Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help for an owned PC?


  • Please log in to reply

#1
papilio

papilio

    Member

  • Member
  • PipPip
  • 11 posts

While I've had computer security issues for quite some time and had no successful remedy on other malware forums, the first documented apparent confirmation of this was in running Belarc Advisor at the request of Avast.  Though I'm not on any network of which I'm aware (single home PC) it lists a number of networked machines, regardless of whether or not my browser is running.  I've also learned enough to run what I believe should be a tight ship PC-wise, this report lists many Windows 7 security measures which it fails, regardless of the settings to which I have my machine set.  (Please see attached zipped file).  sfc /scannow shows a lot of moved files, usually is able to fix them but the problems quickly revert to their original configuration

 

I've been through 3 Dell computers and re-installed Windows, both XP (in its day) and 7 countless times without success.

 

Avast, Malwarebytes and several other scans rarely turn anything up, and have not revealed (AFAIK) anything significant.

 

My registry is highly corrupted, but as an example one concerning entry is "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\Bomgar_Cleanup_ZD2003027186    cmd.exe /c rd /s /q "c:\programdata\bomgar-scc-0x541056c5" & reg delete hkcu\software\microsoft\windows\currentversion\run /v bomgar_cleanup_zd2003027186 /f    NT AUTHORITY\SYSTEM    Startup"

 

OTL logfile created on: 12/9/2014 7:14:54 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\papilio\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17148)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
11.96 Gb Total Physical Memory | 7.18 Gb Available Physical Memory | 60.02% Memory free
43.21 Gb Paging File | 34.10 Gb Available in Paging File | 78.91% Paging File free
Paging file location(s): f:\pagefile.sys 32000 32000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 1.50 Gb Free Space | 2.69% Space Free | Partition Type: NTFS
Drive D: | 292.96 Gb Total Space | 37.11 Gb Free Space | 12.67% Space Free | Partition Type: NTFS
Drive F: | 172.79 Gb Total Space | 2.21 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive G: | 446.78 Gb Total Space | 251.66 Gb Free Space | 56.33% Space Free | Partition Type: NTFS
Drive H: | 484.73 Gb Total Space | 483.03 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
 
Computer Name: ISLAND | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/09 19:13:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\papilio\Desktop\OTL.scr
PRC - [2014/11/26 08:10:13 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
PRC - [2014/11/20 20:42:37 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/11/14 20:42:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/14 20:42:11 | 000,104,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/11/12 00:38:18 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/11/06 01:08:40 | 001,791,784 | ---- | M] (SecureMix LLC) -- C:\Program Files (x86)\GlassWire\GWIdlMon.exe
PRC - [2014/11/06 01:08:38 | 006,279,976 | ---- | M] (SecureMix LLC) -- C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
PRC - [2014/10/08 22:37:14 | 000,108,032 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2014/09/10 06:25:09 | 000,100,200 | ---- | M] (AVAST Software) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/07/22 17:29:12 | 000,126,995 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2014/07/20 19:39:26 | 001,154,112 | ---- | M] (Ruiware LLC) -- C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
PRC - [2014/03/06 17:07:02 | 002,086,568 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe
PRC - [2014/03/04 05:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/20 21:32:04 | 001,553,688 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2014/02/13 15:37:46 | 000,254,024 | ---- | M] () -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\TrayTipAgentE.exe
PRC - [2013/11/21 07:31:44 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/11/21 07:31:44 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/09/24 12:34:08 | 000,070,768 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2012/08/28 09:22:51 | 000,432,784 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
PRC - [2012/03/27 21:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/07/22 15:58:45 | 000,484,319 | ---- | M] () -- C:\Users\Public\Documents\Skins\Full glass.exe
PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 10:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2004/04/06 10:00:00 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\WinRoll\winroll.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/26 08:10:12 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
MOD - [2014/11/14 20:42:16 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/12 00:38:17 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/10/16 07:06:21 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014/10/16 07:06:18 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/16 07:06:07 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8c9f9e94e93956d68b43e34324790c6d\System.ServiceModel.Web.ni.dll
MOD - [2014/10/16 02:14:54 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/16 02:14:45 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/16 02:14:43 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/16 02:14:37 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/16 02:14:35 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/16 02:14:33 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/16 02:14:33 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/16 02:14:33 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/16 02:14:31 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/07/22 17:29:58 | 002,396,691 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2014/07/22 17:29:56 | 011,148,307 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2014/07/22 17:29:56 | 000,064,531 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
MOD - [2014/07/22 17:29:56 | 000,063,507 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
MOD - [2014/07/22 17:29:56 | 000,036,883 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
MOD - [2014/07/22 17:29:56 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
MOD - [2014/07/22 17:29:56 | 000,025,619 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
MOD - [2014/07/22 17:29:56 | 000,024,595 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
MOD - [2014/07/22 17:29:56 | 000,021,523 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
MOD - [2014/07/22 17:29:56 | 000,021,011 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
MOD - [2014/07/22 17:29:48 | 001,393,171 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2014/07/22 17:29:48 | 000,336,403 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2014/07/22 17:29:48 | 000,292,371 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2014/07/22 17:29:48 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2014/07/22 17:29:48 | 000,027,667 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
MOD - [2014/07/22 17:29:48 | 000,018,963 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
MOD - [2014/07/22 17:29:48 | 000,018,451 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2014/07/22 17:29:48 | 000,017,939 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2014/07/22 17:29:46 | 001,280,019 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2014/07/22 17:29:46 | 000,733,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2014/07/22 17:29:46 | 000,027,155 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
MOD - [2014/07/22 17:29:46 | 000,022,035 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2014/07/22 17:29:46 | 000,019,987 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2014/07/22 17:29:46 | 000,018,963 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2014/07/22 17:29:46 | 000,015,891 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2014/07/22 17:29:44 | 000,344,595 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2014/07/22 17:29:44 | 000,198,675 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2014/07/22 17:29:44 | 000,017,427 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
MOD - [2014/07/22 17:29:34 | 000,146,451 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2014/07/22 17:29:34 | 000,054,291 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2014/07/22 17:29:34 | 000,038,419 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2014/07/22 17:29:34 | 000,016,403 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
MOD - [2014/07/22 17:29:34 | 000,013,843 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
MOD - [2014/07/22 17:29:30 | 000,296,979 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2014/07/22 17:29:30 | 000,168,979 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2014/07/22 17:29:28 | 001,512,467 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2014/07/22 17:29:28 | 001,496,083 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,130,579 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,058,899 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,025,619 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,019,475 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,018,963 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,015,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,014,867 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,014,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,014,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2014/07/22 17:29:28 | 000,013,331 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2014/07/22 17:29:26 | 001,248,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2014/07/22 17:29:22 | 000,066,579 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
MOD - [2014/07/22 17:29:20 | 000,268,307 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2014/07/22 17:29:20 | 000,244,243 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2014/07/22 17:29:20 | 000,076,307 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2014/07/22 17:29:18 | 002,043,411 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2014/07/22 17:29:18 | 000,116,755 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
MOD - [2014/07/22 17:29:18 | 000,114,195 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2014/07/22 17:29:18 | 000,100,371 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2014/07/22 17:29:18 | 000,045,587 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2014/07/22 17:29:18 | 000,040,467 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2014/07/22 17:29:16 | 000,189,971 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2014/07/22 17:29:16 | 000,133,139 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2014/07/22 17:29:16 | 000,091,667 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2014/07/22 17:29:16 | 000,077,331 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
MOD - [2014/07/22 17:29:16 | 000,067,603 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
MOD - [2014/07/22 17:29:16 | 000,025,619 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
MOD - [2014/07/22 17:29:12 | 000,708,627 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
MOD - [2014/07/22 17:29:12 | 000,531,475 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
MOD - [2014/07/22 17:29:12 | 000,113,171 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2014/07/22 17:29:12 | 000,060,947 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
MOD - [2014/07/22 17:29:12 | 000,014,867 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
MOD - [2014/02/27 03:01:58 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/13 15:37:46 | 000,254,024 | ---- | M] () -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\TrayTipAgentE.exe
MOD - [2014/02/13 15:27:58 | 000,275,528 | ---- | M] () -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\libcurl.dll
MOD - [2014/02/13 15:27:58 | 000,249,928 | ---- | M] () -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\uexper.dll
MOD - [2014/02/13 15:27:58 | 000,222,792 | ---- | M] () -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\traynet.dll
MOD - [2014/02/13 15:27:58 | 000,113,166 | ---- | M] () -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\zlib1.dll
MOD - [2012/08/28 09:22:51 | 000,067,728 | ---- | M] () -- C:\Program Files (x86)\Stardock\CursorFX\zlib1.dll
MOD - [2011/07/22 15:58:45 | 000,484,319 | ---- | M] () -- C:\Users\Public\Documents\Skins\Full glass.exe
MOD - [2010/12/17 10:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2004/04/06 10:00:00 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\WinRoll\winroll.exe
MOD - [2004/04/06 10:00:00 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\WinRoll\winroll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/14 20:42:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/14 20:42:11 | 000,104,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/03/12 20:03:32 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/12/10 12:09:30 | 000,038,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2013/11/21 07:31:44 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/09/13 13:21:46 | 000,337,776 | ---- | M] (arvato digital services llc) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2013/06/13 13:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/01 21:41:38 | 000,089,600 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe -- (postgresql-x64-9.2)
SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/11/30 00:35:03 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/06 01:08:38 | 006,279,976 | ---- | M] (SecureMix LLC) [Auto | Running] -- C:\Program Files (x86)\GlassWire\GWCtlSrv.exe -- (GlassWire)
SRV - [2014/10/08 22:37:14 | 000,108,032 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/04 05:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/12/10 12:09:34 | 002,409,272 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013/12/10 12:09:30 | 000,030,520 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/09/24 12:34:08 | 000,070,768 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/27 21:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/30 00:25:29 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 20:42:30 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/12 11:44:09 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/12 11:44:09 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/12 11:44:09 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/11/12 11:44:09 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/12 11:44:09 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/12 11:44:09 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/12 11:44:09 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/12 11:44:06 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/11/12 11:44:03 | 000,449,936 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/11/04 23:41:40 | 000,033,296 | ---- | M] (SecureMix LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gwdrv.sys -- (gwdrv)
DRV:64bit: - [2014/05/06 08:14:26 | 000,049,752 | ---- | M] (Raxco Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PerfectGuard64.sys -- (AntiLog32)
DRV:64bit: - [2014/03/19 00:47:43 | 000,044,640 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswTap.sys -- (aswTap)
DRV:64bit: - [2014/03/02 17:24:27 | 000,451,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2014/02/18 05:48:28 | 000,901,848 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/01/23 08:04:40 | 000,031,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/12/18 13:42:52 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/11/21 07:31:28 | 000,632,168 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/11/21 07:31:28 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/07/25 12:32:08 | 000,079,592 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2013/05/23 00:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/23 00:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/03/07 09:49:18 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2013/03/07 09:49:18 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/31 10:05:14 | 000,175,928 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/25 08:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 08:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 09:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/01 11:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013/03/07 09:49:20 | 000,013,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2013/03/07 09:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012/11/16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: dragmove%40zen-ben.com:0.10
FF - prefs.js..extensions.enabledAddons: %7B477c4c36-24eb-11da-94d4-00e08161165f%7D:3.2.5.2
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B0200c2a9-70da-4f6d-b527-f5f7d7877228%7D:0.5
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.5.2
FF - prefs.js..extensions.enabledAddons: hotmailwatcher%40sonthakit:2.23
FF - prefs.js..extensions.enabledAddons: siphon%40siphon.ian-halpern.com:0.9.8
FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.26
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.3
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.54
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.25
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.4
FF - prefs.js..extensions.enabledAddons: s3download%40statusbar:3.06
FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20141109
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/14 20:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/05/06 10:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/09/10 06:26:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\-Program Files (x86)\Siber Systems\AI RoboForm\Firefox
 
[2013/01/04 09:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
[2014/11/20 03:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions
[2014/10/22 14:55:57 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2014/10/22 14:55:57 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/10/22 14:55:57 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/10/22 14:55:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default.old\extensions
[2014/10/22 14:55:08 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default.old\extensions\[email protected]
[2014/10/22 14:55:08 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default.old\extensions\[email protected]
[2014/05/29 11:49:50 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/04/27 09:49:16 | 000,003,893 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/10/17 04:00:02 | 001,443,602 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/10/20 23:24:32 | 000,292,113 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/06/24 19:46:52 | 000,069,246 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/08/27 07:27:42 | 000,773,823 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/11/20 03:04:56 | 003,604,768 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/05/18 08:10:05 | 000,015,751 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/11/20 03:04:56 | 000,362,790 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/10/21 22:18:46 | 000,067,981 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\[email protected]
[2014/10/01 08:18:09 | 000,368,735 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}.xpi
[2014/11/20 03:04:56 | 000,450,785 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2014/05/18 08:10:21 | 000,096,207 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2014/05/18 08:10:21 | 000,179,023 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi
[2014/11/20 03:04:56 | 000,542,882 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/11/20 02:36:49 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/10/04 22:36:10 | 000,801,883 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2014/10/22 02:20:51 | 003,485,554 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default.old\extensions\[email protected]
[2014/10/22 02:22:04 | 000,067,981 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\hu7l66ts.default.old\extensions\[email protected]
[2014/10/22 02:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/14 19:59:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/11/14 20:42:15 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2014/11/28 00:00:47 | 000,725,697 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 0.0.0.0 asy.a8ww.net
O1 - Hosts: 0.0.0.0 cl21.v4.adaction.se
O1 - Hosts: 0.0.0.0 wad.adbasket.net
O1 - Hosts: 0.0.0.0 show.adclick.lv
O1 - Hosts: 0.0.0.0 ct1.addthis.com
O1 - Hosts: 0.0.0.0 pt.server1.adexit.com
O1 - Hosts: 0.0.0.0 www.adexit.com
O1 - Hosts: 0.0.0.0 222-33544_999.pub.adfirmative.com
O1 - Hosts: 0.0.0.0 c.adfirmative.com
O1 - Hosts: 0.0.0.0 server.adform.net
O1 - Hosts: 0.0.0.0 pool.adhese.be
O1 - Hosts: 0.0.0.0 ad.adition.net
O1 - Hosts: 0.0.0.0 rotator.hadj7.adjuggler.net
O1 - Hosts: 0.0.0.0 yorick.adjuggler.net
O1 - Hosts: 0.0.0.0 regio.adlink.de
O1 - Hosts: 0.0.0.0 west.adlink.de
O1 - Hosts: 0.0.0.0 rc.de.adlink.net #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0 tr.de.adlink.net
O1 - Hosts: 0.0.0.0 admedien.com
O1 - Hosts: 0.0.0.0 www.admedien.com
O1 - Hosts: 0.0.0.0 ads.admodus.com #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0 ad.adnow.com
O1 - Hosts: 0.0.0.0 tt11.adobe.com #[adobe.tcliveus.com]
O1 - Hosts: 0.0.0.0 ad01.adonspot.com
O1 - Hosts: 0.0.0.0 ad02.adonspot.com
O1 - Hosts: 23398 more lines...
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUS EPM Tray Agent] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\TrayTipAgentE.exe ()
O4 - HKLM..\Run: [HostsMan] C:\Program Files (x86)\HostsMan\hm.exe (abelhadigital.com)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\.DEFAULT..\Run: [Bomgar_Cleanup_ZD2003027186] cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x541056c5" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2003027186 /f File not found
O4 - HKU\S-1-5-18..\Run: [Bomgar_Cleanup_ZD2003027186] cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x541056c5" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2003027186 /f File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000..\Run: [DellSystemDetect] C:\Users\papilio\AppData\Local\Apps\2.0\BOQN8TBH.DHX\H8RMO4GV.AM0\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe (Dell)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000..\Run: [GlassWire] C:\Program Files (x86)\GlassWire\glasswire.exe (SecureMix LLC)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (AVAST Software)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000..\Run: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe (Ruiware LLC)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000..\Run: [WinRoll] C:\Program Files (x86)\WinRoll\winroll.exe ()
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1001..\Run: [CursorFX] C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1001..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (AVAST Software)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1001..\Run: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe (Ruiware LLC)
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1001..\Run: [WinRoll] C:\Program Files (x86)\WinRoll\winroll.exe ()
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [TodoBackupUninst]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-518748251-1471412938-3235112962-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass - Shortcut.lnk = C:\Users\Public\Documents\Skins\Full glass.exe ()
O4 - Startup: C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk = C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
O4 - Startup: C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe - Shortcut.lnk = C:\Windows\SysWOW64\taskmgr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014/08/20 02:05:14 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled [2014/09/19 05:44:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe - Shortcut.lnk = C:\Users\Public\Documents\Skins\Full glass.exe ()
O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk = C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show avast! EasyPass Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show avast! EasyPass Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-518748251-1471412938-3235112962-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-518748251-1471412938-3235112962-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73B80F02-5A80-438D-B656-E5D23AFD0059}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73B80F02-5A80-438D-B656-E5D23AFD0059}: NameServer = 8.8.8.8,208.67.222.222
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\vipresg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\vipresg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\cardisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/25 16:47:15 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/10/25 16:47:15 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/10/25 16:47:15 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{07b3fc4e-5673-11e2-86c3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{07b3fc4e-5673-11e2-86c3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Msetup4.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/09 00:17:26 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/30 16:00:52 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
[2014/11/30 15:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.2
[2014/11/30 15:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL
[2014/11/30 14:30:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ShellExt
[2014/11/30 14:30:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ShellExt
[2014/11/30 03:07:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blackmagic Design
[2014/11/30 02:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blackmagic Design
[2014/11/30 01:02:54 | 000,000,000 | -HSD | C] -- C:\BOOT
[2014/11/30 00:13:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/11/29 23:53:21 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\WinPatrol
[2014/11/29 23:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2014/11/29 23:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ruiware
[2014/11/29 23:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/11/29 03:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Ninja 1.2.4RC 64 Bit
[2014/11/26 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\abelhadigital.com
[2014/11/26 15:10:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HostsMan Backups
[2014/11/26 15:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HostsMan
[2014/11/26 15:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HostsMan
[2014/11/22 12:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2014/11/22 12:02:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X7
[2014/11/22 01:55:45 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/11/22 01:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/11/20 11:14:05 | 000,607,256 | ---- | C] (proDAD GmbH) -- C:\Windows\SysNative\prodad-codec.dll
[2014/11/20 11:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
[2014/11/20 11:13:26 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\proDAD
[2014/11/20 11:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD
[2014/11/20 11:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\proDAD
[2014/11/20 11:11:45 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boris Graffiti 6
[2014/11/20 11:09:29 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\Corel VideoStudio Pro
[2014/11/20 11:09:29 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\BorisFX
[2014/11/20 11:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Boris FX, Inc
[2014/11/20 08:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2014/11/20 07:56:35 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\GlassWire
[2014/11/20 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
[2014/11/20 07:56:21 | 000,033,296 | ---- | C] (SecureMix LLC) -- C:\Windows\SysNative\drivers\gwdrv.sys
[2014/11/20 07:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\GlassWire
[2014/11/20 07:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlassWire
[2014/11/20 03:09:16 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\Fix it portable
[2014/11/20 02:33:58 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2014/11/20 02:33:41 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Deployment
[2014/11/20 02:33:41 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apps
[2014/11/20 01:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.5
[2014/11/20 01:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2014/11/19 23:30:47 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Dell
[2014/11/19 23:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2014/11/19 23:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2014/11/19 23:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2014/11/19 23:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014/11/19 23:29:29 | 000,000,000 | ---D | C] -- C:\temp
[2014/11/19 19:00:25 | 000,188,936 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\EuFdDisk.sys
[2014/11/19 19:00:25 | 000,060,936 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eubakup.sys
[2014/11/19 19:00:25 | 000,018,440 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eudskacs.sys
[2014/11/19 18:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.1
[2014/11/19 10:53:11 | 016,029,332 | ---- | C] (Flickr) -- C:\Users\Richard\Desktop\FlickrUploadr-3.2.1-2009.06.02.01-en.exe
[2014/11/14 20:42:18 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/12 11:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/11/12 11:44:09 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/12 11:44:03 | 000,449,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/11/09 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/11/09 21:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/11/09 21:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/11/09 21:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/11/09 21:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/09 19:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/09 18:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/08 21:49:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/08 17:56:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2014/12/08 11:12:27 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/08 11:12:27 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/08 11:09:33 | 000,801,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/08 11:09:33 | 000,676,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/08 11:09:33 | 000,127,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/08 11:05:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/12/08 11:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/30 16:01:02 | 000,001,689 | ---- | M] () -- C:\Users\Richard\Desktop\Resolve.lnk
[2014/11/30 02:41:25 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/11/30 01:09:04 | 010,257,920 | ---- | M] () -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2014/11/30 00:25:29 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/30 00:25:20 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/29 03:09:04 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Zerene Stacker (64-bit).lnk
[2014/11/29 03:07:29 | 000,036,144 | ---- | M] () -- C:\Users\Richard\Documents\cc_20141129_030725.reg
[2014/11/28 00:00:47 | 000,725,697 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2014/11/26 15:16:34 | 000,725,292 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.bak
[2014/11/26 15:03:41 | 000,369,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/22 12:02:50 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X7.lnk
[2014/11/22 12:02:50 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Corel FastFlick X7.lnk
[2014/11/22 12:02:50 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\Corel ScreenCap X7.lnk
[2014/11/22 11:14:39 | 000,006,288 | ---- | M] () -- C:\Users\Richard\Documents\cc_20141122_111434.reg
[2014/11/21 23:53:35 | 000,862,684 | ---- | M] () -- C:\Users\Richard\Documents\cc_20141121_235249.reg
[2014/11/21 20:42:30 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/20 07:56:30 | 000,001,869 | ---- | M] () -- C:\Users\Richard\Desktop\GlassWire.lnk
[2014/11/20 03:09:16 | 000,000,114 | ---- | M] () -- C:\Users\Richard\Desktop\autorun.inf
[2014/11/19 18:57:11 | 000,001,384 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Partition Master 10.1.lnk
[2014/11/19 10:53:39 | 000,001,981 | ---- | M] () -- C:\Users\Richard\Desktop\Flickr Uploadr.lnk
[2014/11/19 10:53:17 | 016,029,332 | ---- | M] (Flickr) -- C:\Users\Richard\Desktop\FlickrUploadr-3.2.1-2009.06.02.01-en.exe
[2014/11/14 20:42:23 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk
[2014/11/14 20:42:23 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Avast Premier.lnk
[2014/11/12 11:44:09 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/11/12 11:44:09 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/12 11:44:09 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/12 11:44:09 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/11/12 11:44:09 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/11/12 11:44:09 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/11/12 11:44:09 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/12 11:44:09 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/12 11:44:09 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/12 11:44:06 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/11/12 11:44:03 | 000,449,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/11/09 21:15:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/30 16:01:02 | 000,001,689 | ---- | C] () -- C:\Users\Richard\Desktop\Resolve.lnk
[2014/11/29 03:09:04 | 000,001,689 | ---- | C] () -- C:\Users\Public\Desktop\Zerene Stacker (64-bit).lnk
[2014/11/29 03:07:27 | 000,036,144 | ---- | C] () -- C:\Users\Richard\Documents\cc_20141129_030725.reg
[2014/11/22 12:02:50 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X7.lnk
[2014/11/22 12:02:50 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Corel FastFlick X7.lnk
[2014/11/22 12:02:50 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\Corel ScreenCap X7.lnk
[2014/11/22 11:14:37 | 000,006,288 | ---- | C] () -- C:\Users\Richard\Documents\cc_20141122_111434.reg
[2014/11/21 23:52:53 | 000,862,684 | ---- | C] () -- C:\Users\Richard\Documents\cc_20141121_235249.reg
[2014/11/20 07:56:30 | 000,001,869 | ---- | C] () -- C:\Users\Richard\Desktop\GlassWire.lnk
[2014/11/20 07:56:21 | 000,008,704 | ---- | C] () -- C:\Windows\SysNative\drivers\gwdrv.cat
[2014/11/20 07:56:21 | 000,003,104 | ---- | C] () -- C:\Windows\SysNative\drivers\gwdrv.inf
[2014/11/20 03:09:16 | 000,000,114 | ---- | C] () -- C:\Users\Richard\Desktop\autorun.inf
[2014/11/19 19:00:24 | 000,048,136 | ---- | C] () -- C:\Windows\SysNative\drivers\EUBKMON.sys
[2014/11/19 18:57:11 | 000,001,384 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Partition Master 10.1.lnk
[2014/11/19 18:57:04 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2014/11/19 18:57:03 | 003,382,440 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2014/11/19 18:57:03 | 002,499,752 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2014/11/19 18:57:03 | 000,100,936 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2014/11/19 18:57:03 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2014/11/19 18:57:03 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2014/11/19 18:57:03 | 000,017,480 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2014/11/19 18:57:03 | 000,013,896 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2014/11/19 18:57:03 | 000,009,800 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2014/11/19 18:57:03 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2014/11/12 11:44:44 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk
[2014/11/12 11:44:44 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Avast Premier.lnk
[2014/11/09 21:15:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/21 22:45:14 | 010,257,920 | ---- | C] () -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2014/09/19 03:43:09 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ISLAND-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/08/27 08:10:02 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\PARTIZAL.EXE
[2014/08/27 04:40:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\MAS
[2014/08/15 19:10:17 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2014/08/15 19:10:16 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/08/15 19:10:16 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/06/29 06:06:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mallets
[2014/06/29 06:06:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLex.DAT
[2014/06/29 06:06:41 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Percussion Kit
[2013/12/18 00:38:32 | 000,243,288 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2013/04/03 14:17:46 | 000,000,268 | RH-- | C] () -- C:\Users\Richard\AppData\Roaming\MAS
[2013/04/03 14:01:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\Iterate Items
[2013/03/24 22:51:41 | 004,834,784 | ---- | C] () -- C:\ProgramData\Autosave.3dm
[2013/03/20 07:43:43 | 000,000,400 | ---- | C] () -- C:\Windows\i_kenkpm445.ini
[2013/03/20 07:43:43 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\feqordi291.dat
[2013/02/23 16:09:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/02/23 16:08:42 | 000,000,268 | RH-- | C] () -- C:\Users\Richard\AppData\Roaming\MIDI Configurations
[2013/02/23 16:08:42 | 000,000,268 | RH-- | C] () -- C:\Users\Richard\AppData\Roaming\Logs
[2013/02/23 16:08:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/02/23 16:08:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/01/13 22:34:26 | 000,003,051 | ---- | C] () -- C:\Users\Richard\AppData\Local\Temp6.html
[2013/01/13 22:34:26 | 000,001,293 | ---- | C] () -- C:\Users\Richard\AppData\Local\Temp1.html
[2013/01/12 05:24:06 | 000,007,621 | ---- | C] () -- C:\Users\Richard\AppData\Local\Resmon.ResmonCfg
[2013/01/04 16:09:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Space Choir
[2013/01/04 16:09:04 | 000,000,268 | RH-- | C] () -- C:\Users\Richard\AppData\Roaming\Solid Colors
[2013/01/04 16:07:05 | 000,794,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/04 11:41:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2013/01/04 10:04:23 | 000,006,144 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/04 09:03:16 | 000,000,167 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\PLGComp.ini
 
========== ZeroAccess Check ==========
 
[2014/08/23 22:44:32 | 000,000,043 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-518748251-1471412938-3235112962-1001\$RM7IT3T.do_files\n.gif
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/26 15:10:36 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\abelhadigital.com
[2014/03/03 09:57:54 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Athentech
[2014/03/19 01:10:38 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\AVAST Software
[2014/11/30 03:07:22 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Blackmagic Design
[2014/03/19 01:10:55 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Canon
[2014/03/08 03:47:55 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
[2014/05/31 11:36:28 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Downloaded Installations
[2014/08/27 04:45:10 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Flickr
[2014/09/24 16:16:31 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Imagenomic
[2014/05/31 04:47:19 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\ImgBurn
[2013/09/11 17:38:02 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Lambda Research Corporation
[2014/11/30 15:03:44 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Local
[2014/08/23 08:02:43 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\NeatVideo SV 64
[2014/11/14 20:40:57 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\NIKON
[2014/12/08 17:56:29 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Nitro PDF
[2013/10/17 12:17:02 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Notepad++
[2013/07/05 04:02:24 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Oracle
[2014/11/20 11:23:19 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\proDAD
[2013/07/29 21:58:51 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Publish Providers
[2014/10/12 16:10:46 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Sony
[2014/10/15 01:09:41 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Sony Creative Software Inc
[2013/10/06 00:31:38 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\TTCImageBrowser
[2013/01/04 21:55:31 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\TuneUp Software
[2014/09/26 02:18:06 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Ulead Systems
[2014/11/30 02:58:13 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\WinPatrol
[2014/12/02 11:52:47 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\ZereneStacker
[2014/08/16 19:13:40 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\0T1M1P0A1E1E0M1T1G
[2014/11/26 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\abelhadigital.com
[2013/10/25 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Actual Tools
[2014/10/12 00:03:47 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\AnvSoft
[2014/03/03 09:47:30 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Athentech
[2014/03/19 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\AVAST Software
[2014/03/18 22:42:41 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\canon
[2013/12/14 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Canon_Inc_IC
[2013/01/04 08:59:55 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\IrfanView
[2013/01/07 07:22:13 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Leadertech
[2014/10/21 22:44:23 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Local
[2013/01/04 11:43:59 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Nikon
[2014/11/30 00:32:13 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Nitro PDF
[2013/09/11 17:31:14 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Notepad++
[2014/09/10 14:08:13 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\PhrozenSoft
[2014/11/20 11:17:50 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\proDAD
[2014/06/06 22:54:19 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\PureVPN
[2014/04/04 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\RoboForm
[2014/10/12 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Sony
[2013/01/04 08:03:07 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\TuneUp Software
[2014/11/25 17:59:39 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Ulead Systems
[2014/11/29 23:53:21 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\WinPatrol
[2014/04/26 01:09:38 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\ZereneStacker
 
========== Purity Check ==========
 
 

< End of report >
 

Attached Files


Edited by papilio, 09 December 2014 - 10:30 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

I don't see anything in your logs.  What sort of problems have you been having?

 

Your report is mostly things they recommend you do to lock down your pc which you haven't done.  Some of their recommendations may make it difficult to use the pc so you have to think about what effect each change will have.

 

As far as network connections, it appears that we are seeing real IP addresses so you are just seeing some of your neighbors and other subscribers on the cable. ( This is obviously a cable connection without a router.  Yep.  IP address belongs to Comcast. )  You might want to invest in a cheap router to give yourself some isolation from the Internet especially if you are having security issues.  A router will convert the cable's IP address to something like 192.168.1.xx and can also block unwanted traffic from the internet.   Just got a new Rosewill wireless router from Newegg for under $20 so you don't have to spend a lot on one.  (If you don't want wireless you can always turn that off as long as the router has the usual 4 Ethernet ports + the WAN port).

 

You can get something like the report by opening a command window (Start, All Programs, Accessories, then right click on Command Prompt and Run As Admin)

 

and then typing:

 

arp -a

 

and hitting Enter.

 

You will normally get:something like this:

 

Interface: 192.168.1.106 --- 0xb  <==My PC
  Internet Address      Physical Address      Type
  192.168.1.1           68-1c-a2-01-af-6a     dynamic   <==the router
  192.168.1.101         b0-10-41-4b-fa-f1     dynamic  <==network printer
  192.168.1.104         18-cf-5e-5a-b9-3a     dynamic  <==wife's laptop
  192.168.1.255         ff-ff-ff-ff-ff-ff     static  <==broadcast address for the network
  224.0.0.2             01-00-5e-00-00-02     static <==Standard Multicast addresses
  224.0.0.22            01-00-5e-00-00-16     static <==Standard Multicast addresses
  224.0.0.251           01-00-5e-00-00-fb     static <==Standard Multicast addresses
  224.0.0.252           01-00-5e-00-00-fc     static <==Standard Multicast addresses
  239.255.255.250       01-00-5e-7f-ff-fa     static <==Standard Multicast addresses
  255.255.255.255       ff-ff-ff-ff-ff-ff     static <==Another broadcast address
 
We only really care about the lines marked dynamic.  The static stuff is just standard stuff.  The first 6 characters in the physical address tell you the maker of the device (tho it may be the maker of the chip that handles the network connection and not the actual PC maker).  You can google for 
MAC address  68-1c-a2 
 
and the first entry which pops up:
 
 
tells you it belongs to Rosewill.  You can then google on the company and see what they make.  You can also telnet to the IP address and see if it answers.  That's probably how they got the Apache Server info.
 
Have you run a boot-time scan with Avast?  I usually let it run while I sleep because it takes so long.
 
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  
 
Ron

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP