Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAcess problem, combofix, help appreciated


  • This topic is locked This topic is locked
26 replies to this topic

#1 Tpg7

Tpg7

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 05 April 2014 - 04:20 PM

Hello,

My computer is infected with the zeroaccess rootkit, a few months ago I was inbetween antivirus software for about a week with no protection and started seeing "____ contained a virus and was deleted" messages every time I tried downloading files in an email.

I foolishly thought nothing of it, actually believing the files were indeed infected. I don't usually download many things to my computer, so I didn't see this alert very often. When the time came for an important document I needed to be downloaded couldn't download, I started researching what the problem was.

So I tried the options available on http://malwaretips.com/blogs/file-contained-a-virus-and-was-deleted-removal/ and was unsuccessful, none of the antimalware software even detected the trojan.

Which led me to finding combofix, and I unfortunately didn't see all of the multiple disclaimers combofix has until after I downloaded it and ran it. I did research it, after trying multiple options (hitman, mcafee rootkitremover, etc... I tried 6 different things before I got to combofix) but I didn't see any of the serious warnings until after it was running and I searched the Internet for solutions to the length of the scan...

Which brings me to where I am now, it has been running for 5 hours and has been on "completed stage 48" for about 2 hours. What should my next action be? Should I let it run?

I understand I messed up by not doing it the right way but I plain and simple didn't know it was a major issue to run it without supervision.

Thank you in advance for your response!

BC AdBot (Login to Remove)

 


m

#2 Tpg7

Tpg7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 05 April 2014 - 08:53 PM

I understand I don't have a log available, but if anyone could point me in a direction it would be very appreciated, I have no idea what to do.. Thank you in advance!

#3 Tpg7

Tpg7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 06 April 2014 - 10:31 AM

Combofix log...

 

 

ComboFix 14-04-05.01 - Tony 04/05/2014  12:36:08.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6048.4317 [GMT -5:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
AV: AVG AntiVirus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tony\AppData\Local\Google\Desktop\Install
c:\users\Tony\AppData\Local\Google\Desktop\Install\{77533a16-3273-5901-2d22-50e4e2cf5a22}\???\???\???\{77533a16-3273-5901-2d22-50e4e2cf5a22}\@
c:\users\Tony\AppData\Local\Google\Desktop\Install\{77533a16-3273-5901-2d22-50e4e2cf5a22}\2E2F~1\???\???\{77533a16-3273-5901-2d22-50e4e2cf5a22}\@
c:\users\Tony\AppData\Local\Google\Desktop\Install\{77533a16-3273-5901-2d22-50e4e2cf5a22}\2E2F~1\28F0~1\???\{77533a16-3273-5901-2d22-50e4e2cf5a22}\@
c:\users\Tony\AppData\Local\Google\Desktop\Install\{77533a16-3273-5901-2d22-50e4e2cf5a22}\2E2F~1\28F0~1\E628~1\{77533a16-3273-5901-2d22-50e4e2cf5a22}\@
c:\users\Tony\AppData\Local\Temp\nsy2FC0.tmp\System.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-06 to 2014-04-06  )))))))))))))))))))))))))))))))
.
.
2014-04-06 07:21 . 2014-04-06 07:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-05 16:34 . 2014-04-05 16:44 -------- d-----w- c:\programdata\HitmanPro
2014-04-05 15:44 . 2014-04-06 15:14 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-05 15:43 . 2014-04-05 15:43 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-05 15:43 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-05 15:43 . 2014-04-03 14:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-20 19:50 . 2014-03-20 19:50 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-03-14 02:16 . 2014-04-05 15:43 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2014-03-14 02:16 . 2014-04-05 15:43 -------- d-----w- c:\programdata\Malwarebytes
2014-03-14 02:16 . 2014-04-03 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-14 02:15 . 2014-03-14 02:15 -------- d-----w- c:\users\Tony\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 08:00 . 2012-03-02 07:21 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-11 21:23 . 2012-04-08 15:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 21:23 . 2011-11-03 03:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-18 20587168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-09-15 121648]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-01-21 4411952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 MFE_RR;MFE_RR;c:\users\Tony\AppData\Local\Temp\mfe_rr.sys;c:\users\Tony\AppData\Local\Temp\mfe_rr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 21:23]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 02:31]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 02:31]
.
2014-04-05 c:\windows\Tasks\HPCeeScheduleForTony.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-12 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-12 416024]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-08-24 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-26 1424896]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bassmaster.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://wawascene.axiscam.net/activex/AMC.cab
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\duxqihq4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bassmaster.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-04-06  10:19:59 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-06 15:19
.
Pre-Run: 873,372,635,136 bytes free
Post-Run: 873,189,453,824 bytes free
.
- - End Of File - - 45EA03AA0C8EDACDCBDC4723FA682316
 



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:41 AM

Posted 07 April 2014 - 11:47 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#5 Tpg7

Tpg7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 08 April 2014 - 04:01 PM

FRST.txt Log...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Tony (administrator) on TONY-HP on 08-04-2014 15:57:46
Running from C:\Users\Tony\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\consent.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-26] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [DT HPO] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-09-15] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-107791519-2935810374-169235309-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-107791519-2935810374-169235309-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe [531848 2014-03-11] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bassmaster.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {C8784315-A061-40BA-B53D-70E4B451D2CD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {C8784315-A061-40BA-B53D-70E4B451D2CD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {C8784315-A061-40BA-B53D-70E4B451D2CD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://wawascene.axiscam.net/activex/AMC.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.115.71.53 68.113.206.10 66.189.0.100

FireFox:
========
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\duxqihq4.default
FF Homepage: hxxp://www.bassmaster.com/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ActiveGS - C:\Program Files (x86)\ActiveGS\npActiveGS.dll (Free Tools Association)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [133936 2011-09-15] (Portrait Displays, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-03-20] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Tony\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-08 15:57 - 2014-04-08 15:57 - 00017423 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-04-08 15:57 - 2014-04-08 15:57 - 00000000 ____D () C:\FRST
2014-04-08 15:56 - 2014-04-08 15:56 - 02157056 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2014-04-06 11:12 - 2014-04-06 11:12 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-04-06 10:20 - 2014-04-06 10:20 - 00022801 _____ () C:\ComboFix.txt
2014-04-06 10:13 - 2014-04-06 10:13 - 00000776 _____ () C:\Windows\PFRO.log
2014-04-06 01:00 - 2014-04-06 14:27 - 00000112 _____ () C:\Windows\setupact.log
2014-04-05 12:15 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-05 12:15 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-05 12:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-05 12:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-05 12:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-05 12:15 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-05 12:15 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-05 12:15 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-05 12:04 - 2014-04-06 10:20 - 00000000 ____D () C:\Qoobox
2014-04-05 12:03 - 2014-04-06 10:18 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 12:02 - 2014-04-05 12:02 - 05193579 ____R (Swearware) C:\Users\Tony\Desktop\ComboFix.exe
2014-04-05 11:52 - 2014-04-05 11:53 - 00000310 _____ () C:\Users\Tony\Desktop\RootkitRemover_20140405_115252.log
2014-04-05 11:35 - 2014-04-05 11:35 - 10971424 _____ (SurfRight B.V.) C:\Users\Tony\Desktop\HitmanPro_x64.exe
2014-04-05 11:34 - 2014-04-05 11:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-05 11:33 - 2014-04-05 11:33 - 09096848 _____ (SurfRight B.V.) C:\Users\Tony\Desktop\HitmanPro35.exe
2014-04-05 11:21 - 2014-04-05 11:22 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tony\Desktop\iexplore.exe.exe
2014-04-05 10:44 - 2014-04-08 15:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 10:43 - 2014-04-05 10:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 10:43 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-05 10:43 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-05 10:41 - 2014-04-05 10:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Tony\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-05 10:25 - 2014-04-05 10:26 - 00783632 _____ (McAfee, Inc.) C:\Users\Tony\Desktop\rootkitremover.exe
2014-03-20 14:50 - 2014-03-20 14:50 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-13 21:16 - 2014-04-05 10:43 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Malwarebytes
2014-03-13 21:16 - 2014-04-05 10:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 21:16 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 19:27 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 19:27 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 19:27 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 19:27 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 19:27 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 19:27 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 19:27 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 19:27 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 19:27 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 19:27 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 19:27 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 19:27 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 19:27 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 19:27 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 19:27 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 19:27 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 19:27 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 19:27 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 19:27 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 19:27 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 19:27 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 19:27 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 19:27 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 19:27 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 19:27 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 19:27 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 19:27 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 19:27 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 19:27 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 19:27 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 19:27 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 19:27 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 19:27 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 19:27 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 19:27 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 19:27 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 19:27 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 19:27 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 19:27 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 19:27 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 19:27 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 19:27 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 19:27 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 19:27 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 19:27 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 19:27 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 19:27 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 19:27 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

==================== One Month Modified Files and Folders =======

2014-04-08 15:57 - 2014-04-08 15:57 - 00017423 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-04-08 15:57 - 2014-04-08 15:57 - 00000000 ____D () C:\FRST
2014-04-08 15:56 - 2014-04-08 15:56 - 02157056 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2014-04-08 15:52 - 2012-04-27 13:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-08 15:37 - 2012-02-26 11:08 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61E64602-BC54-4F1D-9651-46EB44989129}
2014-04-08 15:23 - 2012-04-08 10:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 15:14 - 2012-04-05 21:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 15:09 - 2014-04-05 10:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 14:55 - 2012-02-26 11:03 - 01629207 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 14:53 - 2012-04-05 21:31 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 14:45 - 2013-01-29 21:44 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2013.lnk
2014-04-07 15:26 - 2014-02-24 15:52 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTony
2014-04-07 15:26 - 2014-02-24 15:52 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForTony.job
2014-04-07 15:26 - 2012-04-02 14:09 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-07 15:26 - 2012-02-27 17:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-07 14:55 - 2013-04-09 21:18 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Skype
2014-04-06 14:35 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 14:35 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 14:31 - 2009-07-14 00:13 - 00783170 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 14:28 - 2011-11-02 22:24 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-06 14:27 - 2014-04-06 01:00 - 00000112 _____ () C:\Windows\setupact.log
2014-04-06 14:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 11:12 - 2014-04-06 11:12 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-04-06 10:20 - 2014-04-06 10:20 - 00022801 _____ () C:\ComboFix.txt
2014-04-06 10:20 - 2014-04-05 12:04 - 00000000 ____D () C:\Qoobox
2014-04-06 10:20 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-06 10:18 - 2014-04-05 12:03 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 10:14 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-06 10:13 - 2014-04-06 10:13 - 00000776 _____ () C:\Windows\PFRO.log
2014-04-05 12:11 - 2009-07-14 00:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-05 12:02 - 2014-04-05 12:02 - 05193579 ____R (Swearware) C:\Users\Tony\Desktop\ComboFix.exe
2014-04-05 11:53 - 2014-04-05 11:52 - 00000310 _____ () C:\Users\Tony\Desktop\RootkitRemover_20140405_115252.log
2014-04-05 11:44 - 2014-04-05 11:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-05 11:35 - 2014-04-05 11:35 - 10971424 _____ (SurfRight B.V.) C:\Users\Tony\Desktop\HitmanPro_x64.exe
2014-04-05 11:33 - 2014-04-05 11:33 - 09096848 _____ (SurfRight B.V.) C:\Users\Tony\Desktop\HitmanPro35.exe
2014-04-05 11:22 - 2014-04-05 11:21 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tony\Desktop\iexplore.exe.exe
2014-04-05 10:43 - 2014-04-05 10:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 10:43 - 2014-03-13 21:16 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Malwarebytes
2014-04-05 10:43 - 2014-03-13 21:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-05 10:41 - 2014-04-05 10:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Tony\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-05 10:26 - 2014-04-05 10:25 - 00783632 _____ (McAfee, Inc.) C:\Users\Tony\Desktop\rootkitremover.exe
2014-04-05 10:26 - 2012-02-26 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 09:51 - 2014-04-05 10:43 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-05 10:43 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-03-13 21:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-27 15:01 - 2013-06-29 21:43 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\SoftGrid Client
2014-03-26 08:09 - 2012-04-05 21:31 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 08:09 - 2012-04-05 21:31 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-20 14:50 - 2014-03-20 14:50 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-18 03:02 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 03:00 - 2012-03-02 02:21 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-14 22:38 - 2012-03-06 01:05 - 00000000 ___RD () C:\Users\Tony\Dropbox
2014-03-14 22:38 - 2012-03-06 01:03 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Dropbox
2014-03-13 03:19 - 2013-03-18 22:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:19 - 2013-03-18 22:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:19 - 2009-07-13 23:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 16:23 - 2012-04-08 10:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 16:23 - 2012-04-08 10:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 16:23 - 2011-11-02 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 10:27

==================== End Of Log ============================

 

Addition..

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Tony at 2014-04-08 15:58:01
Running from C:\Users\Tony\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
ActiveGS (HKLM-x32\...\{F576BBE9-11D0-4F02-B8F0-7CCA9C159937}) (Version: 3.5.903 - Second Sight Software/FTA)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3466 - AVG Technologies)
AVG 2013 (Version: 13.0.3466 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
AXIS Media Control Embedded (HKLM-x32\...\AXIS Media Control Embedded) (Version:  - )
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.07.003 - Portrait Displays, Inc.)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.11052.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
jZip (HKLM-x32\...\jZip) (Version:  - Bandoo Media Inc.) <==== ATTENTION
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 10.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 en-US)) (Version: 10.0.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
SDK (x32 Version: 2.28.007 - Portrait Displays, Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

13-03-2014 08:00:22 Windows Update
18-03-2014 08:00:23 Windows Update
26-03-2014 01:19:50 Scheduled Checkpoint
02-04-2014 18:05:41 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-04-06 10:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0590C45D-31DE-4B82-B820-9B6451FD31D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {1A8C0A31-3A87-4063-BF5F-1FEEE2A9190D} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: {40671BB4-B89B-40CC-9C48-3BA21B739865} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5B4CEC6A-027D-4F6D-8555-747714A5E9B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {5D66914C-69E8-4802-8FB2-F52F8C5A9959} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {87B18A32-358B-457A-886A-380E04B64312} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05] (Google Inc.)
Task: {A84F2C05-962B-4FBB-87A2-B7EA499CEFFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {AC117477-2CA5-451A-BF11-41929FC91FF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {AC597322-C3A5-4C45-AB55-A155138A5E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CF07B7D4-D8E2-4964-B14F-33C3F955EF3B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {D3F86802-78FB-4FE5-8591-A45FDC315D50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05] (Google Inc.)
Task: {D636ECA1-DE2E-490B-B1F0-A8B2E0642D8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {D9D3D7A8-EEC0-4FC9-8CAD-A4CF3E5C3CB7} - System32\Tasks\HPCeeScheduleForTony => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {F2F69260-63BD-43F3-B41A-F5D3792F30EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTony.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 21:57 - 2011-07-26 18:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-02 02:26 - 2011-11-02 02:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 02:26 - 2011-11-02 02:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-02 22:19 - 2011-02-15 13:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2014 02:38:48 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (04/07/2014 04:07:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9766

Error: (04/07/2014 04:07:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9766

Error: (04/07/2014 04:07:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 10:47:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9563

Error: (04/06/2014 10:47:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9563

Error: (04/06/2014 10:47:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 04:29:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9375

Error: (04/06/2014 04:29:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9375

Error: (04/06/2014 04:29:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (04/06/2014 10:17:04 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{698D4BB8-D3F5-4BCF-BE87-E7E48CB14B9A} because another computer on the network has the same name.  The server could not start.

Error: (04/06/2014 02:26:28 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/06/2014 00:22:51 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{698D4BB8-D3F5-4BCF-BE87-E7E48CB14B9A} because another computer on the network has the same name.  The server could not start.

Error: (04/06/2014 10:16:17 AM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%31

Error: (04/06/2014 02:46:28 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (04/06/2014 02:41:48 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/06/2014 02:14:41 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/05/2014 01:04:14 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/05/2014 00:16:09 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (04/05/2014 00:16:09 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:
%%1056

Microsoft Office Sessions:
=========================
Error: (04/08/2014 02:38:48 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (04/07/2014 04:07:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9766

Error: (04/07/2014 04:07:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9766

Error: (04/07/2014 04:07:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 10:47:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9563

Error: (04/06/2014 10:47:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9563

Error: (04/06/2014 10:47:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 04:29:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9375

Error: (04/06/2014 04:29:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9375

Error: (04/06/2014 04:29:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
  Date: 2014-04-06 02:14:41.131
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-06 02:14:41.069
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 6048.32 MB
Available physical RAM: 4215.35 MB
Total Pagefile: 12094.82 MB
Available Pagefile: 9578.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.68 GB) (Free:812.17 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.74 GB) (Free:2.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 12F61082)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:41 AM

Posted 08 April 2014 - 04:47 PM

Hello,

 

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Select jZip > press Uninstall

 

 

 

Next please download the following file => [attachment=149082:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Tpg7

Tpg7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 08 April 2014 - 05:05 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Tony at 2014-04-08 17:02:29 Run:1
Running from C:\Users\Tony\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [X]
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Tony\AppData\Local\Temp\mfe_rr.sys [X]
C:\Program Files (x86)\Google\Desktop\Install
cmd: netsh winsock reset catalog
C:\Users\Tony\AppData\Local\Temp
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
catchme => Service deleted successfully.
MFE_RR => Service deleted successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

"C:\Users\Tony\AppData\Local\Temp" directory move:

C:\Users\Tony\AppData\Local\Temp\AdobeARM.log => Moved successfully.
Could not move "C:\Users\Tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Tony\AppData\Local\Temp\GLB1A2B.EXE => Moved successfully.
C:\Users\Tony\AppData\Local\Temp\HPSAActionItems.xml => Moved successfully.
C:\Users\Tony\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Tony\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Tony\AppData\Local\Temp\~DF1EA5B76B403555DE.TMP => Moved successfully.
C:\Users\Tony\AppData\Local\Temp\~DFA66A7B7EC10BD879.TMP => Moved successfully.
C:\Users\Tony\AppData\Local\Temp\~DFC6277EA9DF1124D8.TMP => Moved successfully.
Could not move "C:\Users\Tony\AppData\Local\Temp\Low\JavaDeployReg.log" => Scheduled to move on reboot.
C:\Users\Tony\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll => Moved successfully.
Could not move "C:\Users\Tony\AppData\Local\Temp" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-08 17:04:27)<=

C:\Users\Tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Tony\AppData\Local\Temp\Low\JavaDeployReg.log => Is moved successfully.
C:\Users\Tony\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:41 AM

Posted 08 April 2014 - 05:13 PM

Hi,

 

 

Let me take a deeper look:

 

 

  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.46625204.png
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the customFix.png textbox.
  • Don't copy the word "quoted"

    Quote

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.
    %USERPROFILE%\*.*
    %USERPROFILE%\*.
    %USERPROFILE%\*.exe /s
    %USERPROFILE%\Documents\*.*
    %USERPROFILE%\Downloads\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.*
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Local\temp\*.dll
    %USERPROFILE%\AppData\Local\temp\*.tlb
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %ProgramData%\*.*
    %ProgramData%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    %programdata%\temp\*.exe
    %programdata%\temp\*.dll
    %programdata%\temp\*.tlb
    C:\Users\All Users\*.exe /s
    C:\Users\Default\*.exe /s
    C:\Users\Public\*.exe /s
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\*.
    %CommonProgramFiles%\ComObjects\*.*
    %ProgramFiles%\*.*
    %ProgramFiles%\*.
    %Public%\Documents\*.*
    %Public%\Documents\*.
    %systemroot%\System32\config\systemprofile\*.exe /s
    %systemroot%\System32\config\systemprofile\*.*
    %systemroot%\System32\config\systemprofile\*.
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.
    %systemroot%\SysWow64\config\systemprofile\*.exe /s
    %systemroot%\SysWow64\config\systemprofile\*.*
    %systemroot%\SysWow64\config\systemprofile\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\*.exe /s
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.exe
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.dll
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.exe
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.dll
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.
    %windir%\temp\*.exe /s
    %windir%\temp\*.*
    %windir%\temp\*.
    %windir%\*.
    %windir%\AppPatch\*.exe /s
    %windir%\ShellNew\*.*
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %SYSTEMDRIVE%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s
    HKCU\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 /s
    HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32 /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsimap /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s
    HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s
    HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
    HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    type C:\WINDOWS\system.ini >> test.txt /c
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    smss.exe
    fastfat.sys
    atapi.sys
    serial.sys
    volsnap.sys
    disk.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    kbdclass.sys
    kbdhid.sys
    mouclass.sys
    mouhid.sys
    spldr.sys
    dfsc.sys
    hlp.dat
    str.sys
    cerxvx.ocx
    crexv.ocx
    msseedir.dll
    msdr.dll
    lmbd.dll
    wsse.dll
    intel.exe
    WService.dll
    /md5stop
  • Push the runscanbutton.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Tpg7

Tpg7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 08 April 2014 - 05:38 PM

It is saying "post too long"... even when I try and post one at a time. Tried downsizing the text as well.


Edited by Tpg7, 08 April 2014 - 05:40 PM.


#10 Tpg7

Tpg7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 08 April 2014 - 05:41 PM

The extra file..

 

OTL Extras logfile created on: 4/8/2014 5:18:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tony\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 60.85% Memory free
11.81 Gb Paging File | 9.31 Gb Available in Paging File | 78.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.68 Gb Total Space | 811.89 Gb Free Space | 88.76% Space Free | Partition Type: NTFS
Drive D: | 16.74 Gb Total Space | 2.09 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
 
Computer Name: TONY-HP | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44729BC9-8517-46E9-9A12-27989155099B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4C0069F3-5840-459D-8F8B-A3D3847C1219}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FC081B8-E239-454F-8AE4-69F2D278872E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{80B99B1F-0869-41C8-9A29-57B6D660BA3B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CDBF468B-76B5-43AC-94C6-53A0B7A95095}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB2F73E3-11B8-433D-AAD9-A87E42D9868C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE63B30-E812-4E58-9698-8C571BDA6162}" = AVG 2013
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B34A07DD-C6F7-414A-AE63-01019482EAF0}" = HP Application Assistant
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF13DB20-03BE-4EDD-9C48-05ED03E3E852}" = AVG 2013
"AVG" = AVG 2013
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}" = HP My Display
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1" = Spot
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1" = Bubble Wrap
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}" = Bing Bar
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1" = Tap Tap Bear
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F576BBE9-11D0-4F02-B8F0-7CCA9C159937}" = ActiveGS
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kobo" = Kobo
"Linksys Connect" = Linksys Connect
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-068124b5-83b7-454f-ba8a-54017113b7c4" = Zuma's Revenge
"WTA-0b01a279-0539-417c-a124-72258343443e" = John Deere Drive Green
"WTA-132ba225-5520-48c8-9699-070572010c41" = Poker Superstars III
"WTA-181203f2-a08f-444c-a4b8-7a17b1632ab0" = Penguins!
"WTA-19aed649-d587-487a-9d72-e4242d2aea26" = RollerCoaster Tycoon 3: Platinum
"WTA-1aaf718a-1a84-4be8-b12a-90eadb825b29" = Farmscapes
"WTA-2ad2a0ec-96dc-49b4-83bc-d86f1c8438aa" = Blackhawk Striker 2
"WTA-4fca7edf-3e73-488f-84a4-c8dbf18e3b4e" = Torchlight
"WTA-5fa4205a-88c7-412a-80ab-1b458f527b15" = Chuzzle Deluxe
"WTA-613e4b0c-1106-4f17-9555-d74f8fe0b815" = Hoyle Card Games
"WTA-74918998-2a1f-4546-b57c-2503fd0cf7ff" = Polar Golfer
"WTA-7a846430-fc66-436d-8f5c-eff07297f411" = Dora's World Adventure
"WTA-7d837e87-cf1d-4bfa-9cf8-3d05f6e0c362" = Virtual Villagers 4 - The Tree of Life
"WTA-7f96e082-5876-4e3e-922f-4a9522af4042" = Letters from Nowhere 2
"WTA-814c1ea1-887d-47d0-9172-3887b972a567" = Bejeweled 3
"WTA-86462d7e-1867-4cdb-90fe-61e20aff6e0d" = Luxor HD
"WTA-8b443321-00d8-4ba7-949c-3265d7c24915" = Cradle of Rome 2
"WTA-93e02acd-d5f6-48c2-a809-41bbcd3393e8" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-b102fd66-3c86-4aa0-ac85-3e89302c7365" = Jewel Match 3
"WTA-bc020aa7-eaa7-4fd1-b2ab-5554f053f3b5" = Final Drive Fury
"WTA-dae6da34-6ff7-40d2-90fc-e06c103e0ca9" = Mah Jong Medley
"WTA-dbd19356-190f-48aa-afc4-9e9de19c37bd" = Plants vs. Zombies - Game of the Year
"WTA-e23fbb08-47ed-41b6-9e3a-d0201893c3d7" = FATE
"WTA-eb478049-351e-4e17-85b2-a785a9bdd1d3" = Farm Frenzy
"WTA-ebaaba1e-e5ec-41b9-b450-cc00df17daad" = Polar Bowler
"WTA-ed8c80f6-00d3-480e-a75a-be39c5a76595" = The Treasures of Mystery Island: The Ghost Ship
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-107791519-2935810374-169235309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/9/2013 2:14:58 PM | Computer Name = Tony-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030
 
Error - 12/9/2013 2:14:58 PM | Computer Name = Tony-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030
 
Error - 12/9/2013 2:14:59 PM | Computer Name = Tony-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/9/2013 2:14:59 PM | Computer Name = Tony-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2621
 
Error - 12/9/2013 2:14:59 PM | Computer Name = Tony-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2621
 
Error - 12/9/2013 2:15:00 PM | Computer Name = Tony-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/9/2013 2:15:00 PM | Computer Name = Tony-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3635
 
Error - 12/9/2013 2:15:00 PM | Computer Name = Tony-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3635
 
Error - 12/11/2013 9:17:03 AM | Computer Name = Tony-HP | Source = Application Error | ID = 1000
Description = Faulting application name: ToolbarUpdater.exe, version: 17.2.0.38,
 time stamp: 0x529dd18e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0xa78  Faulting application start time: 0x01cef5e87f0dc10b  Faulting application path:
 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
Faulting
 module path: unknown  Report Id: 85b600b6-6266-11e3-a320-386077e4ef8f
 
Error - 12/13/2013 8:27:16 AM | Computer Name = Tony-HP | Source = Application Error | ID = 1000
Description = Faulting application name: ToolbarUpdater.exe, version: 17.2.0.38,
 time stamp: 0x529dd18e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0xb30  Faulting application start time: 0x01cef71b4065e8e9  Faulting application path:
 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
Faulting
 module path: unknown  Report Id: e6665383-63f1-11e3-bf9f-386077e4ef8f
 
[ Hewlett-Packard Events ]
Error - 8/20/2012 1:40:35 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The server did not provide a meaningful
 reply; this might be caused by a contract mismatch, a premature session shutdown
 or an internal server error.  StackTrace:  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

   at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: mscorlib

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 6048  Ram Utilization: 20  TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage) 
 
Error - 9/18/2012 9:08:37 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/18/2012 2:55:39 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/26/2012 6:35:15 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/26/2012 6:39:47 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/26/2012 6:39:48 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/26/2012 6:40:14 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/26/2012 6:41:04 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/26/2012 6:45:35 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/26/2012 6:45:36 PM | Computer Name = Tony-HP | Source = HPSF.exe | ID = 4000
Description =
 
[ System Events ]
Error - 4/5/2014 1:16:09 PM | Computer Name = Tony-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Management Instrumentation
 service, but this action failed with the following error:   %%1056
 
Error - 4/5/2014 2:04:14 PM | Computer Name = Tony-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 4/6/2014 3:14:41 AM | Computer Name = Tony-HP | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
 with this system. Please contact your software vendor for a compatible version
of the driver.
 
Error - 4/6/2014 3:41:48 AM | Computer Name = Tony-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 4/6/2014 3:46:28 AM | Computer Name = Tony-HP | Source = DCOM | ID = 10010
Description =
 
Error - 4/6/2014 11:16:17 AM | Computer Name = Tony-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
 following error:   %%31
 
Error - 4/6/2014 1:22:51 PM | Computer Name = Tony-HP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{698D4BB8-D3F5-4BCF-BE87-E7E48CB14B9A}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 4/6/2014 3:26:28 PM | Computer Name = Tony-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/6/2014 11:17:04 PM | Computer Name = Tony-HP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{698D4BB8-D3F5-4BCF-BE87-E7E48CB14B9A}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 4/8/2014 6:02:50 PM | Computer Name = Tony-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
 
< End of report >



#11 Tpg7

Tpg7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 08 April 2014 - 05:46 PM

I'll try to do it in halves. 1st half:

 

OTL logfile created on: 4/8/2014 5:18:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tony\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 60.85% Memory free
11.81 Gb Paging File | 9.31 Gb Available in Paging File | 78.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.68 Gb Total Space | 811.89 Gb Free Space | 88.76% Space Free | Partition Type: NTFS
Drive D: | 16.74 Gb Total Space | 2.09 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
 
Computer Name: TONY-HP | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/08 17:15:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.scr
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/01/21 01:43:02 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/10/23 02:06:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/15 15:36:28 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
PRC - [2011/09/15 15:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/09/06 15:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/08/17 19:17:46 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/08/16 16:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 16:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 11:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/07/20 13:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/26 04:07:12 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/26 04:07:09 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/26 04:06:32 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll
MOD - [2014/02/26 04:03:39 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/26 04:03:32 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/26 04:03:31 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 04:03:31 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/26 04:03:30 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/26 04:03:30 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/26 04:03:24 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 04:03:20 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 04:03:20 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 04:03:16 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 04:03:15 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 04:03:09 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2011/11/02 02:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 02:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/15 13:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/26 00:25:04 | 000,308,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/11 16:23:09 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 02:06:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/15 15:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/09/06 15:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/08/16 16:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 11:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/08/01 16:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/20 13:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/07 18:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/08 17:04:14 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/20 14:50:52 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/11/25 02:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/23 02:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/09/04 11:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/02 21:57:23 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/02 21:57:23 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/29 22:07:08 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/26 17:31:10 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/09/26 00:25:04 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/08 20:02:24 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/08/24 00:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/11 13:19:50 | 001,582,144 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/07/26 19:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/04 19:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/13 07:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/02/26 18:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{C8784315-A061-40BA-B53D-70E4B451D2CD}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{C8784315-A061-40BA-B53D-70E4B451D2CD}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bassmaster.com/
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\..\SearchScopes\{8E12B636-2363-4E95-B746-B6C5CC16B7C3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\..\SearchScopes\{C8784315-A061-40BA-B53D-70E4B451D2CD}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-107791519-2935810374-169235309-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.bassmaster.com/"
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:10.0.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ActiveGS: C:\Program Files (x86)\ActiveGS\npActiveGS.dll (Free Tools Association)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/25 20:53:03 | 000,000,000 | ---D | M]
 
[2012/02/26 15:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions
[2014/02/14 18:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\duxqihq4.default\extensions
[2012/02/26 15:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/26 15:32:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 05:42:53 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2013/01/29 21:44:06 | 000,003,592 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/02/16 05:42:53 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/02/16 05:42:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/02/16 05:42:53 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: ([2014/04/06 10:14:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-107791519-2935810374-169235309-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-107791519-2935810374-169235309-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-107791519-2935810374-169235309-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-107791519-2935810374-169235309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-107791519-2935810374-169235309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKU\S-1-5-21-107791519-2935810374-169235309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://wawascene.axiscam.net/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{698D4BB8-D3F5-4BCF-BE87-E7E48CB14B9A}: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: Remoteaccess - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
 
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: hitmanpro37 - Reg Error: Value error.
SafeBootMin:64bit: hitmanpro37.sys - Reg Error: Value error.
SafeBootMin:64bit: HitmanPro37Crusader - Reg Error: Value error.
SafeBootMin:64bit: HitmanPro37CrusaderBoot - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: hitmanpro37 - Reg Error: Value error.
SafeBootMin: hitmanpro37.sys - Reg Error: Value error.
SafeBootMin: HitmanPro37Crusader - Reg Error: Value error.
SafeBootMin: HitmanPro37CrusaderBoot - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: hitmanpro37 - Reg Error: Value error.
SafeBootNet:64bit: hitmanpro37.sys - Reg Error: Value error.
SafeBootNet:64bit: HitmanPro37Crusader - Reg Error: Value error.
SafeBootNet:64bit: HitmanPro37CrusaderBoot - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro37 - Reg Error: Value error.
SafeBootNet: hitmanpro37.sys - Reg Error: Value error.
SafeBootNet: HitmanPro37Crusader - Reg Error: Value error.
SafeBootNet: HitmanPro37CrusaderBoot - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2014/04/08 17:15:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.scr
[2014/04/08 17:04:45 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Temp
[2014/04/08 15:57:36 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/08 15:56:48 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\Tony\Desktop\FRST64.exe
[2014/04/08 14:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/06 10:20:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/04/06 10:14:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/04/05 12:15:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/04/05 12:15:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/04/05 12:15:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/04/05 12:04:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/05 12:03:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/05 12:02:17 | 005,193,579 | R--- | C] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2014/04/05 11:35:14 | 010,971,424 | ---- | C] (SurfRight B.V.) -- C:\Users\Tony\Desktop\HitmanPro_x64.exe
[2014/04/05 11:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/04/05 11:33:14 | 009,096,848 | ---- | C] (SurfRight B.V.) -- C:\Users\Tony\Desktop\HitmanPro35.exe
[2014/04/05 11:21:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\iexplore.exe.exe
[2014/04/05 10:44:47 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/05 10:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/05 10:43:37 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/05 10:43:37 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/05 10:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/05 10:41:09 | 017,305,616 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Tony\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/05 10:25:56 | 000,783,632 | ---- | C] (McAfee, Inc.) -- C:\Users\Tony\Desktop\rootkitremover.exe
[2014/03/20 14:50:52 | 000,240,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/03/13 21:16:20 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Malwarebytes
[2014/03/13 21:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/13 21:16:01 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/13 21:15:14 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Programs
[2014/03/12 19:27:38 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/12 19:27:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/12 19:27:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/12 19:27:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/12 19:27:37 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/12 19:27:36 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/12 19:27:36 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/12 19:27:36 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/12 19:27:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/12 19:27:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/12 19:27:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/12 19:27:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/12 19:27:35 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/12 19:27:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/12 19:27:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/12 19:27:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/12 19:27:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/12 19:27:34 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/12 19:27:34 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/12 19:27:34 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/12 19:27:33 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/12 19:27:33 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/12 19:27:32 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/12 19:27:32 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/12 19:27:32 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/12 19:27:31 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/12 19:27:10 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/03/12 19:27:10 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/12 19:27:10 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/02/25 04:01:46 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/13 04:01:39 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 15:39:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 15:39:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/12 15:39:09 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 15:39:09 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 15:39:09 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 15:39:09 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 15:39:09 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 15:39:08 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 15:39:08 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 15:39:08 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 15:39:07 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 15:39:07 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 15:39:07 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 15:39:07 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 15:39:07 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 15:39:07 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 15:39:07 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 15:39:07 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 15:39:07 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 15:39:06 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 15:39:06 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/01/15 11:16:04 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 11:16:04 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 11:16:03 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/14 23:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[1 C:\Users\Tony\Desktop\*.tmp files -> C:\Users\Tony\Desktop\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2014/04/08 17:15:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.scr
[2014/04/08 17:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/08 17:11:03 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/08 17:11:03 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/08 17:09:30 | 000,783,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/08 17:09:30 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/08 17:09:30 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/08 17:04:14 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/08 17:03:42 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/08 17:03:41 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTony.job
[2014/04/08 17:03:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/08 17:03:34 | 461,623,295 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/08 16:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/08 15:56:48 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\Tony\Desktop\FRST64.exe
[2014/04/08 14:45:26 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2014/04/06 10:14:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/05 12:02:23 | 005,193,579 | R--- | M] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2014/04/05 11:35:40 | 010,971,424 | ---- | M] (SurfRight B.V.) -- C:\Users\Tony\Desktop\HitmanPro_x64.exe
[2014/04/05 11:33:39 | 009,096,848 | ---- | M] (SurfRight B.V.) -- C:\Users\Tony\Desktop\HitmanPro35.exe
[2014/04/05 11:22:00 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\iexplore.exe.exe
[2014/04/05 10:41:20 | 017,305,616 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Tony\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/05 10:26:09 | 000,783,632 | ---- | M] (McAfee, Inc.) -- C:\Users\Tony\Desktop\rootkitremover.exe
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/20 14:50:52 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/03/16 10:36:01 | 000,048,322 | ---- | M] () -- C:\Users\Tony\Documents\Resume.rtf
[2014/03/16 10:31:05 | 000,585,494 | ---- | M] () -- C:\Users\Tony\Documents\rice lake weighing Application.pdf
[2014/03/13 21:03:45 | 000,050,934 | ---- | M] () -- C:\Users\Tony\Desktop\106109119_LIC_03132014_210005_5213100reduced.pdf
[2014/03/13 03:19:47 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/11 16:23:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/11 16:23:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/01 00:16:26 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/28 23:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/28 23:51:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/28 23:40:43 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/28 23:37:12 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/28 23:33:52 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/28 23:32:59 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/28 23:23:49 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/28 23:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/28 23:02:07 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/28 22:54:33 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/28 22:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/28 22:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/28 22:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/28 22:42:12 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/28 22:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/28 22:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/28 22:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/28 22:35:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/28 22:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/28 22:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/28 21:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/28 21:25:22 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/26 04:01:22 | 000,775,292 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/03 21:32:22 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/02/03 21:32:12 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/02/03 21:04:11 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/01/28 21:32:18 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/01/28 21:06:47 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/01/14 23:13:41 | 000,002,219 | ---- | M] () -- C:\Users\Tony\Desktop\HP Support Assistant.lnk
[2014/01/14 18:49:27 | 000,000,235 | ---- | M] () -- C:\Users\Tony\Documents\passwords.rtf
[1 C:\Users\Tony\Desktop\*.tmp files -> C:\Users\Tony\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/05 12:15:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/04/05 12:15:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/04/05 12:15:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/04/05 12:15:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/04/05 12:15:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/16 10:35:04 | 000,048,322 | ---- | C] () -- C:\Users\Tony\Documents\Resume.rtf
[2014/03/13 21:03:44 | 000,050,934 | ---- | C] () -- C:\Users\Tony\Desktop\106109119_LIC_03132014_210005_5213100reduced.pdf
[2014/02/24 15:52:55 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTony.job
[2014/01/14 23:13:41 | 000,002,219 | ---- | C] () -- C:\Users\Tony\Desktop\HP Support Assistant.lnk
[2014/01/14 18:49:27 | 000,000,235 | ---- | C] () -- C:\Users\Tony\Documents\passwords.rtf
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/01 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/02/01 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/01/29 21:45:18 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\AVG2013
[2014/03/14 22:38:33 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Dropbox
[2012/02/26 14:15:16 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\IDT
[2014/03/27 15:01:08 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SoftGrid Client
[2013/06/29 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TP
[2013/01/29 21:44:07 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TuneUp Software
[2013/03/22 23:11:42 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\uTorrent
[2012/02/27 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  %SYSTEMDRIVE%\*.* >
[2011/02/11 12:00:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2014/04/06 10:20:00 | 000,022,801 | ---- | M] () -- C:\ComboFix.txt
[2014/04/08 17:03:34 | 461,623,295 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/02 21:39:40 | 000,000,000 | RHS- | M] () -- C:\OS
[2014/04/08 17:03:34 | 2047,156,223 | -HS- | M] () -- C:\pagefile.sys
[2014/04/05 11:25:00 | 000,136,590 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_05.04.2014_11.23.07_log.txt
[2014/04/05 11:25:42 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_05.04.2014_11.25.30_log.txt
 
<  %SYSTEMDRIVE%\*. >
[2013/02/01 15:39:03 | 000,000,000 | -H-D | M] -- C:\$AVG
[2014/04/06 10:14:39 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2014/04/08 17:04:27 | 000,000,000 | ---D | M] -- C:\FRST
[2011/11/02 22:27:45 | 000,000,000 | R--D | M] -- C:\hp
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2014/04/05 10:42:18 | 000,000,000 | R--D | M] -- C:\Program Files
[2014/04/08 17:00:53 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2014/04/05 11:34:02 | 000,000,000 | ---D | M] -- C:\ProgramData
[2014/04/06 10:20:03 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011/02/11 14:24:35 | 000,000,000 | ---D | M] -- C:\Recovery
[2014/01/14 23:07:38 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2014/04/02 13:05:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/02/26 11:08:13 | 000,000,000 | R--D | M] -- C:\SYSTEM.SAV
[2012/02/26 11:04:26 | 000,000,000 | R--D | M] -- C:\Users
[2014/04/08 15:59:17 | 000,000,000 | ---D | M] -- C:\Windows
 
<  %USERPROFILE%\*.* >
[2014/04/08 17:18:28 | 002,097,152 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT
[2014/04/08 17:18:28 | 000,262,144 | -HS- | M] () -- C:\Users\Tony\ntuser.dat.LOG1
[2012/02/26 11:04:33 | 000,000,000 | -HS- | M] () -- C:\Users\Tony\ntuser.dat.LOG2
[2012/02/27 08:49:22 | 000,065,536 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012/02/27 08:49:22 | 000,524,288 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012/02/27 08:49:22 | 000,524,288 | -HS- | M] () -- C:\Users\Tony\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/02/26 11:04:33 | 000,000,020 | -HS- | M] () -- C:\Users\Tony\ntuser.ini
 
<  %USERPROFILE%\*. >
[2012/02/26 11:04:33 | 000,000,000 | -H-D | M] -- C:\Users\Tony\AppData
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\Application Data
[2013/09/13 16:48:20 | 000,000,000 | R--D | M] -- C:\Users\Tony\Contacts
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\Cookies
[2014/04/08 17:15:31 | 000,000,000 | R--D | M] -- C:\Users\Tony\Desktop
[2014/03/16 12:24:52 | 000,000,000 | R--D | M] -- C:\Users\Tony\Documents
[2014/03/13 21:00:01 | 000,000,000 | R--D | M] -- C:\Users\Tony\Downloads
[2014/03/14 22:38:32 | 000,000,000 | R--D | M] -- C:\Users\Tony\Dropbox
[2014/02/20 22:10:04 | 000,000,000 | R--D | M] -- C:\Users\Tony\Favorites
[2013/09/13 16:48:21 | 000,000,000 | R--D | M] -- C:\Users\Tony\Links
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\Local Settings
[2013/09/13 16:48:20 | 000,000,000 | R--D | M] -- C:\Users\Tony\Music
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\My Documents
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\NetHood
[2014/03/20 18:39:45 | 000,000,000 | R--D | M] -- C:\Users\Tony\Pictures
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\PrintHood
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\Recent
[2013/09/13 16:48:20 | 000,000,000 | R--D | M] -- C:\Users\Tony\Saved Games
[2013/09/13 16:48:20 | 000,000,000 | R--D | M] -- C:\Users\Tony\Searches
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\SendTo
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\Start Menu
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\Templates
[2013/09/13 16:48:20 | 000,000,000 | R--D | M] -- C:\Users\Tony\Videos
 
<  %USERPROFILE%\*.exe /s >
[2014/04/08 17:02:22 | 000,000,000 | ---- | M] () -- C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QTEZDLG\FRST64[1].exe
[2013/12/19 12:06:54 | 000,921,512 | ---- | M] (Oracle Corporation) -- C:\Users\Tony\AppData\LocalLow\Sun\Java\JRERunOnce.exe
[2014/01/02 19:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014/01/02 19:47:26 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012/05/24 13:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2011/11/02 22:20:56 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Tony\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2014/04/05 12:02:23 | 005,193,579 | R--- | M] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2014/04/08 15:56:48 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\Tony\Desktop\FRST64.exe
[2014/04/05 11:33:39 | 009,096,848 | ---- | M] (SurfRight B.V.) -- C:\Users\Tony\Desktop\HitmanPro35.exe
[2014/04/05 11:35:40 | 010,971,424 | ---- | M] (SurfRight B.V.) -- C:\Users\Tony\Desktop\HitmanPro_x64.exe
[2014/04/05 11:22:00 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\iexplore.exe.exe
[2014/04/05 10:41:20 | 017,305,616 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Tony\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/05 10:26:09 | 000,783,632 | ---- | M] (McAfee, Inc.) -- C:\Users\Tony\Desktop\rootkitremover.exe
[1 C:\Users\Tony\Desktop\*.tmp files -> C:\Users\Tony\Desktop\*.tmp -> ]
[2012/02/29 19:36:03 | 005,590,528 | ---- | M] (Jeffrey Harris) -- C:\Users\Tony\Downloads\SharePod_3.98\SharePod.exe
 
<  %USERPROFILE%\Documents\*.* >
[2012/04/27 16:20:34 | 000,000,364 | ---- | M] () -- C:\Users\Tony\Documents\avgcode.txt
[2012/04/10 21:39:37 | 000,001,578 | ---- | M] () -- C:\Users\Tony\Documents\bass league.rtf
[2013/02/12 16:36:57 | 000,001,050 | ---- | M] () -- C:\Users\Tony\Documents\Bill of sale boat.rtf
[2013/02/12 16:46:38 | 000,000,988 | ---- | M] () -- C:\Users\Tony\Documents\bill of sale boat1.rtf
[2013/02/12 16:50:24 | 000,001,007 | ---- | M] () -- C:\Users\Tony\Documents\bill of sale trailer.rtf
[2013/09/13 16:48:20 | 000,000,402 | -HS- | M] () -- C:\Users\Tony\Documents\desktop.ini
[2013/02/01 22:48:50 | 000,490,792 | ---- | M] () -- C:\Users\Tony\Documents\FormWIZ-2012.pdf
[2012/05/13 16:37:29 | 000,014,667 | ---- | M] () -- C:\Users\Tony\Documents\invoice[1].rtf
[2013/11/30 17:18:19 | 000,584,281 | ---- | M] () -- C:\Users\Tony\Documents\part handler.pdf
[2014/01/14 18:49:27 | 000,000,235 | ---- | M] () -- C:\Users\Tony\Documents\passwords.rtf
[2014/03/16 10:36:01 | 000,048,322 | ---- | M] () -- C:\Users\Tony\Documents\Resume.rtf
[2014/03/16 10:31:05 | 000,585,494 | ---- | M] () -- C:\Users\Tony\Documents\rice lake weighing Application.pdf
[2013/02/01 22:21:39 | 000,464,205 | ---- | M] () -- C:\Users\Tony\Documents\TaxReturn.pdf
[2013/05/14 20:44:47 | 005,296,897 | ---- | M] () -- C:\Users\Tony\Documents\wedding photography.rtf
 
<  %USERPROFILE%\Downloads\*.* >
[2012/03/03 19:37:39 | 004,859,022 | ---- | M] () -- C:\Users\Tony\Downloads\01 Abraham's Daughter.mp3
[2012/05/30 16:04:47 | 134,364,011 | ---- | M] () -- C:\Users\Tony\Downloads\Church_Clothes-(DatPiff.com).zip
[2013/09/13 16:48:20 | 000,000,282 | -HS- | M] () -- C:\Users\Tony\Downloads\desktop.ini
[2013/11/09 17:07:36 | 011,537,121 | ---- | M] () -- C:\Users\Tony\Downloads\Eminem Ft. Buckshot - Don't Front (FULL) LeakedEarly.com.mp3
[2013/11/12 20:22:28 | 083,225,744 | ---- | M] () -- C:\Users\Tony\Downloads\FEFE DOBSON - LEGACY (KLEVER REMIX FEAT YELAWOLF).wav
[2013/02/01 22:33:45 | 000,460,598 | ---- | M] () -- C:\Users\Tony\Downloads\FormWIZ-2012.pdf
[2012/08/25 16:37:51 | 002,282,297 | ---- | M] () -- C:\Users\Tony\Downloads\re2003skeeterzx200listed81712onbassboatcentral.zip
[2013/11/20 19:58:00 | 014,564,073 | ---- | M] () -- C:\Users\Tony\Downloads\Spectrum (Original Mix).mp3
[2013/11/20 19:59:24 | 011,516,732 | ---- | M] () -- C:\Users\Tony\Downloads\Spectrum feat. Matthew Koma (Radio Mix).mp3
 
<  %USERPROFILE%\AppData\Local\*.* >
[2012/11/14 20:55:11 | 000,058,016 | ---- | M] () -- C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
[2014/04/08 17:02:46 | 011,697,378 | -H-- | M] () -- C:\Users\Tony\AppData\Local\IconCache.db
 
<  %USERPROFILE%\AppData\Local\*. >
[2013/07/16 17:01:06 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Adobe
[2012/02/26 11:56:45 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Apple
[2012/03/06 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Apple Computer
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\AppData\Local\Application Data
[2014/02/10 15:51:58 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Avg2013
[2012/02/27 18:02:01 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\BubbleWrap
[2014/01/18 11:19:10 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\CrashDumps
[2013/12/02 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Diagnostics
[2013/08/28 21:24:12 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Google
[2012/04/09 15:09:30 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Hewlett-Packard
[2012/02/26 11:09:47 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Hewlett-Packard_Company
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\AppData\Local\History
[2012/11/14 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Macromedia
[2013/01/29 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\MFAData
[2013/11/28 09:23:42 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Microsoft
[2012/02/26 15:32:09 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Mozilla
[2012/02/26 11:08:50 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\PDFC
[2014/03/13 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Programs
[2012/02/26 11:05:17 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\RemEngine
[2013/06/29 21:43:20 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\SoftGrid Client
[2014/04/08 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\Temp
[2012/02/26 11:04:33 | 000,000,000 | -HSD | M] -- C:\Users\Tony\AppData\Local\Temporary Internet Files
[2012/02/26 11:04:54 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\TouchSmartData
[2012/02/26 14:18:27 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\VirtualStore
[2012/05/26 14:33:32 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\WinZip
[2013/11/09 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Local\{2AE4ADF2-96CB-4FE9-A73D-936127CAE9F7}
 
<  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.* >
 
<  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*. >
 
<  %USERPROFILE%\AppData\Local\temp\*.exe >
 
<  %USERPROFILE%\AppData\Local\temp\*.dll >
 
<  %USERPROFILE%\AppData\Local\temp\*.tlb >
 
<  %USERPROFILE%\AppData\Roaming\*.* >
 
<  %USERPROFILE%\AppData\Roaming\*. >
[2013/02/01 22:32:23 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Adobe
[2012/03/13 20:30:00 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Apple Computer
[2013/01/29 21:45:18 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\AVG2013
[2014/03/14 22:38:33 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Dropbox
[2012/02/27 18:15:52 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Hewlett-Packard
[2014/01/13 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\HP Support Assistant
[2012/12/04 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\hpqLog
[2014/01/13 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\HpUpdate
[2012/02/26 11:08:23 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Identities
[2012/02/26 14:15:16 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\IDT
[2011/11/02 22:20:58 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Macromedia
[2014/04/05 10:43:44 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Malwarebytes
[2010/11/21 02:16:41 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Media Center Programs
[2013/06/29 21:43:28 | 000,000,000 | --SD | M] -- C:\Users\Tony\AppData\Roaming\Microsoft
[2012/02/26 15:32:26 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Mozilla
[2014/04/08 16:58:58 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Skype
[2014/03/27 15:01:08 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\SoftGrid Client
[2013/06/29 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TP
[2013/01/29 21:44:07 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TuneUp Software
[2013/03/22 23:11:42 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\uTorrent
[2012/02/27 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\WinBatch
 
<  %ProgramData%\*.* >
 
<  %ProgramData%\*. >
[2012/10/25 20:56:58 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/04/10 14:13:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2012/02/26 11:56:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012/02/26 11:56:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/01/29 21:44:22 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2013
[2012/04/27 13:57:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2011/11/02 22:12:03 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2014/01/14 23:08:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
[2014/04/05 11:44:20 | 000,000,000 | ---D | M] -- C:\ProgramData\HitmanPro
[2011/11/02 22:07:00 | 000,000,000 | ---D | M] -- C:\ProgramData\intel
[2013/12/28 19:27:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Linksys
[2011/11/02 22:11:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Macrovision
[2014/04/05 10:43:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012/12/28 14:46:16 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2014/04/08 16:59:00 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2014/02/25 04:01:46 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012/04/27 16:58:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2011/11/02 22:26:48 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2013/11/01 18:49:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Oracle
[2014/04/08 17:04:15 | 000,000,000 | ---D | M] -- C:\ProgramData\PDFC
[2011/11/02 22:07:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Ralink Driver
[2012/03/11 11:23:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Recovery
[2013/11/28 09:25:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2011/11/02 22:11:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2011/11/02 22:06:14 | 000,000,000 | ---D | M] -- C:\ProgramData\SonicFocus
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/12/28 14:47:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2011/11/02 22:22:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/11/02 22:21:33 | 000,000,000 | ---D | M] -- C:\ProgramData\TouchSmartData
[2011/11/02 22:11:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2013/07/01 16:01:10 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2011/11/02 22:18:33 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2012/04/16 16:07:58 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2014/01/14 23:09:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2012/02/26 11:57:07 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
 
<  %programdata%\Microsoft\Windows\DRM\*.tmp >
 
<  %programdata%\Microsoft\DRM\*.tmp >
 
<  %programdata%\temp\*.exe >
 
<  %programdata%\temp\*.dll >
 
<  %programdata%\temp\*.tlb >
 
<  C:\Users\All Users\*.exe /s >
[2012/08/21 13:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
[2012/08/21 13:01:20 | 000,131,544 | ---- | M] (GEAR Software, Inc.) -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
[2012/12/18 15:34:04 | 000,364,816 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe
[2012/10/25 20:53:43 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2013/12/12 17:27:00 | 000,179,512 | ---- | M] (Hewlett-Packard Company) -- C:\Users\All Users\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFdetect.exe
[2013/08/05 16:05:16 | 000,253,240 | ---- | M] (Hewlett-Packard Company) -- C:\Users\All Users\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFfix.exe
[2013/12/12 17:18:00 | 000,631,608 | ---- | M] (Hewlett-Packard Company) -- C:\Users\All Users\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
[2014/01/14 15:31:30 | 044,799,704 | ---- | M] (Hewlett-Packard                                             ) -- C:\Users\All Users\Hewlett-Packard\HP Support Framework\Resources\Updater7\sp64126.exe
[2011/04/13 16:16:52 | 000,067,128 | ---- | M] (Hewlett-Packard) -- C:\Users\All Users\Hewlett-Packard\HP Support Framework\Resources\Updater7\unzip.exe
[2011/06/08 17:58:36 | 000,165,432 | ---- | M] (Microsoft) -- C:\Users\All Users\Hewlett-Packard\HP Support Framework\Resources\Updater7\WaitWindow.exe
[2011/05/10 05:43:16 | 000,636,568 | ---- | M] (Hewlett-Packard                                              ) -- C:\Users\All Users\Hewlett-Packard\HPUpdate\setup.exe
[2008/09/26 11:19:04 | 001,021,216 | ---- | M] (Acresso Corporation) -- C:\Users\All Users\Macrovision\FLEXnet Connect\11\agent.exe
[2007/03/20 17:25:36 | 000,205,744 | ---- | M] (InstallShield Software Corporation) -- C:\Users\All Users\Macrovision\FLEXnet Connect\11\dwusplay.exe
[2008/09/26 11:19:06 | 000,279,840 | ---- | M] (Acresso Corporation) -- C:\Users\All Users\Macrovision\FLEXnet Connect\11\ISDM.exe
[2008/09/26 11:19:04 | 000,079,136 | ---- | M] (Acresso Corporation) -- C:\Users\All Users\Macrovision\FLEXnet Connect\11\issch.exe
[2008/09/26 11:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\Users\All Users\Macrovision\FLEXnet Connect\11\ISUSPM.exe
[2013/01/29 21:38:35 | 007,241,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\All Users\MFAData\SelfUpd\avgmfapx.exe
[2013/01/29 21:38:34 | 000,621,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\All Users\MFAData\SelfUpd\avgntdumpx.exe
[2013/01/29 21:38:35 | 000,015,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\All Users\MFAData\SelfUpd\avgrdtestx.exe
[2013/01/29 21:38:34 | 000,270,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\All Users\MFAData\SelfUpd\avgrunasx.exe
[2013/01/29 21:38:35 | 000,042,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\All Users\MFAData\SelfUpd\avguirux.exe
[2010/06/05 22:53:37 | 001,100,664 | ---- | M] (Microsoft Corporation) -- C:\Users\All Users\Microsoft\OEMOffice14\Office14\setup.exe
[2010/06/16 14:51:57 | 000,838,536 | ---- | M] (Microsoft Corporation) -- C:\Users\All Users\Microsoft\OEMOffice14\Office14\Office.en-us\DW20.EXE
[2010/06/16 14:51:58 | 000,519,584 | ---- | M] (Microsoft Corporation) -- C:\Users\All Users\Microsoft\OEMOffice14\Office14\Office.en-us\dwtrig20.exe
[2010/06/09 11:55:34 | 000,149,352 | ---- | M] (Microsoft Corporation) -- C:\Users\All Users\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
[2010/02/28 20:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\Users\All Users\Microsoft\OEMOffice14\OStarter\en-us\Office.exe
[2011/06/21 11:00:15 | 001,631,120 | ---- | M] (Microsoft Corporation) -- C:\Users\All Users\Microsoft\OEMOffice14\OStarter\en-us\SetupConsumerC2R.exe
[2011/06/21 11:00:15 | 001,631,120 | ---- | M] (Microsoft Corporation) -- C:\Users\All Users\Microsoft\OEMOffice14\OStarter\en-us\SetupConsumerC2ROLW.exe
[2009/10/28 11:48:14 | 000,907,552 | ---- | M] () -- C:\Users\All Users\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst64.exe
[2010/12/31 13:10:36 | 000,053,088 | ---- | M] () -- C:\Users\All Users\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaIOx64.exe
[2011/08/02 22:47:12 | 005,304,304 | ---- | M] (Sonic Solutions) -- C:\Users\All Users\Uninstall\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}\setup.exe
[2011/08/31 02:13:53 | 609,741,088 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-068124b5-83b7-454f-ba8a-54017113b7c4-extr.exe
[2011/08/31 02:02:36 | 098,415,296 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-0b01a279-0539-417c-a124-72258343443e-extr.exe
[2011/08/30 23:56:37 | 013,705,664 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-132ba225-5520-48c8-9699-070572010c41-extr.exe
[2011/08/31 02:05:52 | 015,175,776 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-181203f2-a08f-444c-a4b8-7a17b1632ab0-extr.exe
[2011/08/31 02:08:54 | 485,605,584 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-19aed649-d587-487a-9d72-e4242d2aea26-extr.exe
[2011/08/31 01:57:23 | 410,436,128 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-1aaf718a-1a84-4be8-b12a-90eadb825b29-extr.exe
[2011/08/30 23:44:27 | 008,801,728 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-2ad2a0ec-96dc-49b4-83bc-d86f1c8438aa-extr.exe
[2011/08/31 02:10:53 | 709,015,032 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-4fca7edf-3e73-488f-84a4-c8dbf18e3b4e-extr.exe
[2011/08/31 01:55:39 | 020,037,360 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-5fa4205a-88c7-412a-80ab-1b458f527b15-extr.exe
[2011/08/31 02:00:38 | 772,842,672 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-613e4b0c-1106-4f17-9555-d74f8fe0b815-extr.exe
[2011/08/31 02:07:28 | 012,842,344 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-74918998-2a1f-4546-b57c-2503fd0cf7ff-extr.exe
[2011/08/31 01:56:07 | 017,803,024 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-7a846430-fc66-436d-8f5c-eff07297f411-extr.exe
[2011/08/31 02:12:21 | 077,786,552 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-7d837e87-cf1d-4bfa-9cf8-3d05f6e0c362-extr.exe
[2011/08/31 02:03:18 | 143,569,568 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-7f96e082-5876-4e3e-922f-4a9522af4042-extr.exe
[2011/08/31 01:54:03 | 148,899,360 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-814c1ea1-887d-47d0-9172-3887b972a567-extr.exe
[2011/08/31 02:03:47 | 030,605,544 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-86462d7e-1867-4cdb-90fe-61e20aff6e0d-extr.exe
[2011/08/31 01:29:42 | 520,505,736 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-8b443321-00d8-4ba7-949c-3265d7c24915-extr.exe
[2011/08/31 02:02:02 | 188,486,072 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-93e02acd-d5f6-48c2-a809-41bbcd3393e8-extr.exe
[2011/08/31 02:01:08 | 002,804,544 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-b102fd66-3c86-4aa0-ac85-3e89302c7365-extr.exe
[2011/08/31 01:58:33 | 028,991,696 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-bc020aa7-eaa7-4fd1-b2ab-5554f053f3b5-extr.exe
[2011/08/31 02:04:13 | 004,095,144 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-dae6da34-6ff7-40d2-90fc-e06c103e0ca9-extr.exe
[2011/08/31 02:06:39 | 144,899,480 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-dbd19356-190f-48aa-afc4-9e9de19c37bd-extr.exe
[2011/08/31 01:58:03 | 144,535,528 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-e23fbb08-47ed-41b6-9e3a-d0201893c3d7-extr.exe
[2011/08/31 01:34:53 | 037,892,312 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-eb478049-351e-4e17-85b2-a785a9bdd1d3-extr.exe
[2011/08/31 02:07:02 | 011,063,264 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-ebaaba1e-e5ec-41b9-b450-cc00df17daad-extr.exe
[2011/08/31 02:11:48 | 293,068,296 | ---- | M] (WildTangent) -- C:\Users\All Users\WildTangent\GameInstalls\WTA-ed8c80f6-00d3-480e-a75a-be39c5a76595-extr.exe
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,542 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/05 21:31:04 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/04/05 21:31:05 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/08 10:13:49 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/02/24 15:52:55 | 000,000,328 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForTony.job



#12 Tpg7

Tpg7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 08 April 2014 - 05:47 PM

2nd half

<  C:\Users\Default\*.exe /s >
[2011/11/02 22:20:56 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
<  C:\Users\Public\*.exe /s >
 
<  %CommonProgramFiles%\*.* >
 
<  %CommonProgramFiles%\*. >
[2013/02/01 22:30:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe
[2011/11/02 22:20:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/10/25 20:56:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Apple
[2013/06/29 21:42:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/11/02 22:00:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Intel
[2013/11/01 18:48:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Java
[2013/06/29 21:42:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\microsoft shared
[2011/11/02 22:19:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Portrait Displays
[2011/11/02 22:06:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\postureAgent
[2011/11/02 22:11:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Services
[2013/04/09 21:18:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Skype
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2012/04/27 14:11:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/02/27 17:42:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\System
[2011/11/02 22:24:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Windows Live
 
<  %CommonProgramFiles%\ComObjects\*.* >
 
<  %ProgramFiles%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
<  %ProgramFiles%\*. >
[2012/12/28 15:42:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ActiveGS
[2013/02/01 22:30:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/02/26 11:56:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2013/01/29 21:45:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2013/03/03 23:42:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Axis Communications
[2012/02/26 11:56:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2014/04/05 13:04:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/11/02 22:23:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
[2013/12/13 01:47:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2014/01/14 23:09:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/11/02 22:07:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
[2011/11/02 22:18:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2014/01/14 23:13:41 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/11/02 22:06:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2014/03/13 03:18:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/10/25 20:56:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2013/11/01 18:48:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/11/02 22:21:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-NFB Reading Technology Inc
[2011/11/02 22:21:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kobo
[2013/12/28 19:33:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Linksys
[2014/04/05 10:43:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2011/11/02 22:25:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2013/09/12 21:38:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/02/26 11:04:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Mathematics
[2013/06/29 21:42:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2014/03/13 03:19:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/11/02 22:25:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/11/02 22:11:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2011/02/11 12:13:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2014/04/05 10:26:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/02/27 09:02:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/11/02 22:21:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewspaperDirect
[2012/02/27 18:16:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/11/02 22:24:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF Complete
[2011/11/02 22:21:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayReady
[2012/10/25 20:53:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/11/02 22:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2013/11/28 09:25:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/11/02 22:27:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SymSilent
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2012/12/19 16:07:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2011/11/02 22:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
[2013/07/10 19:23:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/11/02 22:25:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2013/12/12 04:17:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/02/26 11:05:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/11/02 22:20:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zinio Reader 4
 
<  %Public%\Documents\*.* >
[2009/07/13 23:54:24 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
 
<  %Public%\Documents\*. >
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Music
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Pictures
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Videos
[2011/11/02 22:23:50 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\YouCam
 
<  %systemroot%\System32\config\systemprofile\*.exe /s >
 
<  %systemroot%\System32\config\systemprofile\*.* >
[2012/02/27 00:57:22 | 000,262,144 | ---- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat
[2014/04/05 12:24:45 | 000,005,120 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
[2012/02/27 00:57:22 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2
[2012/02/27 00:57:22 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat{734c6c59-60ff-11e1-8be9-386077e4ef8f}.TM.blf
[2012/02/27 00:57:22 | 000,524,288 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat{734c6c59-60ff-11e1-8be9-386077e4ef8f}.TMContainer00000000000000000001.regtrans-ms
[2012/02/27 00:57:22 | 000,524,288 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat{734c6c59-60ff-11e1-8be9-386077e4ef8f}.TMContainer00000000000000000002.regtrans-ms
[2012/02/27 00:57:23 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat{734c6c5d-60ff-11e1-8be9-386077e4ef8f}.TM.blf
[2012/02/27 00:57:23 | 000,524,288 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat{734c6c5d-60ff-11e1-8be9-386077e4ef8f}.TMContainer00000000000000000001.regtrans-ms
[2012/02/27 00:57:23 | 000,524,288 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat{734c6c5d-60ff-11e1-8be9-386077e4ef8f}.TMContainer00000000000000000002.regtrans-ms
 
<  %systemroot%\System32\config\systemprofile\*. >
[2009/07/13 23:55:33 | 000,000,000 | --SD | M] -- C:\Windows\System32\config\systemprofile\AppData
[2011/11/02 22:14:53 | 000,000,000 | R--D | M] -- C:\Windows\System32\config\systemprofile\Favorites
 
<  %systemroot%\system32\config\systemprofile\AppData\Local\*.* >
 
<  %systemroot%\system32\config\systemprofile\AppData\Local\*. >
[2013/01/29 21:50:25 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013
[2013/12/24 21:32:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\CrashDumps
[2013/12/13 01:47:53 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Google
[2012/02/26 23:57:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Hewlett-Packard_Company
[2011/11/02 22:14:49 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft
[2013/09/12 21:38:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\SoftGrid Client
 
<  %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >
 
<  %systemroot%\system32\config\systemprofile\AppData\Roaming\*. >
[2012/02/26 11:56:37 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
[2013/01/29 21:44:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2013
[2013/02/25 15:30:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Hewlett-Packard
[2011/11/02 22:08:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\hpqLog
[2012/02/26 23:57:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft
[2014/04/08 17:02:57 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client
[2013/06/29 21:43:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
 
<  %systemroot%\SysWow64\config\systemprofile\*.exe /s >
 
<  %systemroot%\SysWow64\config\systemprofile\*.* >
[2012/02/27 00:57:22 | 000,262,144 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat
[2014/04/05 12:24:45 | 000,005,120 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat.LOG1
[2012/02/27 00:57:22 | 000,000,000 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat.LOG2
[2012/02/27 00:57:22 | 000,065,536 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat{734c6c59-60ff-11e1-8be9-386077e4ef8f}.TM.blf
[2012/02/27 00:57:22 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat{734c6c59-60ff-11e1-8be9-386077e4ef8f}.TMContainer00000000000000000001.regtrans-ms
[2012/02/27 00:57:22 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat{734c6c59-60ff-11e1-8be9-386077e4ef8f}.TMContainer00000000000000000002.regtrans-ms
[2012/02/27 00:57:23 | 000,065,536 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat{734c6c5d-60ff-11e1-8be9-386077e4ef8f}.TM.blf
[2012/02/27 00:57:23 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat{734c6c5d-60ff-11e1-8be9-386077e4ef8f}.TMContainer00000000000000000001.regtrans-ms
[2012/02/27 00:57:23 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat{734c6c5d-60ff-11e1-8be9-386077e4ef8f}.TMContainer00000000000000000002.regtrans-ms
 
<  %systemroot%\SysWow64\config\systemprofile\*. >
[2009/07/13 23:55:33 | 000,000,000 | --SD | M] -- C:\Windows\SysWow64\config\systemprofile\AppData
[2011/11/02 22:14:53 | 000,000,000 | R--D | M] -- C:\Windows\SysWow64\config\systemprofile\Favorites
 
<  %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.* >
 
<  %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*. >
[2013/01/29 21:50:25 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg2013
[2013/12/24 21:32:43 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps
[2013/12/13 01:47:53 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google
[2012/02/26 23:57:18 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Hewlett-Packard_Company
[2011/11/02 22:14:49 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft
[2013/09/12 21:38:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SoftGrid Client
 
<  %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >
 
<  %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*. >
[2012/02/26 11:56:37 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Apple Computer
[2013/01/29 21:44:20 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AVG2013
[2013/02/25 15:30:42 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Hewlett-Packard
[2011/11/02 22:08:56 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hpqLog
[2012/02/26 23:57:20 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft
[2014/04/08 17:02:57 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client
[2013/06/29 21:43:17 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
 
<  %systemroot%\ServiceProfiles\*.exe /s >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.* >
[2011/11/02 22:32:05 | 000,580,268 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
[2013/02/19 16:15:19 | 000,665,284 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-107791519-2935810374-169235309-1001-12288.dat
[2013/02/26 23:09:45 | 035,391,956 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-107791519-2935810374-169235309-1001-4096.dat
[2013/02/26 23:09:45 | 002,714,031 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-107791519-2935810374-169235309-1001-8192.dat
[2011/11/02 22:32:05 | 000,229,460 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-591958117-1583237336-2500279891-500-12288.dat
[2014/04/08 17:02:55 | 001,264,056 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
[2014/04/08 17:03:40 | 000,002,048 | -HS- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
[2014/04/08 17:03:40 | 000,002,048 | -HS- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
[2013/12/28 19:25:13 | 016,777,216 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
[2014/04/03 20:45:25 | 008,388,608 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-107791519-2935810374-169235309-1001.dat
[2013/12/28 19:25:26 | 000,319,116 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\*. >
[2012/02/26 11:06:11 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft
[2012/02/26 11:04:29 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
[2012/06/14 00:39:28 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.exe >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.dll >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.* >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*. >
[2012/03/06 19:59:44 | 000,000,000 | --SD | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft
[2012/02/26 11:03:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.* >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*. >
[2012/02/27 00:24:43 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft
[2014/04/08 14:39:20 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.exe >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.dll >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.* >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*. >
[2010/11/20 22:27:14 | 000,000,000 | --SD | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft
 
<  %windir%\temp\*.exe /s >
 
<  %windir%\temp\*.* >
[2014/04/07 15:25:53 | 000,002,474 | ---- | M] () -- C:\Windows\temp\ACLM_GeneratedProxy.cs
[2014/04/08 16:59:01 | 000,000,316 | ---- | M] () -- C:\Windows\temp\avginfo.id
[2014/03/31 12:36:37 | 000,007,164 | ---- | M] () -- C:\Windows\temp\HealthCheckAC.xml
 
<  %windir%\temp\*. >
[2014/04/07 15:26:36 | 000,000,000 | ---D | M] -- C:\Windows\temp\ACLM
[2014/04/06 14:27:41 | 000,000,000 | ---D | M] -- C:\Windows\temp\PDFC
 
<  %windir%\*. >
[2009/07/14 00:32:39 | 000,000,000 | ---D | M] -- C:\Windows\addins
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\Windows\AppCompat
[2014/04/05 13:05:00 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch
[2014/02/25 04:03:54 | 000,000,000 | R-SD | M] -- C:\Windows\assembly
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Boot
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Branding
[2009/07/14 00:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Cursors
[2012/03/02 02:21:20 | 000,000,000 | ---D | M] -- C:\Windows\debug
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\diagnostics
[2009/07/14 00:37:46 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker
[2013/11/16 22:11:01 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Program Files
[2012/02/27 17:42:56 | 000,000,000 | ---D | M] -- C:\Windows\ehome
[2011/11/02 22:25:34 | 000,000,000 | ---D | M] -- C:\Windows\en
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\en-US
[2014/04/06 10:18:48 | 000,000,000 | ---D | M] -- C:\Windows\erdnt
[2012/11/14 20:12:03 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts
[2010/11/21 02:19:27 | 000,000,000 | ---D | M] -- C:\Windows\Globalization
[2014/01/14 23:13:33 | 000,000,000 | ---D | M] -- C:\Windows\Help
[2009/07/14 00:37:46 | 000,000,000 | ---D | M] -- C:\Windows\IME
[2014/04/08 17:09:30 | 000,000,000 | ---D | M] -- C:\Windows\inf
[2014/04/08 14:46:00 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
[2009/07/14 00:32:39 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas
[2009/07/13 21:34:24 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports
[2013/11/28 00:06:17 | 000,000,000 | ---D | M] -- C:\Windows\Logs
[2009/07/14 00:32:40 | 000,000,000 | R-SD | M] -- C:\Windows\Media
[2014/02/26 04:16:08 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET
[2014/02/25 04:01:46 | 000,000,000 | ---D | M] -- C:\Windows\Migration
[2009/07/13 21:34:34 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs
[2009/07/14 00:32:40 | 000,000,000 | ---D | M] -- C:\Windows\Offline Web Pages
[2012/02/26 11:04:21 | 000,000,000 | ---D | M] -- C:\Windows\Panther
[2011/11/02 22:24:46 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Performance
[2009/07/13 22:20:10 | 000,000,000 | ---D | M] -- C:\Windows\PLA
[2013/11/28 09:22:29 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions
[2014/04/08 17:04:43 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch
[2011/11/02 22:21:04 | 000,000,000 | ---D | M] -- C:\Windows\PRIndex
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\Registration
[2014/02/13 22:13:25 | 000,000,000 | ---D | M] -- C:\Windows\rescache
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Resources
[2009/07/13 21:35:47 | 000,000,000 | ---D | M] -- C:\Windows\SchCache
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\schemas
[2009/07/13 22:20:10 | 000,000,000 | ---D | M] -- C:\Windows\security
[2009/07/13 23:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\servicing
[2011/02/11 14:28:52 | 000,000,000 | ---D | M] -- C:\Windows\Setup
[2010/11/21 02:16:47 | 000,000,000 | ---D | M] -- C:\Windows\ShellNew
[2014/04/05 12:05:53 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution
[2010/11/21 02:06:49 | 000,000,000 | ---D | M] -- C:\Windows\Speech
[2009/07/13 21:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system
[2014/04/08 17:09:30 | 000,000,000 | ---D | M] -- C:\Windows\System32
[2014/04/05 13:05:00 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64
[2009/07/13 23:57:13 | 000,000,000 | ---D | M] -- C:\Windows\TAPI
[2014/04/07 15:26:43 | 000,000,000 | ---D | M] -- C:\Windows\Tasks
[2014/04/08 17:18:43 | 000,000,000 | ---D | M] -- C:\Windows\temp
[2009/07/13 21:34:33 | 000,000,000 | ---D | M] -- C:\Windows\tracing
[2009/07/14 00:32:39 | 000,000,000 | ---D | M] -- C:\Windows\twain_32
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Vss
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Web
[2014/04/08 17:09:15 | 000,000,000 | ---D | M] -- C:\Windows\winsxs
 
<  %windir%\AppPatch\*.exe /s >
 
<  %windir%\ShellNew\*.* >
[2009/06/10 15:44:28 | 000,004,544 | ---- | M] () -- C:\Windows\ShellNew\Journal.jnt
 
<  %windir%\installer\*. >
[2011/11/02 22:11:03 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$
[2011/11/02 22:23:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
[2011/11/02 22:05:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{07FA4960-B038-49EB-891B-9F95930AA544}
[2012/10/25 20:52:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}
[2011/11/02 22:21:37 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}
[2011/11/02 22:11:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{120262A6-7A4B-4889-AE85-F5E5688D3683}
[2012/10/25 20:57:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}
[2011/11/02 22:21:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{20714B53-FC73-4F9C-9687-49EB237D6FD7}
[2011/11/02 22:26:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}
[2013/03/27 15:06:54 | 000,000,000 | ---D | M] -- C:\Windows\installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}
[2011/11/02 22:21:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}
[2011/11/02 22:07:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}
[2011/11/02 22:05:54 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}
[2011/11/02 22:21:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3FC611A8-2565-4EE8-A9C2-7751E18E4081}
[2012/04/27 14:11:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}
[2011/11/02 22:12:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}
[2011/11/02 22:07:56 | 000,000,000 | ---D | M] -- C:\Windows\installer\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}
[2011/11/02 22:22:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{452479C5-0118-48E9-AA69-0A7339F95FC8}
[2013/08/03 20:37:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}
[2012/02/26 11:04:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4D090F70-6F08-4B60-9357-A1DFD4458F09}
[2013/12/13 01:47:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
[2013/11/28 09:25:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
[2013/11/16 22:11:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}
[2012/10/25 20:54:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}
[2012/02/26 11:56:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
[2014/01/14 23:10:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
[2011/11/02 22:21:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{741006D1-7B2B-4E33-B2B0-831F282EEF64}
[2012/10/25 20:55:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}
[2012/02/26 11:56:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[2012/04/20 19:37:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}
[2011/11/02 22:20:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7E750542-55BC-4300-8B7B-AC2A762FB435}
[2011/11/02 22:22:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8004499A-DD04-4481-9254-98601C3CE07B}
[2012/02/27 18:16:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8364E531-493B-4B05-8041-09D5CE38B975}
[2012/02/27 09:02:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2011/11/02 22:21:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}
[2014/03/13 03:01:53 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2011/11/02 22:19:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8AE50893-3A87-4439-9A57-942ED43F7189}
[2014/03/13 03:01:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-006D-0409-1000-0000000FF1CE}
[2011/11/02 22:21:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{912CED74-88D3-4C5B-ACB0-132318649765}
[2013/09/12 21:36:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95140000-0070-0000-0000-0000000FF1CE}
[2013/12/13 01:47:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}
[2011/11/02 22:25:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}
[2012/02/27 17:54:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A35E58D6-2A0F-4051-983B-79342081338E}
[2011/11/02 22:25:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
[2014/01/16 04:21:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}
[2011/11/02 22:26:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AE856388-AFAD-4753-81DF-D96B19D0A17C}
[2011/11/02 22:05:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AF2BC355-FD92-4049-8702-CD91E1DD7063}
[2011/11/02 22:08:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}
[2011/11/02 22:22:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B34A07DD-C6F7-414A-AE63-01019482EAF0}
[2011/11/02 22:12:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
[2011/11/02 22:05:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}
[2012/04/16 16:07:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}
[2011/11/02 22:05:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D79A02E9-6713-4335-9668-AAC7474C0C0E}
[2011/11/02 22:05:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}
[2011/11/02 22:25:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48}
[2014/01/14 23:10:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}
[2011/11/02 22:25:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
[2011/11/02 22:25:12 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2011/11/02 22:06:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}
[2012/02/27 09:03:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2011/11/02 22:05:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F89BADB0-D319-470E-8024-443EE3A3402B}
 
<  %windir%\system32\*. >
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2013/11/16 22:11:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\Adobe
[2010/11/20 22:31:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/07/13 21:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2009/07/13 21:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
[2014/04/08 17:04:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2014/02/25 04:01:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
[2009/07/13 21:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
[2009/07/13 21:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2009/07/13 21:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield
[2013/02/27 14:57:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2013/02/27 14:57:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2013/11/16 22:43:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2010/11/20 22:31:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2013/11/28 09:22:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/07/13 21:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2013/02/27 14:57:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2013/02/27 14:57:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2013/02/27 14:57:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2011/11/02 22:07:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\sda
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
[2010/11/20 22:31:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2012/02/27 17:42:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
[2010/11/21 02:16:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2013/02/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW
 
<  %windir%\sysnative\*. >
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409
[2010/11/20 22:30:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG
[2011/11/02 21:52:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot
[2014/04/08 17:09:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot
[2014/04/08 17:09:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2
[2011/02/11 12:16:06 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity
[2010/11/21 02:06:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com
[2014/04/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ
[2013/02/27 14:57:35 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE
[2010/11/21 02:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism
[2014/04/06 10:20:08 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers
[2014/02/10 15:51:34 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore
[2012/10/25 20:57:00 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DRVSTORE
[2013/02/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en
[2014/02/25 04:01:59 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR
[2009/07/14 00:09:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp
[2009/07/13 21:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicy
[2009/07/13 21:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR
[2013/02/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME
[2009/07/13 21:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv
[2013/02/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP
[2013/02/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR
[2012/03/01 03:40:53 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV
[2012/02/26 14:28:03 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed
[2010/11/20 22:30:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore
[2009/07/13 23:45:42 | 000,000,000 | --SD | M] -- C:\Windows\sysnative\Microsoft
[2013/11/28 09:22:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz
[2014/03/18 03:02:28 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MRT
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc
[2010/11/21 02:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI
[2013/02/27 14:57:35 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO
[2013/10/31 17:39:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList
[2013/02/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL
[2011/02/11 12:00:20 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\OEM
[2011/11/02 22:04:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe
[2013/02/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL
[2010/11/21 02:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts
[2013/02/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR
[2013/02/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT
[2009/07/13 22:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras
[2011/11/02 21:48:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery
[2012/02/27 17:44:35 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore
[2009/07/13 22:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO
[2013/02/27 14:57:35 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup
[2009/07/13 22:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK
[2009/07/13 22:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr
[2009/07/13 22:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech
[2009/07/13 23:53:31 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool
[2009/07/13 22:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp
[2010/11/20 22:30:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE
[2011/11/02 22:43:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep
[2014/04/07 15:26:43 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA
[2012/02/27 17:42:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat
[2012/11/14 20:12:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem
[2010/11/21 02:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN
[2013/11/23 13:57:33 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi
[2009/07/14 00:09:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase
[2009/07/14 00:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN
[2013/02/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK
[2013/02/27 14:57:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW
 
<  %Temp%\smtmp\1\*.* >
 
<  %Temp%\smtmp\2\*.* >
 
<  %Temp%\smtmp\3\*.* >
 
<  %Temp%\smtmp\4\*.* >
 
<  %systemroot%\system32\*.dll /lockedfiles >
 
<  %systemroot%\syswow64\*.dll /lockedfiles >
 
<  %systemroot%\Tasks\*.job /lockedfiles >
 
<  %systemroot%\system32\drivers\*.sys /90 >
 
<  %systemroot%\system32\drivers\*.sys /lockedfiles >
 
<  %systemroot%\syswow64\drivers\*.sys /90 >
 
<  %systemroot%\syswow64\drivers\*.sys /lockedfiles >
 
<  %SYSTEMDRIVE%\*. /rp /s >
 
<  %systemroot%\assembly\tmp\*.* /S /MD5 >
 
<  %systemroot%\assembly\temp\*.* /S /MD5 >
[2014/02/13 04:05:31 | 014,416,896 | ---- | M] () MD5=ABBB06BA3C71171F77CE63E469AEEDE5 -- C:\Windows\assembly\temp\0DMKI4OOO0\mscorlib.ni.dll
[2014/02/25 04:05:01 | 007,662,080 | ---- | M] () MD5=62FEAA78427447229FCD5381E310E7BD -- C:\Windows\assembly\temp\2GOF3WWA5I\System.Xml.ni.dll
[2014/02/25 04:05:01 | 000,000,908 | ---- | M] () MD5=128B3A967E1C22BC9C6A7CB0027CFCBA -- C:\Windows\assembly\temp\2GOF3WWA5I\System.Xml.ni.dll.aux
[2014/02/13 04:19:24 | 000,143,360 | ---- | M] () MD5=B1BA947CEC478283EDE5A8D1E2352D3D -- C:\Windows\assembly\temp\36BIHEWBBF\SMDiagnostics.ni.dll
[2014/02/25 04:14:57 | 002,997,760 | ---- | M] () MD5=8925990537CEA3E19E36B272786D7B43 -- C:\Windows\assembly\temp\5DU5XF6F32\System.IdentityModel.ni.dll
[2014/02/25 04:14:57 | 000,002,056 | ---- | M] () MD5=18BF0621912130BF8B80F2DA710FEA7F -- C:\Windows\assembly\temp\5DU5XF6F32\System.IdentityModel.ni.dll.aux
[2014/02/13 04:20:51 | 018,109,952 | ---- | M] () MD5=1F0C2B9506567C784C54BEDD9CB4418C -- C:\Windows\assembly\temp\88G0XTZD46\System.ServiceModel.ni.dll
[2014/02/13 04:05:36 | 001,667,584 | ---- | M] () MD5=A149F7A87EEAD20B28EA4EA668D8C41C -- C:\Windows\assembly\temp\8LSIACRG10\System.Drawing.ni.dll
[2014/02/13 04:05:35 | 009,099,776 | ---- | M] () MD5=88BDB36C65D43EF1E73F6FF9E0948D8F -- C:\Windows\assembly\temp\9DW77U4QTP\System.ni.dll
[2014/02/13 04:05:57 | 013,199,360 | ---- | M] () MD5=6990982D48EF49617745F6B5EC5FE311 -- C:\Windows\assembly\temp\AY3E1MPJ1I\System.Windows.Forms.ni.dll
[2014/02/25 04:04:54 | 010,060,800 | ---- | M] () MD5=3F0F15C238F458ED549F283F570A979E -- C:\Windows\assembly\temp\AYJELYI22P\System.ni.dll
[2014/02/25 04:04:54 | 000,000,736 | ---- | M] () MD5=0A771CC08C71620CE9D3A93966E15812 -- C:\Windows\assembly\temp\AYJELYI22P\System.ni.dll.aux
[2014/02/25 04:14:20 | 002,868,736 | ---- | M] () MD5=FB9100F68228C31149B81FFFEF4EFAF7 -- C:\Windows\assembly\temp\BNFSSKTAQY\ReachFramework.ni.dll
[2014/02/25 04:14:20 | 000,002,220 | ---- | M] () MD5=3941C174A3CCA7B2E4F898AA04AE0F37 -- C:\Windows\assembly\temp\BNFSSKTAQY\ReachFramework.ni.dll.aux
[2014/02/13 04:05:38 | 003,858,944 | ---- | M] () MD5=7A0AB0259BF419157AEEF8E18D4A1B2D -- C:\Windows\assembly\temp\C38LTCWVN7\WindowsBase.ni.dll
[2014/02/13 04:05:46 | 011,451,904 | ---- | M] () MD5=0E075867B36F9C9E1801CAFC68DF4B20 -- C:\Windows\assembly\temp\CD3007A34U\PresentationCore.ni.dll
[2014/02/25 04:04:48 | 016,953,856 | ---- | M] () MD5=F473BF4D049E5BE0DCC8FC76E2426863 -- C:\Windows\assembly\temp\CNWVSGGCH8\mscorlib.ni.dll
[2014/02/25 04:04:48 | 000,000,200 | ---- | M] () MD5=8038B2FCC76B7441F15DDCC8A8EBEF48 -- C:\Windows\assembly\temp\CNWVSGGCH8\mscorlib.ni.dll.aux
[2014/02/25 04:05:15 | 011,025,920 | ---- | M] () MD5=6FB7178A1303FC51E280AA837F6E86FD -- C:\Windows\assembly\temp\ELNWJ9RC0G\PresentationCore.ni.dll
[2014/02/25 04:05:15 | 000,001,844 | ---- | M] () MD5=B0523E5D6A3B859853F596F2EFFF7037 -- C:\Windows\assembly\temp\ELNWJ9RC0G\PresentationCore.ni.dll.aux
[2014/02/13 04:05:46 | 001,014,272 | ---- | M] () MD5=2ECCF1AAE13D57CF0C66B47793396E94 -- C:\Windows\assembly\temp\EPWA4OGMJA\System.Configuration.ni.dll
[2014/02/25 04:05:15 | 001,644,544 | ---- | M] () MD5=1D3B239AA7111C11AB81E286772E8CC1 -- C:\Windows\assembly\temp\FJ5GK1IJ82\System.Drawing.ni.dll
[2014/02/25 04:05:15 | 000,000,720 | ---- | M] () MD5=E01637CA27F7CB8264CEBF974CC125B0 -- C:\Windows\assembly\temp\FJ5GK1IJ82\System.Drawing.ni.dll.aux
[2014/02/13 04:19:41 | 002,906,112 | ---- | M] () MD5=5A07188962051780FD842E1CF432CD4B -- C:\Windows\assembly\temp\GODOXRKCJA\ReachFramework.ni.dll
[2014/02/13 04:05:44 | 007,070,720 | ---- | M] () MD5=A5133C6EBEC8E6ECE5B94AE74F3386CB -- C:\Windows\assembly\temp\HV13BG4FEY\System.Core.ni.dll
[2014/02/25 04:05:23 | 012,894,208 | ---- | M] () MD5=36FB66B25DF15149D5010DA67EFB6AB1 -- C:\Windows\assembly\temp\I3UJF49RRK\System.Windows.Forms.ni.dll
[2014/02/25 04:05:23 | 000,002,044 | ---- | M] () MD5=75F15147E94CC614CED955F74FAFF188 -- C:\Windows\assembly\temp\I3UJF49RRK\System.Windows.Forms.ni.dll.aux
[2014/02/25 04:04:59 | 006,990,336 | ---- | M] () MD5=00E452CE3EE54D69FEBAAA6297468021 -- C:\Windows\assembly\temp\LT3878FKBO\System.Core.ni.dll
[2014/02/25 04:04:59 | 000,001,084 | ---- | M] () MD5=44FA9AC7EAB7D6B1FD43DC7FD6DFFA6A -- C:\Windows\assembly\temp\LT3878FKBO\System.Core.ni.dll.aux
[2014/02/25 04:05:14 | 000,122,880 | ---- | M] () MD5=0D455772BA9E915195E63CCF304465F2 -- C:\Windows\assembly\temp\NOLQNRDRRH\SMDiagnostics.ni.dll
[2014/02/25 04:05:14 | 000,001,108 | ---- | M] () MD5=79027234F0C71286DF62C0C10CEEB425 -- C:\Windows\assembly\temp\NOLQNRDRRH\SMDiagnostics.ni.dll.aux
[2014/02/25 04:05:39 | 000,223,232 | ---- | M] () MD5=CEEA4DDB6CFB636889B7B9DB778D32D6 -- C:\Windows\assembly\temp\RIF9GG8X6S\System.ServiceProcess.ni.dll
[2014/02/25 04:05:39 | 000,001,116 | ---- | M] () MD5=B2FFDF3811AF6B9E8127B44C7784D1B9 -- C:\Windows\assembly\temp\RIF9GG8X6S\System.ServiceProcess.ni.dll.aux
[2014/02/25 04:05:12 | 002,825,216 | ---- | M] () MD5=5EA127067CC720FDC46CE1C0A730F6C4 -- C:\Windows\assembly\temp\S56AU5MP5X\System.Runtime.Serialization.ni.dll
[2014/02/25 04:05:12 | 000,001,308 | ---- | M] () MD5=EBAE417DE9083BCC2D23A02E50B2A25B -- C:\Windows\assembly\temp\S56AU5MP5X\System.Runtime.Serialization.ni.dll.aux
[2014/02/25 04:04:55 | 000,976,384 | ---- | M] () MD5=2DB814F0FB80448D73F35F854B5DA507 -- C:\Windows\assembly\temp\TONUHXJKPB\System.Configuration.ni.dll
[2014/02/25 04:04:55 | 000,000,904 | ---- | M] () MD5=F4D2D40B6CAA1FFB2DD74CAB453EDF78 -- C:\Windows\assembly\temp\TONUHXJKPB\System.Configuration.ni.dll.aux
[2014/02/25 04:05:07 | 003,950,080 | ---- | M] () MD5=A946915D9037190D4FE372ECE23CB450 -- C:\Windows\assembly\temp\V6FOHULA77\WindowsBase.ni.dll
[2014/02/25 04:05:07 | 000,001,268 | ---- | M] () MD5=AAA884FA5501C4A19D57DBDBE76C0CDB -- C:\Windows\assembly\temp\V6FOHULA77\WindowsBase.ni.dll.aux
[2014/02/13 04:20:52 | 001,079,296 | ---- | M] () MD5=C531C3B39AE54738121911D384243065 -- C:\Windows\assembly\temp\XGA7D20YRO\System.IdentityModel.ni.dll
[2014/02/25 04:14:55 | 019,693,056 | ---- | M] () MD5=7F8B62BD591FA5C1F17700D1AB6FB453 -- C:\Windows\assembly\temp\XT4FG1XTVZ\System.ServiceModel.ni.dll
[2014/02/25 04:14:55 | 000,004,496 | ---- | M] () MD5=423819C6D3F505155D35DD1096667060 -- C:\Windows\assembly\temp\XT4FG1XTVZ\System.ServiceModel.ni.dll.aux
[2014/02/25 04:05:14 | 000,806,400 | ---- | M] () MD5=C7D36592E4A713E91783494792B527E0 -- C:\Windows\assembly\temp\ZS54EQ9YKF\System.ServiceModel.Internals.ni.dll
[2014/02/25 04:05:14 | 000,000,728 | ---- | M] () MD5=AF30F36101CBF2E1E19D3911CA07E4B8 -- C:\Windows\assembly\temp\ZS54EQ9YKF\System.ServiceModel.Internals.ni.dll.aux
[2014/02/13 04:05:38 | 005,628,928 | ---- | M] () MD5=F3913967ECF64D77237E2B8058004226 -- C:\Windows\assembly\temp\ZXA6ANM6N3\System.Xml.ni.dll
 
<  %systemroot%\assembly\GAC\*.ini >
 
<  %systemroot%\assembly\GAC_32\*.ini >
 
<  %systemroot%\assembly\GAC_64\*.ini >
 
<  %SystemRoot%\assembly\GAC_MSIL\*.ini >
 
<  wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >
 
<  %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
<  HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 20:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
<  HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
 
<  HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >
"" = Start Menu Pin
"ImplementsVerbs" = startpin;startunpin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 20:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
<  HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
<  HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009/07/13 20:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation)
 
<  HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
<  HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s >
"CompletionChar" = 9
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 9
"DelayedExpansion" = 0
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s >
"CompletionChar" = 64
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 64
"DelayedExpansion" = 0
 
<  HKCU\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 /s >
 
<  HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32 /s >
 
<  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsimap /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >
 
<  HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s >
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
"" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
"" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
 
<  HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s >
 
<  HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s >
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem]
"" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing]
"" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
 
<  HKEY_CURRENT_USER\Software\MSOLoad /s >
 
<  type C:\WINDOWS\system.ini >> test.txt /c >
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
 
<  bcdedit /enum all /v >C:\boot.txt /c >
 
<  type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: TONY-HP
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     E                       DVD-ROM         0 B  No Media          
  Volume 1         SYSTEM       NTFS   Partition    100 MB  Healthy    System 
  Volume 2     C   OS           NTFS   Partition    914 GB  Healthy    Boot   
  Volume 3     D   HP_RECOVERY  NTFS   Partition     16 GB  Healthy           
 
< MD5 for: AFD.SYS  >
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2013/09/13 20:11:05 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=26EF7E0DF4EDCD898EB7A671529410B8 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_366f8b668e482477\afd.sys
[2013/09/13 20:10:19 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=314C17917AC8523EC77A710215012A65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_35d81beb75355772\afd.sys
[2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2013/09/27 20:14:56 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=50AB05903CBEF298D135A943D4432E3C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22467_none_3664bb7a8e504068\afd.sys
[2013/09/27 20:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\SysNative\drivers\afd.sys
[2013/09/27 20:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18272_none_35cb4b6b753f40b5\afd.sys
[2010/11/20 22:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/11/02 21:51:46 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/11/02 21:51:46 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
 
< MD5 for: CSC.SYS  >
[2010/11/20 22:24:41 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys
 
< MD5 for: DFSC.SYS  >
[2010/11/20 22:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\SysNative\drivers\dfsc.sys
[2010/11/20 22:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys
 
< MD5 for: DISK.SYS  >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
< MD5 for: EXPLORER.EXE  >
[2011/11/02 21:53:15 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/11/02 21:53:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/11/02 21:53:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/11/02 21:53:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/11/02 21:53:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/11/02 21:53:15 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/11/02 21:53:15 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: FASTFAT.SYS  >
[2009/07/13 18:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys
[2009/07/13 18:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys
 
< MD5 for: I8042PRT.SYS  >
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys
 
< MD5 for: KBDCLASS.SYS  >
[2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\erdnt\cache64\kbdclass.sys
[2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\drivers\kbdclass.sys
[2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
[2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
 
< MD5 for: KBDHID.SYS  >
[2010/11/20 22:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\drivers\kbdhid.sys
[2010/11/20 22:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdhid.sys
[2010/11/20 22:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdhid.sys
 
< MD5 for: LSASS.EXE  >
[2009/07/13 20:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 01:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\erdnt\cache64\lsass.exe
[2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\SysNative\lsass.exe
[2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2012/06/04 02:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2013/09/24 20:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
 
< MD5 for: MOUCLASS.SYS  >
[2009/07/13 20:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\drivers\mouclass.sys
[2009/07/13 20:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouclass.sys
[2009/07/13 20:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouclass.sys
 
< MD5 for: MOUHID.SYS  >
[2009/07/13 19:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\drivers\mouhid.sys
[2009/07/13 19:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouhid.sys
[2009/07/13 19:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouhid.sys
 
< MD5 for: NETBT.SYS  >
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
 
< MD5 for: SERIAL.SYS  >
[2009/07/13 19:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys
[2009/07/13 19:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/13 19:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SMSS.EXE  >
[2009/07/13 20:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2013/03/18 21:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013/08/28 20:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013/08/02 00:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013/07/07 21:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=E65601CF4BC0CF3718AFBE56A9AD846F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_0aae4fa7491b124a\smss.exe
[2013/03/18 22:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013/08/01 19:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013/08/01 19:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe
 
< MD5 for: SPLDR.SYS  >
[2009/07/13 20:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\SysNative\drivers\spldr.sys
[2009/07/13 20:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: TCPIP.SYS  >
[2012/10/03 12:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011/09/29 12:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013/05/08 01:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013/09/07 21:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013/09/07 21:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/09/07 21:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010/11/20 22:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/06 21:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012/08/22 13:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 05:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011/11/02 21:51:46 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013/05/08 01:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2011/11/02 21:56:58 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/07/06 00:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/03 01:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011/11/02 21:51:46 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013/01/04 00:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012/10/03 12:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 01:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011/11/02 21:56:58 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2013/11/26 06:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
[2012/08/22 13:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 11:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: VOLSNAP.SYS  >
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2011/11/02 21:52:03 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys
[2011/11/02 21:52:03 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\SysNative\drivers\volsnap.sys
[2011/11/02 21:52:03 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_e7c4cd5b40e03494\volsnap.sys
[2011/11/02 21:52:03 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys
 
< MD5 for: WININIT.EXE  >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Documents and Settings] -> C:\Users -> Junction
[C:\ProgramData\Application Data] -> C:\ProgramData -> Junction
[C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction
[C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users] ->  -> Unknown point type
[C:\Users\Default User] -> C:\Users\Default -> Junction
[C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction
[C:\Users\Tony\AppData\Local\Application Data] -> C:\Users\Tony\AppData\Local -> Junction
[C:\Users\Tony\AppData\Local\History] -> C:\Users\Tony\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Tony\AppData\Local\Temporary Internet Files] -> C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Tony\Application Data] -> C:\Users\Tony\AppData\Roaming -> Junction
[C:\Users\Tony\Cookies] -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\Tony\Documents\My Music] -> C:\Users\Tony\Music -> Junction
[C:\Users\Tony\Documents\My Pictures] -> C:\Users\Tony\Pictures -> Junction
[C:\Users\Tony\Documents\My Videos] -> C:\Users\Tony\Videos -> Junction
[C:\Users\Tony\Local Settings] -> C:\Users\Tony\AppData\Local -> Junction
[C:\Users\Tony\My Documents] -> C:\Users\Tony\Documents -> Junction
[C:\Users\Tony\NetHood] -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Tony\PrintHood] -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Tony\Recent] -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Tony\SendTo] -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Tony\Start Menu] -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Tony\Templates] -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:41 AM

Posted 09 April 2014 - 07:30 AM

Hello,

 

 

Somehow I missed your reply. Will back to you later today since I am at work right now.

Stay tuned. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:41 AM

Posted 10 April 2014 - 07:04 AM

Nice work! The logs are clean! :)

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#15 Tpg7

Tpg7
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 10 April 2014 - 05:00 PM

RKill

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/10/2014 04:54:29 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * RemoteAccess [Missing Parameters Key]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/10/2014 04:55:54 PM
Execution time: 0 hours(s), 1 minute(s), and 25 seconds(s)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users