041,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2013/08/27 17:19:32 | 000,013,248 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2013/04/25 12:52:40 | 000,080,832 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys -- (fsni)
DRV - [2012/04/13 00:32:12 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{77C7D53D-AA3D-4AEB-AE1D-45108C8A553D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{7D7817CC-4960-4340-9FD8-5541C41CA988}: "URL" = https://www.google.c...q={searchTerms}
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{9DA05571-9AF2-4CD7-B60A-C01CBF81DBC6}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-53c562c888894ea7\\NPRobloxProxy.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha294\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/04/20 20:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 11:29:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/24 19:26:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
[2012/10/24 18:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\extensions
[2013/03/30 11:44:56 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/03/30 11:44:56 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2014/05/01 09:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\extensions
[2012/10/24 14:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2014/05/01 15:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions
[2013/10/22 19:35:16 | 000,000,000 | ---D | M] (British English Dictionary (Updated)) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\[email protected]
[2014/04/10 09:13:18 | 000,034,670 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\[email protected]
[2013/06/20 21:59:48 | 000,207,024 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\[email protected]
[2014/01/06 22:07:44 | 000,443,916 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{12B72A0D-0B85-456E-9DD9-203529B36DF0}.xpi
[2013/05/15 21:18:07 | 000,004,590 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{421e87b4-d3d2-49c8-b08f-b83f4dc88444}.xpi
[2013/06/23 18:16:48 | 000,151,038 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2014/05/01 15:04:25 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/29 11:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 11:29:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dictanote - Speech Recognizer = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk\8_0\
CHR - Extension: Google Drive = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.6.70_0\
CHR - Extension: Pandora\u2122 Voice Recognition = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\egdjohngfdcoknddingdjfnfijdncino\0.2_0\
CHR - Extension: Speech Recognition for Text Inputs = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\heennmclhgoopfpeahknkiammigjllce\1.1.0_0\
CHR - Extension: Voice Recognition = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn\2.0_0\
CHR - Extension: Google Wallet = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/05/01 10:10:19 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [F-Secure Hoster (44515)] C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{252DE15D-7575-4F20-8511-57A2D303115C}: DhcpNameServer = 172.30.139.17 172.31.139.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C8ED0D3-D844-40C5-BA2D-E1F12CAA973F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B4CE63-D559-4D59-9BC4-E6D287327B5F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/01 23:01:18 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/05/01 23:00:43 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Lisa\Desktop\JRT.exe
[2014/05/01 22:42:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/01 19:51:13 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2014/05/01 19:48:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.com
[2014/05/01 10:09:13 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\CrashDumps
[2014/05/01 09:45:30 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/05/01 09:45:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/01 07:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Safe Boost
[2014/05/01 07:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TalkTalk
[2014/05/01 07:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2014/04/30 22:53:20 | 000,522,360 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfefirek.sys
[2014/04/30 22:53:20 | 000,180,272 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeapfk.sys
[2014/04/30 22:53:20 | 000,070,592 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\cfwids.sys
[2014/04/30 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Logo animation JD designs templates
[2014/04/30 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Adobe
[2014/04/30 16:01:57 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\uniquefx_sparkle_reveal
[2014/04/30 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Logo animations After effects
[2014/04/30 15:48:20 | 000,000,000 | ---D | C] -- C:\adobeTemp
[2014/04/29 21:50:45 | 000,000,000 | ---D | C] -- C:\tmp
[2014/04/29 18:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2014/04/29 18:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2014/04/29 17:30:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\3dsMax
[2014/04/29 16:47:28 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\New folder (9)
[2014/04/29 12:57:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/04/29 12:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/29 12:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/04/29 12:08:12 | 017,931,952 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2014/04/27 23:00:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Skype
[2014/04/27 11:38:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Invoices
[2014/04/26 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Ian PPH
[2014/04/23 15:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoScribe
[2014/04/23 15:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sparkol
[2014/04/23 15:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\com.sparkol.VideoScribeDesktop
[2014/04/23 14:27:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\McAfee
[2014/04/23 14:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/04/23 14:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/04/21 21:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/04/21 21:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photoshop CS6
[2014/04/21 18:50:07 | 002,808,712 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Lisa\Desktop\CreativeCloudSet-Up.exe
[2014/04/21 18:27:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\New folder (8)
[2014/04/21 18:27:18 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\New folder (7)
[2014/04/19 10:20:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\logo templates
[2014/04/18 08:30:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Wood Engraved Logo Mock-Up
[2014/04/09 13:30:31 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2014/04/09 13:30:31 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2014/04/09 13:30:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iologmsg.dll
[2014/04/09 13:30:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iologmsg.dll
[2014/04/09 13:30:24 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/04/09 13:30:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2014/04/09 13:30:24 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2014/04/09 13:30:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2014/04/09 13:30:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2014/04/09 13:30:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2014/04/09 13:30:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2014/04/09 13:30:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2014/04/09 13:30:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2014/04/09 13:30:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2014/04/08 19:12:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\x-formation
[2014/04/08 19:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Muvizu
[2014/04/08 18:59:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Muvizu Play
[2014/04/08 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Muvizu Play
[2014/04/05 14:57:32 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\inkscape
[2014/04/04 11:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2014/04/02 22:39:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\HandHistory
[2014/04/02 22:39:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\AuxClient
[2 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/01 23:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 23:05:28 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 23:05:28 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 23:00:46 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Lisa\Desktop\JRT.exe
[2014/05/01 22:55:36 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2014/05/01 22:55:35 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/01 22:55:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/01 22:55:14 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/01 22:52:30 | 001,310,621 | ---- | M] () -- C:\Users\Lisa\Desktop\AdwCleaner.exe
[2014/05/01 22:52:01 | 000,000,911 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {4210B272-BDC6-451E-8E00-419490997D13}.job
[2014/05/01 22:52:00 | 000,000,725 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {4210B272-BDC6-451E-8E00-419490997D13}.job
[2014/05/01 22:51:26 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/01 22:06:36 | 000,984,576 | ---- | M] () -- C:\Users\Lisa\Desktop\MicrosoftFixit50906.msi
[2014/05/01 19:51:19 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2014/05/01 19:48:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.com
[2014/05/01 10:46:22 | 000,056,016 | ---- | M] () -- C:\windows\SysNative\drivers\fsbts.sys
[2014/05/01 10:38:41 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/05/01 10:10:19 | 000,000,741 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/05/01 08:12:53 | 000,041,024 | ---- | M] () -- C:\windows\SysWow64\drivers\fsbts.sys
[2014/05/01 08:11:15 | 000,019,653 | ---- | M] () -- C:\windows\prodsett_copy.ini
[2014/04/30 22:38:46 | 000,001,047 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/30 22:38:27 | 000,001,013 | ---- | M] () -- C:\Users\Lisa\Desktop\Dropbox.lnk
[2014/04/30 22:33:44 | 005,186,152 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/04/30 16:37:02 | 000,354,666 | ---- | M] () -- C:\Users\Lisa\Desktop\140430134111_09.png
[2014/04/30 16:37:01 | 000,000,132 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/04/30 16:34:45 | 000,300,950 | ---- | M] () -- C:\Users\Lisa\Desktop\140430134111_09.jpg
[2014/04/30 07:24:21 | 000,014,539 | ---- | M] () -- C:\Users\Lisa\Desktop\living-room-1019053-m.jpg
[2014/04/29 12:57:17 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/29 12:08:19 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/04/29 12:08:19 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/29 12:08:12 | 017,931,952 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2014/04/28 16:15:59 | 067,885,490 | ---- | M] () -- C:\Users\Lisa\Desktop\Stephanie PPH.mov
[2014/04/28 16:10:12 | 002,122,943 | ---- | M] () -- C:\Users\Lisa\Desktop\alaughaamileandakiss.mp3
[2014/04/27 08:31:37 | 000,084,392 | ---- | M] () -- C:\Users\Lisa\Desktop\cartoon wth legs.png
[2014/04/26 21:30:09 | 000,158,204 | ---- | M] () -- C:\Users\Lisa\Desktop\gigatagz logo.png
[2014/04/26 15:32:37 | 000,167,407 | ---- | M] () -- C:\Users\Lisa\Desktop\a-newspaper-articl.jpg
[2014/04/24 14:00:09 | 000,413,739 | ---- | M] () -- C:\Users\Lisa\Desktop\Lotus-2.png
[2014/04/23 21:41:31 | 000,012,797 | ---- | M] () -- C:\Users\Lisa\Desktop\12708195561883855498masjid-silhouette.svg.hi.png
[2014/04/23 21:21:08 | 000,003,297 | ---- | M] () -- C:\Users\Lisa\AppData\Local\recently-used.xbel
[2014/04/23 20:38:30 | 000,025,325 | ---- | M] () -- C:\Users\Lisa\Desktop\cute-baby-22.svg
[2014/04/23 15:12:14 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\VideoScribe Desktop.lnk
[2014/04/22 12:40:41 | 000,000,132 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Adobe AIFF Format CS6 Prefs
[2014/04/21 21:50:55 | 000,000,208 | -H-- | M] () -- C:\B8781944CC8A
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\F1F091392447
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\D5529463E6F1
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\BC012D09253B
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\4F25AC132B75
[2014/04/21 21:47:20 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Photoshop CS6.lnk
[2014/04/21 21:47:19 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Photoshop CS6 x64.lnk
[2014/04/21 18:54:48 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2014/04/21 18:50:07 | 002,808,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Lisa\Desktop\CreativeCloudSet-Up.exe
[2014/04/20 17:40:28 | 000,000,132 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/04/14 17:29:04 | 042,378,341 | ---- | M] () -- C:\Users\Lisa\Desktop\Andy PPH.zip
[2014/04/09 14:05:29 | 000,670,038 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/09 14:05:29 | 000,127,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/09 14:05:28 | 000,786,622 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/04 11:38:08 | 000,000,995 | ---- | M] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/04/04 11:38:08 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/01 22:52:22 | 001,310,621 | ---- | C] () -- C:\Users\Lisa\Desktop\AdwCleaner.exe
[2014/05/01 22:06:36 | 000,984,576 | ---- | C] () -- C:\Users\Lisa\Desktop\MicrosoftFixit50906.msi
[2014/05/01 10:46:22 | 000,056,016 | ---- | C] () -- C:\windows\SysNative\drivers\fsbts.sys
[2014/05/01 08:12:53 | 000,041,024 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys
[2014/05/01 08:11:15 | 000,019,653 | ---- | C] () -- C:\windows\prodsett_copy.ini
[2014/04/30 16:37:00 | 000,354,666 | ---- | C] () -- C:\Users\Lisa\Desktop\140430134111_09.png
[2014/04/30 15:52:07 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC.lnk
[2014/04/30 15:48:43 | 000,300,950 | ---- | C] () -- C:\Users\Lisa\Desktop\140430134111_09.jpg
[2014/04/30 07:24:21 | 000,014,539 | ---- | C] () -- C:\Users\Lisa\Desktop\living-room-1019053-m.jpg
[2014/04/29 12:57:17 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/28 16:21:05 | 067,885,490 | ---- | C] () -- C:\Users\Lisa\Desktop\Stephanie PPH.mov
[2014/04/28 16:10:16 | 002,122,943 | ---- | C] () -- C:\Users\Lisa\Desktop\alaughaamileandakiss.mp3
[2014/04/27 08:31:34 | 000,084,392 | ---- | C] () -- C:\Users\Lisa\Desktop\cartoon wth legs.png
[2014/04/26 21:30:09 | 000,158,204 | ---- | C] () -- C:\Users\Lisa\Desktop\gigatagz logo.png
[2014/04/26 15:32:36 | 000,167,407 | ---- | C] () -- C:\Users\Lisa\Desktop\a-newspaper-articl.jpg
[2014/04/24 14:00:07 | 000,413,739 | ---- | C] () -- C:\Users\Lisa\Desktop\Lotus-2.png
[2014/04/23 21:41:30 | 000,012,797 | ---- | C] () -- C:\Users\Lisa\Desktop\12708195561883855498masjid-silhouette.svg.hi.png
[2014/04/23 21:21:08 | 000,003,297 | ---- | C] () -- C:\Users\Lisa\AppData\Local\recently-used.xbel
[2014/04/23 20:36:49 | 000,025,325 | ---- | C] () -- C:\Users\Lisa\Desktop\cute-baby-22.svg
[2014/04/23 15:12:14 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\VideoScribe Desktop.lnk
[2014/04/22 12:40:41 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe AIFF Format CS6 Prefs
[2014/04/21 21:50:55 | 000,000,208 | -H-- | C] () -- C:\B8781944CC8A
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\F1F091392447
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\D5529463E6F1
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\BC012D09253B
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\4F25AC132B75
[2014/04/21 21:47:20 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Photoshop CS6.lnk
[2014/04/21 21:47:19 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Photoshop CS6 x64.lnk
[2014/04/21 19:24:49 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
[2014/04/21 19:22:56 | 000,001,164 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
[2014/04/21 18:54:48 | 000,001,273 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[2014/04/21 18:54:48 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2014/04/14 17:29:20 | 042,378,341 | ---- | C] () -- C:\Users\Lisa\Desktop\Andy PPH.zip
[2014/04/07 12:46:22 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC.lnk
[2014/04/04 11:38:37 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2014/04/04 11:38:08 | 000,000,995 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/04/04 11:38:08 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2014/03/11 13:28:23 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2014/02/27 12:00:53 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/02/13 20:57:21 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/01/29 22:12:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/22 15:00:20 | 000,214,512 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2013/11/06 22:26:52 | 000,012,800 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/19 16:40:30 | 000,007,599 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg
[2013/06/06 17:38:42 | 000,000,044 | ---- | C] () -- C:\windows\vzones.ini
[2013/05/05 19:50:12 | 000,000,423 | ---- | C] () -- C:\windows\wininit.ini
[2013/01/21 18:39:50 | 000,770,932 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/30 13:37:37 | 000,017,408 | ---- | C] () -- C:\Users\Lisa\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2013/06/06 16:09:38 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/29 19:00:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\.Temp_Updater_Directory
[2013/01/21 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Autodesk
[2012/12/17 21:44:39 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Awesomium
[2012/12/21 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Blender Foundation
[2014/01/19 12:33:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\bwincom
[2014/01/19 12:33:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\cef-cache
[2012/10/24 19:14:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/09/01 20:03:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\deluge
[2014/05/01 22:58:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Dropbox
[2014/03/14 08:16:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DropboxMaster
[2013/06/06 18:09:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Firestorm
[2014/04/05 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\inkscape
[2014/02/12 23:08:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IrfanView
[2014/02/12 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\KompoZer
[2012/12/28 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum
[2013/11/19 23:03:55 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Open Download Manager
[2012/10/26 16:11:46 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
[2013/09/02 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Origin
[2014/03/18 15:03:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OutWit
[2014/01/20 19:09:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PacificPoker
[2013/02/21 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Party
[2014/02/10 19:08:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PDAppFlex
[2013/04/09 17:44:13 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\player
[2013/05/02 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlayFirst
[2013/01/06 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SecondLife
[2014/03/10 11:25:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SolidDocuments
[2012/10/23 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\T-Mobile
[2013/11/20 13:46:32 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\T-Mobile Internet Manager
[2013/02/12 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Temp
[2013/09/19 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Utherverse
[2014/05/01 22:03:01 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\uTorrent
[2014/03/12 10:01:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\VideoScribeDesktop
[2013/04/27 20:17:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WildTangent
[2014/02/17 16:22:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinZip
[2013/02/21 17:34:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WPT
[2013/10/18 12:09:38 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Xilisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< MD5 for: RPCSS.DLL  >
[2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\windows\SysNative\rpcss.dll
[2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< End of report >
 


  • 0

#8
Machiavelli
Posted 02 May 2014 - 06:10 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey liscat, :)

Step 1: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
O2 - BHO: (no name) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - No CLSID value found.
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Step 2: MBAM

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
How to do this?
  • Visit this website here
  • You will see a screen like this:

    e922iil8.png
    • Click Run ESET Online Scanner

      4e3svhbd.png
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      p35jbmyy.png
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      p3b9meru.png
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 4: SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Step 5: CKScanner

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Step 6: Question

How is the PC running?
  • 0

#9
liscat
Posted 02 May 2014 - 01:01 PM

liscat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, neither of the links for security check are working.
 
Laptop is definately running faster, no weird messages on startup anymore, and seems to run much better.
 
ESET
 
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=50a2007ddcb26744a1c6cb615d467551
# engine=18117
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-02 06:48:58
# local_time=2014-05-02 07:48:58 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2559 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 25098416 151521588 0 0
# scanned=12499
# found=33
# cleaned=0
# scan_time=887
sh=1F2C0A5D4CB1B47D1DDC86E3516F06B3ECA63A56 ft=1 fh=94049be6457143fb vn="probably a variant of MSIL/DomaIQ.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=E74FA4A0D65AE3C52D9DF48656EE854FC6B46F7C ft=1 fh=dbc255def4ce43d5 vn="a variant of Win32/Amonetize.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaViewV1\MediaViewV1alpha2232\uninstall.exe.vir"
sh=2EE0AAF575D86EF5A93B01C7EC03EBF926CA4147 ft=1 fh=d82e726e69eec8ce vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\hk64tbuTo0.dll.vir"
sh=DACCEF26229D06C78049B88C7BE2772EA347B8A2 ft=1 fh=fefb97b647b2f1e6 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\hk64tbuTo2.dll.vir"
sh=D4FEA02B7EEC13FA4944AA276F160B1FCE078AB3 ft=1 fh=901bf430c96d23b4 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\hktbuTo0.dll.vir"
sh=A473F1057D0844C61ED68047F97C6CD8B3F79F51 ft=1 fh=851ca62d1383db26 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\hktbuTo2.dll.vir"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\ldrtbuTo0.dll.vir"
sh=28F30DCBC3836B85CF84C0445F20FDD74276105F ft=1 fh=a5122cc400caea7d vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\ldrtbuTo2.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\ldrtbuTor.dll.vir"
sh=C51D61A1083C6A927BE3AA91BFC7AA63BA68DAA0 ft=1 fh=c0f81c2205332fa9 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll.vir"
sh=D92C60CCE0049F2F7FB25ECBED01C7E89DC43988 ft=1 fh=854242ae4b4cbd77 vn="Win32/Toolbar.Conduit.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\prxtbuTo2.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\tbuTo0.dll.vir"
sh=4C716303AC281E9F6F92DBAA25DFCF342B2E8300 ft=1 fh=2ce425e33ba62b65 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\tbuTo2.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\tbuTor.dll.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\uTorrentControl_v2ToolbarHelper.exe.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v2\uTorrentControl_v2ToolbarHelper1.exe.vir"
sh=466F4A4851CFDA7682C11C54B7C748C2BAE44F8D ft=1 fh=c552ffaf2fd24942 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Local\Conduit\CT3220468\uTorrentControl_v2AutoUpdateHelper.exe.vir"
sh=2EE0AAF575D86EF5A93B01C7EC03EBF926CA4147 ft=1 fh=d82e726e69eec8ce vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\hk64tbuTo0.dll.vir"
sh=DACCEF26229D06C78049B88C7BE2772EA347B8A2 ft=1 fh=fefb97b647b2f1e6 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\hk64tbuTo2.dll.vir"
sh=D4FEA02B7EEC13FA4944AA276F160B1FCE078AB3 ft=1 fh=901bf430c96d23b4 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\hktbuTo0.dll.vir"
sh=A473F1057D0844C61ED68047F97C6CD8B3F79F51 ft=1 fh=851ca62d1383db26 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\hktbuTo2.dll.vir"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\ldrtbuTo0.dll.vir"
sh=28F30DCBC3836B85CF84C0445F20FDD74276105F ft=1 fh=a5122cc400caea7d vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\ldrtbuTo2.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\ldrtbuTor.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\tbuTo0.dll.vir"
sh=49EF6474458CF16251C1FF63D1BFCDD82B618F1C ft=1 fh=59afc62f273e1dd2 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\tbuTo1.dll.vir"
sh=4C716303AC281E9F6F92DBAA25DFCF342B2E8300 ft=1 fh=2ce425e33ba62b65 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\tbuTo2.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\tbuTor.dll.vir"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\uTorrentControl_v2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll.vir"
sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\Extensions\[email protected]\content\overlay.js.vir"
sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\Extensions\[email protected]\content\overlay.js.vir"
 
CKfiles
 
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe media encoder cc\plug-ins\de_de\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\de_de\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\de_de\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\es_es\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\es_es\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\es_es\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\fr_fr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\fr_fr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\fr_fr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\it_it\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\it_it\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\it_it\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\ja_jp\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\ja_jp\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\ja_jp\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\ko_kr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\ko_kr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\ko_kr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\pt_br\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\pt_br\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\pt_br\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\ru_ru\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\ru_ru\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\ru_ru\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\zh_cn\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\zh_cn\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc\plug-ins\zh_cn\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc\plug-ins\pt_br\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc\plug-ins\pt_br\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc\plug-ins\pt_br\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc\plug-ins\ru_ru\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc\plug-ins\ru_ru\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc\plug-ins\ru_ru\vstplugins\decrackler6.dll
c:\program files (x86)\autodesk\3ds max 2013\maps\substance\textures\cracked_plaster.sbsar
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files (x86)\roblox\versions\version-9d48c4c011fc48e2\content\textures\vol_ice_cracked2.dds
c:\users\lisa\desktop\pph finished\jane pph story emporium\kate crackernuts.docx
c:\users\lisa\downloads\sparkol.videoscribe.crack.zip
c:\users\lisa\downloads\spark.vidscri.pro.edi.1.3.26\crack\install notes.txt
c:\users\lisa\dropbox\2010\crackerjack marquees\jhca701 crackerjack marquees.dst
c:\users\lisa\dropbox\2010\crackerjack marquees\jhca701 crackerjack marquees.emb
c:\users\lisa\dropbox\2010\crackerjack marquees\jhca701 crackerjack marquees.mls
c:\users\m4553ff3ct\cura&key\keygen.exe
c:\users\m4553ff3ct\dvd1\fegefeuer\keygen.exe
scanner sequence 3.ZZ.11.WFNAWZ
 ----- EOF -----

OTL
 
OTL logfile created on: 02/05/2014 15:22:10 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
5.92 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 50.22% Memory free
11.83 Gb Paging File | 8.57 Gb Available in Paging File | 72.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 74.11 Gb Free Space | 41.40% Space Free | Partition Type: NTFS
Drive D: | 266.72 Gb Total Space | 256.39 Gb Free Space | 96.12% Space Free | Partition Type: NTFS
 
Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/01 19:48:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.com
PRC - [2014/05/01 10:42:03 | 001,225,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
PRC - [2014/05/01 10:42:03 | 000,679,464 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
PRC - [2014/05/01 08:09:27 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe
PRC - [2014/04/18 19:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/03/29 11:29:33 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/21 02:40:50 | 002,691,480 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/03/20 11:24:00 | 005,288,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/03/18 23:18:30 | 000,419,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/02/19 07:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2013/12/21 07:04:50 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/27 17:19:36 | 000,310,208 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE
PRC - [2013/08/27 17:19:36 | 000,207,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE
PRC - [2013/02/21 16:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012/11/26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe
PRC - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/18 11:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/09/27 23:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/14 23:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
PRC - [2011/09/06 08:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 08:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/19 04:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/08/17 08:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/29 23:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/06/24 09:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/06/05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/05/05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/12 10:34:48 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\T-Mobile Internet Manager\AssistantServices.exe
PRC - [2009/06/12 10:34:10 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/02 15:18:17 | 000,041,984 | ---- | M] () -- c:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptf2wud.dll
MOD - [2014/05/01 07:52:21 | 000,593,464 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
MOD - [2014/03/29 11:29:33 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/20 11:24:00 | 005,288,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/03/18 23:22:06 | 032,733,088 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2014/03/18 23:22:06 | 000,742,816 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libGLESv2.dll
MOD - [2014/03/18 23:22:06 | 000,136,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libEGL.dll
MOD - [2014/01/03 04:42:50 | 003,610,624 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/27 17:19:50 | 000,093,120 | ---- | M] () -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\FSGUI\strres.eng
MOD - [2013/08/27 17:19:46 | 000,056,256 | ---- | M] () -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\FSGUI\fsavures.eng
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/02/16 16:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/12 10:34:10 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe
MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/17 18:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/16 01:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/26 09:52:08 | 000,152,640 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE -- (EPSON_PM_RPCV4_06)
SRV:64bit: - [2012/08/23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/08/23 17:04:00 | 000,629,040 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/08/23 17:03:14 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2014/05/01 08:09:27 | 000,060,352 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2014/04/29 12:08:19 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/29 11:29:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/27 17:19:36 | 000,207,808 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2013/02/21 16:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
SRV - [2013/01/21 19:36:47 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/26 13:49:10 | 000,183,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe -- (fshoster)
SRV - [2012/05/03 11:27:58 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/09/14 23:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32)
SRV - [2011/06/05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/05/05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/12 10:34:48 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\T-Mobile Internet Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/01 10:46:22 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2014/03/17 18:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 18:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/07/25 17:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/02/12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/30 12:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 15:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/11 13:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 16:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/09/15 09:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/29 16:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/23 06:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/07/29 23:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/17 04:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/06/05 00:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/19 01:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/22 11:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/07 17:47:16 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/05/07 17:47:16 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/05/07 17:47:16 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/05/07 17:47:16 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2014/05/01 10:43:17 | 000,203,304 | ---- | M] (F-Secure Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2014/05/01 10:42:05 | 000,069,480 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2014/05/01 08:12:53 | 000,041,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2013/08/27 17:19:32 | 000,013,248 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2013/04/25 12:52:40 | 000,080,832 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys -- (fsni)
DRV - [2012/04/13 00:32:12 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes,DefaultScope = {9DA05571-9AF2-4CD7-B60A-C01CBF81DBC6}
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{77C7D53D-AA3D-4AEB-AE1D-45108C8A553D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{7D7817CC-4960-4340-9FD8-5541C41CA988}: "URL" = https://www.google.c...q={searchTerms}
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\..\SearchScopes\{9DA05571-9AF2-4CD7-B60A-C01CBF81DBC6}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-53c562c888894ea7\\NPRobloxProxy.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha294\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/04/20 20:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 11:29:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/24 19:26:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
[2012/10/24 18:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\extensions
[2013/03/30 11:44:56 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/03/30 11:44:56 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2014/05/01 09:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\extensions
[2012/10/24 14:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\3jefoyl4.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2014/05/01 15:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions
[2013/10/22 19:35:16 | 000,000,000 | ---D | M] (British English Dictionary (Updated)) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\[email protected]
[2014/04/10 09:13:18 | 000,034,670 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\[email protected]
[2013/06/20 21:59:48 | 000,207,024 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\[email protected]
[2014/01/06 22:07:44 | 000,443,916 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{12B72A0D-0B85-456E-9DD9-203529B36DF0}.xpi
[2013/05/15 21:18:07 | 000,004,590 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{421e87b4-d3d2-49c8-b08f-b83f4dc88444}.xpi
[2013/06/23 18:16:48 | 000,151,038 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2014/05/01 15:04:25 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\mvdozpvn.default-1364642001268\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/29 11:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 11:29:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dictanote - Speech Recognizer = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk\8_0\
CHR - Extension: Google Drive = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.6.70_0\
CHR - Extension: Pandora⢠Voice Recognition = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\egdjohngfdcoknddingdjfnfijdncino\0.2_0\
CHR - Extension: Speech Recognition for Text Inputs = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\heennmclhgoopfpeahknkiammigjllce\1.1.0_0\
CHR - Extension: Voice Recognition = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn\2.0_0\
CHR - Extension: Google Wallet = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/05/01 10:10:19 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [F-Secure Hoster (44515)] C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2964522286-2092028268-1510466465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{252DE15D-7575-4F20-8511-57A2D303115C}: DhcpNameServer = 172.30.139.17 172.31.139.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C8ED0D3-D844-40C5-BA2D-E1F12CAA973F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B4CE63-D559-4D59-9BC4-E6D287327B5F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/01 23:01:18 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/05/01 23:00:43 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Lisa\Desktop\JRT.exe
[2014/05/01 22:42:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/01 19:51:13 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2014/05/01 19:48:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.com
[2014/05/01 10:09:13 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\CrashDumps
[2014/05/01 09:45:30 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/05/01 09:45:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/01 07:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Safe Boost
[2014/05/01 07:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TalkTalk
[2014/05/01 07:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2014/04/30 22:53:20 | 000,522,360 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfefirek.sys
[2014/04/30 22:53:20 | 000,180,272 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeapfk.sys
[2014/04/30 22:53:20 | 000,070,592 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\cfwids.sys
[2014/04/30 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Logo animation JD designs templates
[2014/04/30 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Adobe
[2014/04/30 16:01:57 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\uniquefx_sparkle_reveal
[2014/04/30 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Logo animations After effects
[2014/04/30 15:48:20 | 000,000,000 | ---D | C] -- C:\adobeTemp
[2014/04/29 21:50:45 | 000,000,000 | ---D | C] -- C:\tmp
[2014/04/29 18:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2014/04/29 18:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2014/04/29 17:30:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\3dsMax
[2014/04/29 16:47:28 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\New folder (9)
[2014/04/29 12:57:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/04/29 12:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/29 12:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/04/27 23:00:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Skype
[2014/04/27 11:38:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Invoices
[2014/04/26 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Ian PPH
[2014/04/23 15:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoScribe
[2014/04/23 15:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sparkol
[2014/04/23 15:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\com.sparkol.VideoScribeDesktop
[2014/04/23 14:27:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\McAfee
[2014/04/23 14:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/04/23 14:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/04/21 21:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/04/21 21:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photoshop CS6
[2014/04/21 18:27:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\New folder (8)
[2014/04/21 18:27:18 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\New folder (7)
[2014/04/19 10:20:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\logo templates
[2014/04/18 08:30:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Wood Engraved Logo Mock-Up
[2014/04/08 19:12:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\x-formation
[2014/04/08 19:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Muvizu
[2014/04/08 18:59:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Muvizu Play
[2014/04/08 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Muvizu Play
[2014/04/05 14:57:32 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\inkscape
[2014/04/04 11:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2014/04/02 22:39:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\HandHistory
[2014/04/02 22:39:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\AuxClient
[2 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/02 15:26:34 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 15:26:34 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 15:16:35 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2014/05/02 15:16:35 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 15:16:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/02 15:16:13 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/02 15:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/02 14:52:00 | 000,000,911 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {4210B272-BDC6-451E-8E00-419490997D13}.job
[2014/05/02 14:52:00 | 000,000,725 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {4210B272-BDC6-451E-8E00-419490997D13}.job
[2014/05/02 14:51:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/01 23:00:46 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Lisa\Desktop\JRT.exe
[2014/05/01 22:52:30 | 001,310,621 | ---- | M] () -- C:\Users\Lisa\Desktop\AdwCleaner.exe
[2014/05/01 22:06:36 | 000,984,576 | ---- | M] () -- C:\Users\Lisa\Desktop\MicrosoftFixit50906.msi
[2014/05/01 19:51:19 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2014/05/01 19:48:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.com
[2014/05/01 10:46:22 | 000,056,016 | ---- | M] () -- C:\windows\SysNative\drivers\fsbts.sys
[2014/05/01 10:38:41 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/05/01 10:10:19 | 000,000,741 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/05/01 08:12:53 | 000,041,024 | ---- | M] () -- C:\windows\SysWow64\drivers\fsbts.sys
[2014/05/01 08:11:15 | 000,019,653 | ---- | M] () -- C:\windows\prodsett_copy.ini
[2014/04/30 22:38:46 | 000,001,047 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/30 22:38:27 | 000,001,013 | ---- | M] () -- C:\Users\Lisa\Desktop\Dropbox.lnk
[2014/04/30 22:33:44 | 005,186,152 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/04/30 16:37:02 | 000,354,666 | ---- | M] () -- C:\Users\Lisa\Desktop\140430134111_09.png
[2014/04/30 16:37:01 | 000,000,132 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/04/30 16:34:45 | 000,300,950 | ---- | M] () -- C:\Users\Lisa\Desktop\140430134111_09.jpg
[2014/04/30 07:24:21 | 000,014,539 | ---- | M] () -- C:\Users\Lisa\Desktop\living-room-1019053-m.jpg
[2014/04/29 12:57:17 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/28 16:15:59 | 067,885,490 | ---- | M] () -- C:\Users\Lisa\Desktop\Stephanie PPH.mov
[2014/04/28 16:10:12 | 002,122,943 | ---- | M] () -- C:\Users\Lisa\Desktop\alaughaamileandakiss.mp3
[2014/04/27 08:31:37 | 000,084,392 | ---- | M] () -- C:\Users\Lisa\Desktop\cartoon wth legs.png
[2014/04/26 21:30:09 | 000,158,204 | ---- | M] () -- C:\Users\Lisa\Desktop\gigatagz logo.png
[2014/04/26 15:32:37 | 000,167,407 | ---- | M] () -- C:\Users\Lisa\Desktop\a-newspaper-articl.jpg
[2014/04/24 14:00:09 | 000,413,739 | ---- | M] () -- C:\Users\Lisa\Desktop\Lotus-2.png
[2014/04/23 21:41:31 | 000,012,797 | ---- | M] () -- C:\Users\Lisa\Desktop\12708195561883855498masjid-silhouette.svg.hi.png
[2014/04/23 21:21:08 | 000,003,297 | ---- | M] () -- C:\Users\Lisa\AppData\Local\recently-used.xbel
[2014/04/23 20:38:30 | 000,025,325 | ---- | M] () -- C:\Users\Lisa\Desktop\cute-baby-22.svg
[2014/04/23 15:12:14 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\VideoScribe Desktop.lnk
[2014/04/22 12:40:41 | 000,000,132 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Adobe AIFF Format CS6 Prefs
[2014/04/21 21:50:55 | 000,000,208 | -H-- | M] () -- C:\F1F091392447
[2014/04/21 21:50:55 | 000,000,208 | -H-- | M] () -- C:\B8781944CC8A
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\D5529463E6F1
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\BC012D09253B
[2014/04/21 21:50:55 | 000,000,112 | -H-- | M] () -- C:\4F25AC132B75
[2014/04/21 21:47:20 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Photoshop CS6.lnk
[2014/04/21 21:47:19 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Photoshop CS6 x64.lnk
[2014/04/21 18:54:48 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2014/04/20 17:40:28 | 000,000,132 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/04/14 17:29:04 | 042,378,341 | ---- | M] () -- C:\Users\Lisa\Desktop\Andy PPH.zip
[2014/04/09 14:05:29 | 000,670,038 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/09 14:05:29 | 000,127,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/09 14:05:28 | 000,786,622 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/04 11:38:08 | 000,000,995 | ---- | M] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/04/04 11:38:08 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/01 22:52:22 | 001,310,621 | ---- | C] () -- C:\Users\Lisa\Desktop\AdwCleaner.exe
[2014/05/01 22:06:36 | 000,984,576 | ---- | C] () -- C:\Users\Lisa\Desktop\MicrosoftFixit50906.msi
[2014/05/01 10:46:22 | 000,056,016 | ---- | C] () -- C:\windows\SysNative\drivers\fsbts.sys
[2014/05/01 08:12:53 | 000,041,024 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys
[2014/05/01 08:11:15 | 000,019,653 | ---- | C] () -- C:\windows\prodsett_copy.ini
[2014/04/30 16:37:00 | 000,354,666 | ---- | C] () -- C:\Users\Lisa\Desktop\140430134111_09.png
[2014/04/30 15:52:07 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC.lnk
[2014/04/30 15:48:43 | 000,300,950 | ---- | C] () -- C:\Users\Lisa\Desktop\140430134111_09.jpg
[2014/04/30 07:24:21 | 000,014,539 | ---- | C] () -- C:\Users\Lisa\Desktop\living-room-1019053-m.jpg
[2014/04/29 12:57:17 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/28 16:21:05 | 067,885,490 | ---- | C] () -- C:\Users\Lisa\Desktop\Stephanie PPH.mov
[2014/04/28 16:10:16 | 002,122,943 | ---- | C] () -- C:\Users\Lisa\Desktop\alaughaamileandakiss.mp3
[2014/04/27 08:31:34 | 000,084,392 | ---- | C] () -- C:\Users\Lisa\Desktop\cartoon wth legs.png
[2014/04/26 21:30:09 | 000,158,204 | ---- | C] () -- C:\Users\Lisa\Desktop\gigatagz logo.png
[2014/04/26 15:32:36 | 000,167,407 | ---- | C] () -- C:\Users\Lisa\Desktop\a-newspaper-articl.jpg
[2014/04/24 14:00:07 | 000,413,739 | ---- | C] () -- C:\Users\Lisa\Desktop\Lotus-2.png
[2014/04/23 21:41:30 | 000,012,797 | ---- | C] () -- C:\Users\Lisa\Desktop\12708195561883855498masjid-silhouette.svg.hi.png
[2014/04/23 21:21:08 | 000,003,297 | ---- | C] () -- C:\Users\Lisa\AppData\Local\recently-used.xbel
[2014/04/23 20:36:49 | 000,025,325 | ---- | C] () -- C:\Users\Lisa\Desktop\cute-baby-22.svg
[2014/04/23 15:12:14 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\VideoScribe Desktop.lnk
[2014/04/22 12:40:41 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe AIFF Format CS6 Prefs
[2014/04/21 21:50:55 | 000,000,208 | -H-- | C] () -- C:\F1F091392447
[2014/04/21 21:50:55 | 000,000,208 | -H-- | C] () -- C:\B8781944CC8A
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\D5529463E6F1
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\BC012D09253B
[2014/04/21 21:50:55 | 000,000,112 | -H-- | C] () -- C:\4F25AC132B75
[2014/04/21 21:47:20 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Photoshop CS6.lnk
[2014/04/21 21:47:19 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Photoshop CS6 x64.lnk
[2014/04/21 19:24:49 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
[2014/04/21 19:22:56 | 000,001,164 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
[2014/04/21 18:54:48 | 000,001,273 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[2014/04/21 18:54:48 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2014/04/14 17:29:20 | 042,378,341 | ---- | C] () -- C:\Users\Lisa\Desktop\Andy PPH.zip
[2014/04/07 12:46:22 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC.lnk
[2014/04/04 11:38:37 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2014/04/04 11:38:08 | 000,000,995 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2014/04/04 11:38:08 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2014/03/11 13:28:23 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2014/02/27 12:00:53 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/02/13 20:57:21 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/01/29 22:12:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/22 15:00:20 | 000,214,512 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2013/11/06 22:26:52 | 000,012,800 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/19 16:40:30 | 000,007,599 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg
[2013/06/06 17:38:42 | 000,000,044 | ---- | C] () -- C:\windows\vzones.ini
[2013/05/05 19:50:12 | 000,000,423 | ---- | C] () -- C:\windows\wininit.ini
[2013/01/21 18:39:50 | 000,770,932 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/30 13:37:37 | 000,017,408 | ---- | C] () -- C:\Users\Lisa\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2013/06/06 16:09:38 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/29 19:00:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\.Temp_Updater_Directory
[2013/01/21 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Autodesk
[2012/12/17 21:44:39 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Awesomium
[2012/12/21 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Blender Foundation
[2014/01/19 12:33:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\bwincom
[2014/01/19 12:33:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\cef-cache
[2012/10/24 19:14:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/09/01 20:03:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\deluge
[2014/05/02 15:20:40 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Dropbox
[2014/03/14 08:16:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DropboxMaster
[2013/06/06 18:09:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Firestorm
[2014/04/05 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\inkscape
[2014/02/12 23:08:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IrfanView
[2014/02/12 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\KompoZer
[2012/12/28 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum
[2013/11/19 23:03:55 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Open Download Manager
[2012/10/26 16:11:46 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
[2013/09/02 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Origin
[2014/03/18 15:03:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OutWit
[2014/01/20 19:09:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PacificPoker
[2013/02/21 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Party
[2014/02/10 19:08:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PDAppFlex
[2013/04/09 17:44:13 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\player
[2013/05/02 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlayFirst
[2013/01/06 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SecondLife
[2014/03/10 11:25:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SolidDocuments
[2012/10/23 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\T-Mobile
[2013/11/20 13:46:32 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\T-Mobile Internet Manager
[2013/02/12 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Temp
[2013/09/19 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Utherverse
[2014/05/01 22:03:01 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\uTorrent
[2014/03/12 10:01:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\VideoScribeDesktop
[2013/04/27 20:17:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WildTangent
[2014/02/17 16:22:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinZip
[2013/02/21 17:34:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WPT
[2013/10/18 12:09:38 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Xilisoft
 
========== Purity Check ==========
 
 

< End of report >
 
Malbytes
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/05/2014
Scan Time: 17:00:42
Logfile: malware.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.02.08
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lisa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340201
Time Elapsed: 42 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerV1alpha883, Quarantined, [c04018e818e8bb4547e24c3dcf3343bd],
PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha2232, Quarantined, [31cf87796e923ac608982063778b3ec2],
PUP.Optional.1ClickMovieDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\1ClickMovie-Download V9.0, Quarantined, [0df3946c808029d79f4aff85788a8779],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2964522286-2092028268-1510466465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [1ee25ea2ef11bf41920ea115fa091be5],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2964522286-2092028268-1510466465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [ba46e31d30d0a65a1517fd892fd37e82],

Registry Values: 1
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha294\ff, Quarantined, [4cb4d12f8c74a65abf0861273ec4fa06]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.GreatArcadeHits.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh, Quarantined, [8d732fd12ad64fb105ec0a5e09f9cc34],
PUP.Optional.GreatArcadeHits.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0, Quarantined, [8d732fd12ad64fb105ec0a5e09f9cc34],
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice, Quarantined, [3dc342be31cf47b9ac6e7bee7290ae52],

Files: 15
Trojan.Zbot, C:\Users\Lisa\Downloads\DHL Private delivery services (1).zip, Quarantined, [5aa60ef2c7398a76f72fe78b9f621ce4],
Trojan.Zbot, C:\Users\Lisa\Downloads\DHL Private delivery services.zip, Quarantined, [47b9f30dd8286e9254d2551da160a25e],
PUP.Optional.Amonetize.A, C:\Users\Lisa\Downloads\Onhax Downloader__4006_il81.exe, Quarantined, [33cd32ce4ab6b947c2a3ee4ce7195ea2],
PUP.Optional.Freemium.A, C:\Users\Lisa\Downloads\Harabara_Font_Installer.exe, Quarantined, [6d9312eeec145da31ac3ec37c04155ab],
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Dragon_Naturally_Speaking_7(1).exe, Quarantined, [34ccfb059a6602fe46dcd2679e6321df],
PUP.Optional.OneClickDownloader.A, C:\Users\Lisa\Downloads\Dragon_Naturally_Speaking_7.exe, Quarantined, [1fe153ad5da321df40e206330100ab55],
Adware.Linkular, C:\Users\Lisa\Downloads\FirestormOpti-Nine Setup.exe, Quarantined, [33cd2ed227d9ea16c03b75ee25dcb64a],
PUP.Optional.OptimumInstaller.A, C:\Users\Lisa\Downloads\Setup.exe, Quarantined, [6e92c739758b2bd55f6950fa21e07888],
PUP.Optional.GreatArcadeHits.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js, Quarantined, [8d732fd12ad64fb105ec0a5e09f9cc34],
PUP.Optional.GreatArcadeHits.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js, Quarantined, [8d732fd12ad64fb105ec0a5e09f9cc34],
PUP.Optional.GreatArcadeHits.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png, Quarantined, [8d732fd12ad64fb105ec0a5e09f9cc34],
PUP.Optional.GreatArcadeHits.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json, Quarantined, [8d732fd12ad64fb105ec0a5e09f9cc34],
PUP.Optional.GreatArcadeHits.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js, Quarantined, [8d732fd12ad64fb105ec0a5e09f9cc34],
PUP.Optional.GreatArcadeHits.A, C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js, Quarantined, [8d732fd12ad64fb105ec0a5e09f9cc34],
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice\config.dat, Quarantined, [3dc342be31cf47b9ac6e7bee7290ae52],

Physical Sectors: 0
(No malicious items detected)


(end)
  • 0

#10
Machiavelli
Posted 02 May 2014 - 01:06 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey liscat,
how are you?
 

Hi, neither of the links for security check are working.

I'm sorry, but the second link worked for me. This link should work: http://filepony.de/d...curityCheck.exe

If not please tell me. For me the link works.
  • 0

#11
liscat
Posted 03 May 2014 - 02:30 AM

liscat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi,

 

For some reason the second link was saying forbidden access for me, but the third link worked fine.

 

Here is the log.

 

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Computer Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 13.0.0.206  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

 

Thanks :)


  • 0

#12
Machiavelli
Posted 03 May 2014 - 02:50 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello,
in my opinion your PC is clean. We will do now a little OTL Fix and then delete all the tools we have used in this thread. :)

 
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
O1364bit: - gopher Prefix: missing
[2014/05/01 10:38:41 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

:Files
c:\users\lisa\downloads\sparkol.videoscribe.crack.zip
c:\users\lisa\downloads\spark.vidscri.pro.edi.1.3.26
c:\users\m4553ff3ct\cura&key\keygen.exe
c:\users\m4553ff3ct\dvd1\fegefeuer\keygen.exe

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply
 

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:
  • 0

#13
liscat
Posted 03 May 2014 - 03:19 AM

liscat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi,

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\ProgramData\ntuser.pol moved successfully.
========== FILES ==========
c:\users\lisa\downloads\Sparkol.VideoScribe.Crack.zip moved successfully.
c:\users\lisa\downloads\Spark.VidScri.PRO.Edi.1.3.26\crack folder moved successfully.
c:\users\lisa\downloads\Spark.VidScri.PRO.Edi.1.3.26 folder moved successfully.
c:\users\m4553ff3ct\cura&key\keygen.exe moved successfully.
c:\users\m4553ff3ct\dvd1\fegefeuer\keygen.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lisa
->Temp folder emptied: 23575219 bytes
->Temporary Internet Files folder emptied: 3772 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21776821 bytes
->Google Chrome cache emptied: 42046891 bytes
->Flash cache emptied: 492 bytes
 
User: M4553ff3Ct
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 334378 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 292130 bytes
 
Total Files Cleaned = 84.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05032014_095617

Files\Folders moved on Reboot...
C:\Users\Lisa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\LISA-PC-20140502-1920.log moved successfully.
File\Folder C:\windows\temp\officeclicktorun.exe_c2ruidll(20140502192013724).log not found!
File\Folder C:\windows\temp\officeclicktorun.exe_streamserver(20140502192023724).log not found!
File move failed. C:\windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
File move failed. C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

# DelFix v10.7 - Logfile created 03/05/2014 at 10:09:41
# Updated 27/04/2014 by Xplode
# Username : Lisa - LISA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\log.txt
Deleted : C:\Users\Lisa\Desktop\AdwCleaner.exe
Deleted : C:\Users\Lisa\Desktop\aswMBR.exe
Deleted : C:\Users\Lisa\Desktop\CKScanner.exe
Deleted : C:\Users\Lisa\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Lisa\Desktop\JRT.exe
Deleted : C:\Users\Lisa\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #216 [Removed Skype™ 6.14 | 04/29/2014 11:54:38]
Deleted : RP #217 [OTL Restore Point - 01/05/2014 19:54:08 | 05/01/2014 18:54:09]
Deleted : RP #218 [Installed Microsoft Fix it 50906 | 05/01/2014 21:07:29]
Deleted : RP #219 [OTL Restore Point - 01/05/2014 22:42:57 | 05/01/2014 21:43:00]
Deleted : RP #220 [OTL Restore Point - 01/05/2014 23:22:08 | 05/01/2014 22:22:11]
Deleted : RP #221 [OTL Restore Point - 02/05/2014 15:12:05 | 05/02/2014 14:12:06]
Deleted : RP #222 [OTL Restore Point - 03/05/2014 09:56:30 | 05/03/2014 08:56:36]

New restore point created !

########## - EOF - ##########
 

I have sorted java out as you suggested. I can not thank you enough for helping me sort this. There was alot more on the system than I realised, not just from the email attachement.

 

Thankyou


  • 0

#14
Machiavelli
Posted 03 May 2014 - 03:21 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
The email attachment was ZBOT (a trojan). Anyway, it is removed now. You are most welcome, liscat. I will close this topic as solved then.
  • 0

#15
Machiavelli
Posted 03 May 2014 - 03:21 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: virus, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP