Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cmd.exe popping up at start up [Solved]

Started by mrpooh3 , Nov 12 2014 10:39 AM

  • This topic is locked This topic is locked

#1
mrpooh3
Posted 12 November 2014 - 10:39 AM

mrpooh3

    Member

  • Member
  • PipPipPip
  • 281 posts

hi,for the past few weeks the cmd.exe black box pops up when my pc reaches the desktop screen at start-up and disappears after only 3 seconds...there is some writing in the box but it disappears too fast for me to read it.

I am not sure if it could be malware or if this is normal.

Any help appreciated.


  • 0

Advertisements

#2
Essexboy
Posted 13 November 2014 - 12:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets have a look see shall we :)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
mrpooh3
Posted 13 November 2014 - 01:09 PM

mrpooh3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

Hi Essexboy,

The 32-bit version isn't compatible so I ran the 64-bit version....it has crashed twice now at Getting Application errors:56803.

I have my AV turned off so am not sure why it's crashing.


  • 0

#4
Essexboy
Posted 13 November 2014 - 01:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you reboot to safe mode :

Reboot the computer and immediately press and hold F8
On the menu that appears select safe mode with networking then try FRST again
  • 0

#5
mrpooh3
Posted 13 November 2014 - 01:37 PM

mrpooh3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

Hi Essexboy,

I rebooted into safe mode with networking.

Still no joy....it crashed at the same place again Getting Application errors :56803


  • 0

#6
Essexboy
Posted 13 November 2014 - 01:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there is more than one way to skin a cat :)

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

  • 0

#7
mrpooh3
Posted 13 November 2014 - 01:57 PM

mrpooh3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

Hi Essexboy,

Here is my OTL LOG:

 

OTL logfile created on: 13/11/2014 19:46:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Allybongo\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 68.59% Memory free
7.80 Gb Paging File | 6.39 Gb Available in Paging File | 81.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 176.46 Gb Free Space | 75.80% Space Free | Partition Type: NTFS
Drive E: | 7.40 Gb Total Space | 7.36 Gb Free Space | 99.45% Space Free | Partition Type: FAT32
 
Computer Name: ALLYBONGO-PC | User Name: Allybongo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2014/11/13 19:45:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allybongo\Downloads\OTL.exe
PRC - [2014/09/12 09:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/05/14 04:39:52 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2014/01/24 03:30:14 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2014/01/10 05:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2013/01/23 16:19:04 | 002,595,832 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2013/01/23 16:19:04 | 000,327,672 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2011/09/20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
PRC - [2011/05/25 08:31:18 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/15 23:05:41 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll
MOD - [2014/10/15 23:05:08 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/15 23:04:12 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014/10/15 21:16:08 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/15 21:15:50 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/15 21:15:43 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/15 21:15:39 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/15 21:15:36 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014/10/15 21:15:22 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 21:15:08 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 21:15:02 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 21:15:01 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/02/13 15:58:36 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/12 22:32:35 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/10 05:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/10 05:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/06/17 11:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/06 03:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/07/22 23:31:23 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2014/02/02 07:02:28 | 000,244,328 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/10/27 12:04:50 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/01/25 00:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/18 08:50:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/11/12 16:34:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/10 15:16:14 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/12 09:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/05/04 15:37:30 | 002,152,736 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/03/20 22:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/24 03:30:14 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/13 22:14:20 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/01/23 16:19:04 | 002,595,832 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2013/01/23 16:19:04 | 000,327,672 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/14 04:43:04 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/05/14 04:43:04 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/05/14 04:43:04 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014/02/26 02:33:07 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2014/02/26 02:33:07 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2014/02/26 02:33:07 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2014/02/26 02:33:07 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2014/02/26 02:33:07 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2014/02/02 07:04:44 | 000,462,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2014/02/02 07:02:28 | 000,084,712 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2014/01/24 03:30:12 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014/01/24 03:30:12 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014/01/24 03:30:12 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014/01/24 03:30:12 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/10/15 11:38:24 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/10/02 02:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/11 17:46:56 | 000,772,864 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6TPortGX64.sys -- (L6TPortGX)
DRV:64bit: - [2013/05/14 16:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/04/29 07:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2013/04/12 14:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013/02/27 11:58:36 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/02/22 13:50:28 | 005,358,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/02/21 13:10:12 | 000,489,264 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2013/01/31 16:05:26 | 000,023,040 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipmidi.sys -- (ipMIDI)
DRV:64bit: - [2013/01/23 17:19:00 | 000,057,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/12/13 15:41:10 | 000,028,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/12/10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/05/21 11:54:04 | 000,068,208 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL)
DRV:64bit: - [2012/05/10 16:35:26 | 000,221,184 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2012/05/10 16:35:26 | 000,104,448 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/22 12:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 00:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/18 08:50:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/01/18 08:49:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/03 13:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENGB/MSN_WCP
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?o...U219DHP&pc=U219
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C AD 7E 7B 15 C0 CE 01  [binary data]
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://hsrd.yahoo.co...vP2emkWJu729A-"
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:14.0.0.4939
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/30 15:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/30 15:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/30 15:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/30 15:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/30 15:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/10 15:16:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/10 15:16:12 | 000,000,000 | ---D | M]
 
[2014/03/14 16:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Extensions
[2014/11/13 17:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\tc1fa2kk.default-1414851540504\extensions
[2014/11/13 17:36:08 | 000,000,000 | ---D | M] (Hola Better Internet) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\tc1fa2kk.default-1414851540504\extensions\jid1-4P0kohSJxU1qGg@jetpack
[2014/11/12 15:50:52 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\tc1fa2kk.default-1414851540504\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/11/10 15:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/10 15:16:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/30 15:54:27 | 000,000,000 | ---D | M] (Chặn quảng cáo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\FFEXT\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://uk.yahoo.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: APP = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Kaspersky Protection = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa\3.1.0.122_0\
CHR - Extension: YouTube = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\
CHR - Extension: Hola Better Internet = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng\1.4.562_0\
CHR - Extension: Dangerous Websites Blocker = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0\
CHR - Extension: No name found = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Click&Clean App = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.6_0\
CHR - Extension: Gmail = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Allybongo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0\
 
O1 HOSTS File: ([2014/05/18 16:55:04 | 000,449,906 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15470 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DFX] c:\program files (x86)\dfx\dfx.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\windows defender\msascui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F105BFF-611A-45EE-B4A5-EC05C0AEF371}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/13 18:49:39 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/13 01:39:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/11/13 01:39:35 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/11/13 01:39:35 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/11/13 01:39:35 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/13 01:39:35 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/13 01:39:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/11/13 01:39:35 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/13 01:39:35 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/11/13 01:39:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/13 01:39:33 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/13 01:39:33 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/11/13 01:39:33 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/13 01:39:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/11/13 01:39:32 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/11/13 01:39:32 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/11/13 01:39:32 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/13 01:39:32 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/13 01:39:32 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/11/13 01:39:32 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/13 01:39:31 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/11/13 01:39:31 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/11/13 01:39:31 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/11/13 01:39:30 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/13 01:39:30 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/13 01:39:30 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/11/13 01:39:30 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/13 01:39:29 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/11/13 01:39:29 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/11/13 01:39:28 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/11/13 01:39:28 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/11/13 01:39:28 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/11/13 01:39:28 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/11/13 01:39:27 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/11/13 01:39:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/11/13 01:39:27 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/11/13 01:39:24 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/13 01:39:24 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/13 01:39:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/13 01:39:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/13 01:39:18 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/13 01:39:17 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/13 01:39:11 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/13 01:39:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/13 01:39:11 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/13 01:39:11 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/13 01:39:11 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/13 01:39:06 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/13 01:38:58 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/13 01:38:58 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/13 01:38:58 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/13 01:38:58 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/13 01:38:58 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/13 01:38:55 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/11/13 01:38:55 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/11/13 01:38:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/11/13 01:36:56 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/11/13 01:36:49 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/11/12 16:34:04 | 004,918,960 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/11/10 15:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/04 17:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent Sync
[2014/11/01 10:26:19 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Dropbox
[2014/10/28 17:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/10/28 17:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/10/25 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Mp3tag
[2014/10/25 09:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2014/10/24 23:28:09 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\77DD0885.sys
[2014/10/21 19:12:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/21 02:20:22 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\DDMSettings
[2014/10/21 02:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2014/10/21 02:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2014/10/21 02:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2014/10/21 02:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2014/10/21 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2014/10/20 22:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Line 6
[2014/10/20 22:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2014/10/20 22:53:43 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Line 6
[2014/10/20 21:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2014/10/20 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2014/10/17 19:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealTemp
[2014/10/15 20:36:02 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/15 20:36:02 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/15 20:36:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/15 20:35:50 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/10/15 20:35:37 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2014/10/15 20:35:37 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2014/10/15 20:35:37 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2014/10/15 20:35:36 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2014/10/15 20:35:35 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/10/15 20:35:33 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/10/15 20:35:32 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2014/10/15 20:35:32 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2014/10/15 20:35:30 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/10/15 20:35:28 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/10/15 20:35:28 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2014/10/15 20:35:27 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/10/15 20:35:27 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2014/10/15 20:35:25 | 000,616,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/10/15 20:35:24 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/10/15 20:35:23 | 005,551,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/10/15 20:35:23 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/10/15 20:35:23 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/10/15 20:35:23 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/10/15 20:35:23 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2014/10/15 20:35:23 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/10/15 20:35:23 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/10/15 20:35:23 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/10/15 20:35:22 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/10/15 20:35:22 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/10/15 20:35:22 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2014/10/15 20:35:22 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2014/10/15 20:35:22 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2014/10/15 20:35:21 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2014/10/15 20:35:21 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2014/10/15 20:35:21 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2014/10/15 20:35:21 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/10/15 20:35:21 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2014/10/15 20:35:21 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2014/10/15 20:35:21 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2014/10/15 20:35:21 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2014/10/15 20:35:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014/10/15 20:35:21 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2014/10/15 20:35:21 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014/10/15 20:35:21 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2014/10/15 20:35:21 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2014/10/15 20:35:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/10/15 20:35:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014/10/15 20:35:21 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/10/15 20:35:21 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2014/10/15 20:35:21 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014/10/15 20:35:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014/10/15 20:35:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014/10/15 20:35:21 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2014/10/15 20:35:20 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/10/15 20:35:20 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/10/15 20:35:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2014/10/15 20:35:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2014/10/15 20:35:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2014/10/15 20:35:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2014/10/15 20:35:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2014/10/15 20:35:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2014/10/15 20:35:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014/10/15 20:35:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014/10/15 20:34:33 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/15 20:34:33 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 20:34:33 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/15 20:34:33 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/15 20:34:32 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/15 20:34:32 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/15 20:34:15 | 006,584,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/15 20:34:15 | 005,703,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/15 20:34:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/15 20:34:14 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/15 19:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/10/15 19:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/10/15 19:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/10/15 19:45:37 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/10/15 19:45:37 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/10/15 19:45:37 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/10/15 19:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/10/15 19:32:52 | 000,701,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/10/15 19:32:52 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/14 02:44:12 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2013/10/03 11:44:43 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Allybongo\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/13 19:46:06 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/13 19:46:06 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/13 19:43:05 | 000,781,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/13 19:43:05 | 000,666,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/13 19:43:05 | 000,126,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/13 19:38:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/13 18:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/13 01:49:16 | 004,916,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/12 16:34:12 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/11/12 16:34:12 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/11/12 16:34:04 | 004,918,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/11/07 15:09:45 | 001,295,411 | ---- | M] () -- C:\Users\Allybongo\Documents\Daler Rowney Watercolour Chart.pdf
[2014/11/06 04:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/11/06 03:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/11/06 03:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/11/06 03:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/11/06 03:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/11/06 03:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/11/06 03:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/11/06 03:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/11/06 03:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/11/06 03:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/11/06 03:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/11/06 03:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/11/06 03:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/11/06 03:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/06 03:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/06 03:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/06 03:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/11/06 03:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/06 03:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/11/06 03:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/06 03:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/11/06 02:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/06 02:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/06 02:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/11/06 02:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/06 02:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/11/06 02:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/11/06 02:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/11/06 02:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/11/06 02:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/06 02:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/06 02:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/06 02:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/06 01:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/11/06 01:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/11/05 17:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/11/05 17:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/11/05 17:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/30 06:12:44 | 000,287,966 | ---- | M] () -- C:\Users\Allybongo\AppData\Local\census.cache
[2014/10/30 06:12:40 | 000,098,822 | ---- | M] () -- C:\Users\Allybongo\AppData\Local\ars.cache
[2014/10/25 09:35:33 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2014/10/25 05:16:44 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\77DD0885.sys
[2014/10/25 01:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/25 01:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/21 00:58:49 | 016,908,167 | ---- | M] () -- C:\Users\Allybongo\Documents\Latitude E5420 User Manual.pdf
[2014/10/20 22:59:14 | 000,000,032 | ---- | M] () -- C:\Windows\GearBox.ini
[2014/10/18 02:05:23 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/10/15 19:56:25 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/10/15 19:45:31 | 000,319,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/10/15 19:45:31 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/10/15 19:45:31 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
 
========== Files Created - No Company Name ==========
 
[2014/11/07 15:09:44 | 001,295,411 | ---- | C] () -- C:\Users\Allybongo\Documents\Daler Rowney Watercolour Chart.pdf
[2014/10/25 09:35:33 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2014/10/21 00:58:39 | 016,908,167 | ---- | C] () -- C:\Users\Allybongo\Documents\Latitude E5420 User Manual.pdf
[2014/10/15 19:32:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/19 14:10:58 | 000,000,024 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\temp.ini
[2014/05/18 21:26:10 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/14 08:11:46 | 000,000,628 | RHS- | C] () -- C:\Users\Allybongo\ntuser.pol
[2014/05/05 16:53:34 | 000,000,611 | ---- | C] () -- C:\Windows\cdplayer.ini
[2014/05/05 16:53:08 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2014/04/15 12:13:15 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2014/04/15 12:13:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2014/03/08 16:00:45 | 000,287,966 | ---- | C] () -- C:\Users\Allybongo\AppData\Local\census.cache
[2014/03/08 16:00:34 | 000,098,822 | ---- | C] () -- C:\Users\Allybongo\AppData\Local\ars.cache
[2014/03/08 15:34:36 | 000,000,036 | ---- | C] () -- C:\Users\Allybongo\AppData\Local\housecall.guid.cache
[2014/02/22 14:39:53 | 000,078,848 | ---- | C] () -- C:\Windows\SysWow64\OneWay.dll
[2014/02/21 13:16:59 | 000,219,566 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2014/02/17 05:26:09 | 000,053,812 | ---- | C] () -- C:\Windows\uninst-vj.exe
[2014/02/16 18:26:04 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ALLYBONGO-PC-Microsoft-Windows-7-Professional-(64-bit).dat
[2014/02/16 00:36:04 | 000,009,018 | ---- | C] () -- C:\Users\Allybongo\AppData\Local\recently-used.xbel
[2014/02/14 07:20:53 | 000,000,094 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2014/02/10 13:06:31 | 000,000,628 | R-S- | C] () -- C:\Users\Allybongo\ntuser.pol.bak
[2014/02/03 01:27:31 | 000,000,047 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\WB.CFG
[2014/01/15 00:10:20 | 000,000,396 | RHS- | C] () -- C:\ProgramData\ntuser.pol.bak
[2013/12/29 22:34:18 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2013/12/29 04:55:35 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2013/12/10 14:07:46 | 000,000,250 | ---- | C] () -- C:\Users\Allybongo\.swfinfo
[2013/12/10 14:06:21 | 000,000,990 | ---- | C] () -- C:\Windows\SysWow64\amsiq19a.sys
[2013/11/29 06:18:24 | 000,766,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/06 20:57:30 | 000,152,576 | ---- | C] () -- C:\Windows\SysWow64\1Way.dll
[2013/11/05 21:27:32 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2013/11/05 21:27:25 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
[2013/10/09 20:17:21 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/03 11:44:43 | 000,007,859 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.cat
[2013/10/03 11:44:43 | 000,001,167 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.inf
[2013/10/03 09:14:59 | 000,026,329 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/10/03 08:04:52 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/10/03 08:04:49 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/08/05 17:00:26 | 000,024,036 | ---- | C] () -- C:\Users\Allybongo\SDActivate.lng
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 02:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/18 07:20:29 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\.ACEStream
[2014/10/18 07:20:29 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ACEStream
[2014/02/18 08:15:31 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Boilsoft
[2014/09/08 16:42:09 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\calibre
[2014/04/16 22:50:24 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ClassicShell
[2014/11/01 10:34:47 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Dropbox
[2014/03/22 11:07:50 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\EAC
[2013/10/26 19:39:16 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ImgBurn
[2014/05/13 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\IObit
[2014/07/02 21:12:58 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\IrfanView
[2014/02/11 02:53:41 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\LibrariIcon
[2014/10/20 23:06:58 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Line 6
[2014/10/25 09:36:56 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Mp3tag
[2014/02/03 02:24:10 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\OpenOffice
[2014/03/06 06:37:55 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Oracle
[2014/07/18 11:02:05 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\PCDr
[2014/02/16 04:48:36 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\PDAppFlex
[2014/02/16 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ProductData
[2014/10/30 07:03:51 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\QuickScan
[2014/03/06 04:25:24 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\SanDisk
[2014/04/17 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\SanDisk SecureAccess
[2014/02/28 05:49:29 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Serif
[2014/11/13 00:26:09 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\uTorrent
[2014/11/01 14:41:55 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Vso
[2014/02/07 23:30:00 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Xilisoft
[2014/02/14 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Zoner
[2014/03/19 23:39:52 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/03/19 23:39:52 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 05:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 03:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 03:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/12 02:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 22:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2014/07/07 02:06:31 | 000,187,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2014/07/07 01:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 03:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 03:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 06:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 03:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 17:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 11:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 06:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/12 02:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 03:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 03:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/12 02:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 01:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 03:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 03:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 03:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 03:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 03:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 03:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 05:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 03:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2014/10/03 02:11:51 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2014/10/03 02:11:51 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 03:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 03:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 03:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 03:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 03:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 03:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/05/14 16:23:46 | 002,477,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 03:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 03:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 3A74-D2B2
 Directory of C:\
14/07/2009  05:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Oracle\Java\javapath
15/10/2014  19:56    <SYMLINK>      java.exe [C:\Program Files\Java\jre1.8.0_25\bin\java.exe]
15/10/2014  19:56    <SYMLINK>      javaw.exe [C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe]
15/10/2014  19:56    <SYMLINK>      javaws.exe [C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe]
               3 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  05:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator.Allybongo-PC
13/02/2014  17:04    <JUNCTION>     Application Data [C:\Users\Administrator.Allybongo-PC\AppData\Roaming]
13/02/2014  17:04    <JUNCTION>     Cookies [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Cookies]
13/02/2014  17:04    <JUNCTION>     Local Settings [C:\Users\Administrator.Allybongo-PC\AppData\Local]
13/02/2014  17:04    <JUNCTION>     My Documents [C:\Users\Administrator.Allybongo-PC\Documents]
13/02/2014  17:04    <JUNCTION>     NetHood [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/02/2014  17:04    <JUNCTION>     PrintHood [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/02/2014  17:04    <JUNCTION>     Recent [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Recent]
13/02/2014  17:04    <JUNCTION>     SendTo [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\SendTo]
13/02/2014  17:04    <JUNCTION>     Start Menu [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
13/02/2014  17:04    <JUNCTION>     Templates [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator.Allybongo-PC\AppData\Local
13/02/2014  17:04    <JUNCTION>     Application Data [C:\Users\Administrator.Allybongo-PC\AppData\Local]
13/02/2014  17:04    <JUNCTION>     History [C:\Users\Administrator.Allybongo-PC\AppData\Local\Microsoft\Windows\History]
13/02/2014  17:04    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator.Allybongo-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator.Allybongo-PC\Documents
13/02/2014  17:04    <JUNCTION>     My Music [C:\Users\Administrator.Allybongo-PC\Music]
13/02/2014  17:04    <JUNCTION>     My Pictures [C:\Users\Administrator.Allybongo-PC\Pictures]
13/02/2014  17:04    <JUNCTION>     My Videos [C:\Users\Administrator.Allybongo-PC\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users\Oracle\Java\javapath
15/10/2014  19:56    <SYMLINK>      java.exe [C:\Program Files\Java\jre1.8.0_25\bin\java.exe]
15/10/2014  19:56    <SYMLINK>      javaw.exe [C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe]
15/10/2014  19:56    <SYMLINK>      javaws.exe [C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe]
               3 File(s)              0 bytes
 Directory of C:\Users\Allybongo
03/10/2013  07:40    <JUNCTION>     Application Data [C:\Users\Allybongo\AppData\Roaming]
03/10/2013  07:40    <JUNCTION>     Cookies [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Cookies]
03/10/2013  07:40    <JUNCTION>     Local Settings [C:\Users\Allybongo\AppData\Local]
03/10/2013  07:40    <JUNCTION>     My Documents [C:\Users\Allybongo\Documents]
03/10/2013  07:40    <JUNCTION>     NetHood [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/10/2013  07:40    <JUNCTION>     PrintHood [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/10/2013  07:40    <JUNCTION>     Recent [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Recent]
03/10/2013  07:40    <JUNCTION>     SendTo [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\SendTo]
03/10/2013  07:40    <JUNCTION>     Start Menu [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu]
03/10/2013  07:40    <JUNCTION>     Templates [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Allybongo\AppData\Local
03/10/2013  07:40    <JUNCTION>     Application Data [C:\Users\Allybongo\AppData\Local]
03/10/2013  07:40    <JUNCTION>     History [C:\Users\Allybongo\AppData\Local\Microsoft\Windows\History]
03/10/2013  07:40    <JUNCTION>     Temporary Internet Files [C:\Users\Allybongo\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Allybongo\Documents
03/10/2013  07:40    <JUNCTION>     My Music [C:\Users\Allybongo\Music]
03/10/2013  07:40    <JUNCTION>     My Pictures [C:\Users\Allybongo\Pictures]
03/10/2013  07:40    <JUNCTION>     My Videos [C:\Users\Allybongo\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  05:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  05:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               6 File(s)              0 bytes
              65 Dir(s)  198,754,463,744 bytes free
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 

 

 

 

 

 

 

 

 

 

And my OTL EXTRAS LOG :

 

OTL Extras logfile created on: 13/11/2014 19:46:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Allybongo\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 68.59% Memory free
7.80 Gb Paging File | 6.39 Gb Available in Paging File | 81.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 176.46 Gb Free Space | 75.80% Space Free | Partition Type: NTFS
Drive E: | 7.40 Gb Total Space | 7.36 Gb Free Space | 99.45% Space Free | Partition Type: FAT32
 
Computer Name: ALLYBONGO-PC | User Name: Allybongo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe:*:Enabled:Daum PotPlayer
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe:*:Enabled:Daum PotPlayer
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055EB669-B870-4897-BD56-D0DC436916EA}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{28141C40-96A4-4F35-AD6B-E5FD48778793}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4A553ED2-F070-436D-BC43-C883CF27A82B}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{97FFC3E1-B9B2-4D3F-A4B4-54FAFED9AC02}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A767C96-3ADB-4145-8DA5-38444140BCD6}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{A3BBF455-D2CC-4DA7-A3BF-1A31450F00C2}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F06417071FF}" = Java 7 Update 71 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86418025F0}" = Java 8 Update 25 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}" = WinZip 18.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.71
"DW WLAN Card Utility" = DW WLAN Card Utility
"PC-Doctor for Windows" = My Dell
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{459C13B0-DD46-11DF-BFE1-005056C00008}" = MSVCRT Redists
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ED40090-5A38-415F-B222-26DD6D3C1AEF}" = calibre
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP MP3 Converter 4.5.2
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{938A412F-78C1-4158-8590-038A1D670A57}" = O2Micro Flash Memory Card Windows Driver
"{9395F41D-0F80-432E-9A59-B8E477E7E163}" = OpenOffice 4.1.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1" = VSO ConvertXToDVD
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.57
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"DFX" = DFX
"DivX Setup" = DivX Setup
"FileHippo.com" = FileHippo App Manager
"ImgBurn" = ImgBurn
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}" = O2Micro Flash Memory Card Windows Driver
"InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.65
"PokerStars" = PokerStars
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Tone2 Firebird_is1" = Firebird v2.0
"VLC media player" = VLC media player
"Winamp" = Winamp
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"73f463568823ebbe" = Dell System Detect
"Amazon Kindle" = Amazon Kindle
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/11/2014 04:40:34 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/11/2014 11:03:13 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/11/2014 15:37:04 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12/11/2014 11:47:20 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12/11/2014 12:31:11 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12/11/2014 21:50:27 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13/11/2014 07:43:31 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13/11/2014 13:36:21 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13/11/2014 15:34:08 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13/11/2014 15:40:28 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =
 
[ Broadcom Wireless LAN Events ]
Error - 10/11/2014 15:35:39 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 19:35:36, Mon, Nov 10, 14 Error - Unable to gain access to user store

 
Error - 11/11/2014 00:45:02 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 04:45:02, Tue, Nov 11, 14 Error - Unable to set enhanced country code

 
Error - 11/11/2014 01:44:43 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 05:44:43, Tue, Nov 11, 14 Error - Unable to set enhanced country code

 
Error - 11/11/2014 08:03:41 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 12:03:41, Tue, Nov 11, 14 Error - Unable to set enhanced country code

 
Error - 11/11/2014 15:09:33 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 19:09:33, Tue, Nov 11, 14 Error - Unable to set enhanced country code

 
Error - 12/11/2014 10:58:32 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 14:58:31, Wed, Nov 12, 14 Error - Unable to set enhanced country code

 
Error - 12/11/2014 11:07:31 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 15:07:31, Wed, Nov 12, 14 Error - Unable to set enhanced country code

 
Error - 12/11/2014 11:45:58 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 15:45:58, Wed, Nov 12, 14 Error - Unable to set enhanced country code

 
Error - 12/11/2014 12:29:50 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 16:29:50, Wed, Nov 12, 14 Error - Unable to set enhanced country code

 
Error - 12/11/2014 21:50:00 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 01:50:00, Thu, Nov 13, 14 Error - Unable to set enhanced country code

 
[ System Events ]
Error - 13/11/2014 15:32:28 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 13/11/2014 15:32:28 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 13/11/2014 15:32:28 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 13/11/2014 15:32:38 | Computer Name = Allybongo-PC | Source = DCOM | ID = 10005
Description =
 
Error - 13/11/2014 15:32:43 | Computer Name = Allybongo-PC | Source = DCOM | ID = 10005
Description =
 
Error - 13/11/2014 15:32:45 | Computer Name = Allybongo-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error
 Code: 21  
 
Error - 13/11/2014 15:32:47 | Computer Name = Allybongo-PC | Source = DCOM | ID = 10005
Description =
 
Error - 13/11/2014 15:32:47 | Computer Name = Allybongo-PC | Source = DCOM | ID = 10005
Description =
 
Error - 13/11/2014 15:32:56 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1068
 
Error - 13/11/2014 15:39:11 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
 %%-2147023143.
 
 
< End of report >
 


  • 0

#8
Essexboy
Posted 13 November 2014 - 02:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a great deal showing there, but as you have Kaspersky we can create an AVZ report
 
Could you follow the steps on this page http://support.kaspersky.com/8784

Then create a report zip file as stated here http://support.kaspersky.com/8782
Attach that to your next post
  • 0

#9
mrpooh3
Posted 13 November 2014 - 02:33 PM

mrpooh3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

Hi Essexboy,

I can't find the kaspersky zip file,can you tell me where it will be?

When I saved it it was supposed to go into my documents as a zip file but there is no zip file there.


Edited by mrpooh3, 13 November 2014 - 02:39 PM.

  • 0

#10
mrpooh3
Posted 13 November 2014 - 02:41 PM

mrpooh3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

I am not sure if this is the correct file I am attaching.

Attached Files


  • 0

Advertisements

#11
Essexboy
Posted 13 November 2014 - 03:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is the one :)

Ok we will now need to run a script details on how to access it here http://support.kaspersky.com/8780

In the Specify script to execute box
Copy and paste the following
 
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteFile('c:\users\allybongo\appdata\local\temp\FF82F169-FD268B4-D4C00E61-9339FF2A\9ush1ebp.exe');
 BC_DeleteFile('c:\users\allybongo\appdata\local\temp\FF82F169-FD268B4-D4C00E61-9339FF2A\9ush1ebp.exe');
 DeleteFile('c:\users\allybongo\appdata\local\temp\FF82F169-FD268B4-D4C00E61-9339FF2A\tyc7iszo.exe');
 BC_DeleteFile('c:\users\allybongo\appdata\local\temp\FF82F169-FD268B4-D4C00E61-9339FF2A\tyc7iszo.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Click next
When the script has executed click finish

Now reboot and let me know if the command prompt appears again
  • 0

#12
mrpooh3
Posted 13 November 2014 - 03:10 PM

mrpooh3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

Hi,just rebooted and no cmd.exe this time.


  • 0

#13
Essexboy
Posted 13 November 2014 - 03:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I love that AVZ tool :)

How is the computer behaving now, could you try and run FRST again please
  • 0

#14
mrpooh3
Posted 13 November 2014 - 03:17 PM

mrpooh3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

Hi Essexboy,

It is still crashing at the exact same place but has produced two text files....will I post them?


  • 0

#15
Essexboy
Posted 13 November 2014 - 03:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP