Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I may be infected - not able to detect by what


  • This topic is locked This topic is locked
21 replies to this topic

#1 Robert Headley

Robert Headley

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 07 June 2014 - 03:27 AM

It all started when my steam account was compromised. I went on a spree of changing my passwords. However, I have continued to have problems and various cleaners (ADWcleaner, Malware-bytes, HitmanPro) have found things. However, I removed everything it found and even did a bitdefender recovery mode (linux distro) scan which found nothing. I have since installed Panda Cloud antivirus (Top rated by AV comparatives) and it continues to find nothing.

 

However, I have experienced some odd behavior online and possibly popups where there should not be popups. I could use your help. Maybe my system is clean and I am paranoid.
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Robert at 3:20:05 on 2014-06-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8105.2487 [GMT -5:00]
.
AV: Panda Antivirus Pro 2014 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Antivirus Pro 2014 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2014 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2014\WebProxy.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\ApVxdWin.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\AVENGINE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Firewall\PSHOST.EXE
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.49\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.49\nacl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files (x86)\Volume2\Volume2.exe
C:\Users\Robert\appdata\roaming\dropbox\bin\dropbox.exe
C:\Users\Robert\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daum.net/
uSearch Bar = Preserve
mStart Page = about:blank
uProxyServer = hxxp=http://localhost:9614
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
uRun: [GoogleChromeAutoLaunch_82DCCDE3F5C04AA8A1EABC9B01EE72A9] "C:\Users\Robert\AppData\Local\Google\Chrome SxS\Application\chrome.exe" --no-startup-window
uRun: [GoogleChromeAutoLaunch_8CC0C224CAA679A6B63017BE99A17B85] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [WTClient] WTClient.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Inicio.exe"
StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\Dropbox.lnk - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{11F2AEA9-2868-4B38-96CE-39AAD003B7E5} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{D2AEC1C2-AC57-4277-9DC4-F2CD523A0F02} : DHCPNameServer = 24.220.0.10 24.220.0.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.49\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.3.0.cab
x64-DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: avldr - avldr64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\Robert\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npDownTango.dll
FF - plugin: C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-5-27 17088]
R0 cumon;cumon;C:\Windows\System32\drivers\cumon.sys [2011-12-17 205512]
R0 Evdd;Evdd;C:\Windows\System32\drivers\evdd.sys [2011-12-17 19568]
R0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2014-6-4 30792]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-15 56208]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2012-9-20 54728]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2011-12-1 15368]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-2-4 30112]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2014-6-4 48136]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2014-6-4 71432]
R2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2014-6-4 129096]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-12-2 21992]
R2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2014-6-4 82952]
R2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2014-6-4 31752]
R2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2014-6-4 78920]
R2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2014-6-4 170504]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-8 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-8 21055432]
R2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrlS.exe [2014-6-4 177440]
R2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe [2014-6-4 202016]
R2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2014-6-4 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe [2014-6-4 313664]
R2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\psksvc.exe [2014-6-4 28992]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-9-13 603704]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-1 2656280]
R2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2014-6-4 74760]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-12-30 57088]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 80384]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-12-30 32344]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\Windows\System32\drivers\n64i1644.sys [2014-6-4 216648]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-24 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-24 40392]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\System32\drivers\PTSimBus.sys [2009-6-18 32128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-9-25 2153792]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\Windows\System32\drivers\wcmvcam64.sys [2012-4-15 1071032]
S3 AgomoService;Agomo;C:\Program Files (x86)\Agomo\AgomoClient.exe [2013-11-20 14057752]
S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2013-10-10 88424]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-7-17 95544]
S3 Everything;Everything;C:\Program Files (x86)\Everything\Everything.exe [2013-4-19 936448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-29 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-1 317440]
S3 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-5-1 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2013-6-12 15360]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-6-4 47632]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\System32\drivers\PTSimHid.sys [2009-6-18 22912]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-2-5 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2014-2-5 12504]
S3 qrkis;Tether Miniport;C:\Windows\System32\drivers\qrkis.sys [2013-6-12 50856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-8 19456]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-3-7 196824]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-7-25 1326176]
S3 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-7-25 681056]
S3 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-1-28 551264]
S3 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-5-8 583968]
S3 Synergy;Synergy;C:\Program Files\Synergy\synergyd.exe [2013-5-2 423424]
S3 SystemExplorerHelpService;System Explorer Service;C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [2013-4-5 821720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-8 30208]
S3 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S3 VBAudioVMVAIOMME;VB-Audio VoiceMeeter VAIO (WDM);C:\Windows\System32\drivers\vbaudio_vmvaio64_win7.sys [2014-1-6 41192]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-9-6 106256]
S3 VIA_USB_ETS;VIA Telecom USB ETS Driver;C:\Windows\System32\drivers\VIA_USB_ETS.sys [2013-7-17 21760]
S3 ViaUsbModemDriver;VIA Telecom USB MODEM Driver;C:\Windows\System32\drivers\VIA_USB_MODEM.sys [2013-7-17 28160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-1 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
S3 zonescreen;zonescreen;C:\Windows\System32\drivers\zsport.sys [2010-10-31 12024]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-07 04:22:45 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8163671-162C-40DD-B88F-C26DC7056B9F}\offreg.dll
2014-06-07 04:07:44 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8163671-162C-40DD-B88F-C26DC7056B9F}\mpengine.dll
2014-06-05 15:11:52 269312 ----a-w- C:\Windows\System32\WPApi64.dll
2014-06-05 15:11:52 197600 ----a-w- C:\Windows\System32\PavTrc64.dll
2014-06-05 15:11:52 177664 ----a-w- C:\Windows\SysWow64\WPApi.dll
2014-06-05 15:11:52 153568 ----a-w- C:\Windows\SysWow64\PavTrc.dll
2014-06-05 10:58:00 -------- d-----w- C:\Program Files (x86)\Unified Remote
2014-06-04 20:35:51 22752 ----a-w- C:\Windows\System32\PCloudBroom64.exe
2014-06-04 19:50:03 47632 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2014-06-04 19:48:02 82952 ----a-w- C:\Windows\System32\drivers\dsaflt64.sys
2014-06-04 19:48:02 78920 ----a-w- C:\Windows\System32\drivers\idsflt64.sys
2014-06-04 19:48:02 74760 ----a-w- C:\Windows\System32\drivers\wnmflt64.sys
2014-06-04 19:47:37 31752 ----a-w- C:\Windows\System32\drivers\fnetm64.sys
2014-06-04 19:47:37 170504 ----a-w- C:\Windows\System32\drivers\NETTDI64.SYS
2014-06-04 19:47:37 129096 ----a-w- C:\Windows\System32\drivers\APPFLT64.SYS
2014-06-04 19:47:15 -------- d-----w- C:\Windows\FltMgr
2014-06-04 19:45:53 -------- d-----w- C:\Users\Robert\AppData\Local\Panda Security
2014-06-04 19:45:11 30792 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2014-06-04 19:37:53 255258 ----a-w- C:\ProgramData\1401910602.bdinstall.bin
2014-06-04 13:06:59 478557 ----a-w- C:\ProgramData\1401887156.bdinstall.bin
2014-06-04 12:26:49 -------- d-----w- C:\Users\Robert\AppData\Local\robertheadley
2014-06-04 12:11:01 498034 ----a-w- C:\ProgramData\1401883582.bdinstall.bin
2014-06-04 12:09:23 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2014-06-04 11:54:34 1636 ----a-w- C:\ProgramData\1401882805.384.bin
2014-06-03 15:57:33 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-06-03 15:57:33 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-06-03 09:57:55 -------- d-----w- C:\Program Files (x86)\ESET
2014-06-03 08:44:29 -------- d-----w- C:\Users\Robert\Doctor Web
2014-06-03 07:29:12 -------- d-----w- C:\NPE
2014-06-03 07:09:11 -------- d-----w- C:\Users\Robert\AppData\Local\NPE
2014-05-28 23:33:34 -------- d-----w- C:\Program Files (x86)\Waterfox
2014-05-27 12:20:54 -------- d-sh--w- C:\Users\Robert\AppData\Local\EmieUserList
2014-05-27 12:20:54 -------- d-sh--w- C:\Users\Robert\AppData\Local\EmieSiteList
2014-05-27 11:33:25 17088 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
2014-05-27 10:20:29 -------- d-----w- C:\Users\Robert\xinorbis
2014-05-27 10:20:14 -------- d-----w- C:\Program Files (x86)\freshney.org
2014-05-27 06:14:29 -------- d-----w- C:\Users\Robert\AppData\Local\Green Man Gaming
2014-05-27 06:14:24 -------- d-----w- C:\Program Files (x86)\Capsule
2014-05-27 02:27:38 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2014-05-26 22:21:23 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-26 21:49:34 -------- d-----w- C:\NVIDIA
2014-05-25 01:59:09 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-05-25 01:59:09 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-05-15 02:14:05 -------- d-----w- C:\Users\Robert\AppData\Roaming\DropboxMaster
2014-05-14 07:02:32 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 07:02:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-10 08:48:18 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-06-07 08:06:13 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-04 12:17:22 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2014-06-04 11:58:00 35265 ----a-w- C:\ProgramData\1401882805.7876.bin
2014-06-04 11:57:06 114601 ----a-w- C:\ProgramData\1401882805.8024.bin
2014-06-04 11:57:04 32432 ----a-w- C:\ProgramData\1401882805.1856.bin
2014-06-04 11:54:43 12181 ----a-w- C:\ProgramData\1401882805.7688.bin
2014-06-04 11:54:24 1090 ----a-w- C:\ProgramData\1401882805.2756.bin
2014-06-04 11:54:24 1090 ----a-w- C:\ProgramData\1401882805.1220.bin
2014-06-04 11:54:22 783 ----a-w- C:\ProgramData\1401882805.7204.bin
2014-06-04 11:54:22 17887 ----a-w- C:\ProgramData\1401882805.7224.bin
2014-06-04 11:54:22 10351 ----a-w- C:\ProgramData\1401882805.8052.bin
2014-06-04 11:53:50 3735 ----a-w- C:\ProgramData\1401882805.2416.bin
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-14 18:18:19 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 18:18:19 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-14 18:18:07 17938608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-05-14 03:42:47 0 ----a-w- C:\Windows\SysWow64\drivers\WTSRV.EXE
2014-05-14 03:42:40 0 ----a-w- C:\Windows\SysWow64\taskhost.exe
2014-05-14 03:42:40 0 ----a-w- C:\Windows\SysWow64\dwm.exe
2014-05-14 03:42:40 0 ----a-w- C:\Windows\SysWow64\conhost.exe
2014-05-14 03:42:39 0 ----a-w- C:\Windows\SysWow64\spoolsv.exe
2014-05-14 03:42:30 0 ----a-w- C:\Windows\SysWow64\winlogon.exe
2014-05-14 03:42:30 0 ----a-w- C:\Windows\SysWow64\smss.exe
2014-05-14 03:42:30 0 ----a-w- C:\Windows\SysWow64\services.exe
2014-05-14 03:42:30 0 ----a-w- C:\Windows\SysWow64\nvvsvc.exe
2014-05-14 03:42:30 0 ----a-w- C:\Windows\SysWow64\lsm.exe
2014-05-14 03:42:30 0 ----a-w- C:\Windows\SysWow64\lsass.exe
2014-05-14 03:42:30 0 ----a-w- C:\Windows\SysWow64\csrss.exe
2014-05-12 12:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 12:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 12:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-15 07:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 16:42:42 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-31 14:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-20 09:29:52 89336 ----a-w- C:\Windows\SysWow64\PavLspHookWow.dll
2014-03-20 09:29:52 120056 ----a-w- C:\Windows\System32\PavLspHook64.dll
.
============= FINISH:  3:21:02.69 ===============
 

Attached Files


Edited by Robert Headley, 07 June 2014 - 03:32 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 12 June 2014 - 03:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/536929 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 AM

Posted 15 June 2014 - 11:35 AM

Hi Robert Headley, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

Did you set up this proxy ?

uProxyServer = hxxp=http://localhost:9614

  • Step #1 Scan with OTL
    • Please download OldTimer's Listit by OldTimer from one of the following locations and save it to your Desktop.
      Download Link 1
      Download Link 2
      Downlaod LInk 3
    • Copy and Paste the following code inside the Custom Scans/Fixes box;
      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      dir "%systemdrive%\*" /S /A:L /C
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      rpcss.dll
      /md5stop
      CREATERESTOREPOINT
    • Click the Quick Scan button;
    • After the scan two logs will be produced;
    • Copy and paste the content of the logs in your next reply
 
  • Required Log(s):
    • OTL Log(s) --
      • OTL.txt
      • Extras.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#4 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 15 June 2014 - 11:41 AM

I had panada antivirus installed at the time. It filters all web packets. I believe the proxy server is that. I am using Eset now. 

 

OTL logfile created on: 6/15/2014 11:37:30 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 23.83% Memory free
15.83 Gb Paging File | 8.30 Gb Available in Paging File | 52.45% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 63.29 Gb Free Space | 4.53% Space Free | Partition Type: NTFS
Drive D: | 6.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: ORPHEUS | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/15 11:37:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL.exe
PRC - [2014/06/10 22:18:03 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/06/06 11:27:16 | 000,064,384 | ---- | M] (Google) -- C:\Users\Robert\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/06/03 10:42:52 | 000,333,008 | ---- | M] (Unified Intents AB) -- C:\Program Files (x86)\Unified Remote\RemoteServer.exe
PRC - [2014/06/02 20:25:48 | 000,792,864 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
PRC - [2014/05/29 18:35:33 | 002,352,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/05/29 18:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/05/29 12:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/19 19:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/13 22:42:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWOW64\drivers\WTSRV.EXE
PRC - [2014/05/09 00:24:04 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2014/02/03 00:50:56 | 008,935,232 | ---- | M] (MPC-HC Team) -- C:\Program Files (x86)\SVP\MPC-HC\mpc-hc.exe
PRC - [2013/10/25 23:00:38 | 006,950,400 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2013/02/10 19:56:56 | 004,710,912 | ---- | M] (Alexandr Irza) -- C:\Program Files (x86)\Volume2\Volume2.exe
PRC - [2012/12/22 04:58:46 | 000,040,832 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/14 20:05:25 | 000,043,008 | ---- | M] () -- c:\Users\Robert\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpixxbu0.dll
MOD - [2014/06/10 22:18:01 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\ppgooglenaclpluginchrome.dll
MOD - [2014/06/10 22:18:00 | 014,612,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\PepperFlash\pepflashplayer.dll
MOD - [2014/06/10 22:17:59 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\pdf.dll
MOD - [2014/06/10 22:17:56 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\libglesv2.dll
MOD - [2014/06/10 22:17:54 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\libegl.dll
MOD - [2014/06/10 22:17:53 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\ffmpegsumo.dll
MOD - [2014/06/02 20:26:40 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
MOD - [2014/05/29 12:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 12:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/16 20:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/01 18:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 19:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 19:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 19:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 19:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 19:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2014/04/12 11:51:11 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/04/12 04:04:36 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/12 04:04:36 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/04/12 04:04:32 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/04/12 04:04:31 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/04/12 04:04:30 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/04/12 04:04:30 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/12 04:04:28 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/04/12 04:04:27 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/04/12 04:04:24 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/09 20:36:04 | 003,503,104 | ---- | M] () -- C:\Program Files (x86)\ffdshow\ffdshow.ax
MOD - [2014/02/09 20:35:28 | 003,892,224 | ---- | M] () -- C:\Program Files (x86)\ffdshow\ffmpeg.dll
MOD - [2014/02/03 00:51:00 | 000,237,376 | ---- | M] () -- C:\Program Files (x86)\SVP\MPC-HC\LAVFilters\libbluray.dll
MOD - [2014/01/31 14:59:40 | 000,392,104 | ---- | M] () -- C:\Program Files (x86)\ReClock\ReClockDS.dll
MOD - [2014/01/02 20:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/04 15:38:42 | 003,560,960 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/03/21 05:33:33 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\ReClock\AC3Lib.dll
MOD - [2013/03/21 05:33:32 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\ReClock\Compressor.dll
MOD - [2013/03/21 05:33:31 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\ReClock\Timestretch.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/29 18:28:54 | 021,055,432 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/10/31 22:15:56 | 000,078,064 | ---- | M] (UC-Logic Technology Corp.) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2013/10/30 04:45:38 | 000,043,320 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/02 23:55:24 | 000,423,424 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Synergy\synergyd.exe -- (Synergy)
SRV:64bit: - [2013/03/07 15:27:20 | 000,169,048 | ---- | M] (Sandboxie Holdings, LLC) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/09/13 21:09:42 | 000,603,704 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2012/09/07 14:18:52 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/07/04 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [On_Demand | Stopped] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2014/06/13 00:19:20 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/05 23:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/29 18:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/13 22:42:47 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\drivers\WTSRV.EXE -- (WinTabService)
SRV - [2014/05/13 22:42:39 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\nvvsvc.exe -- (nvsvc)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2014/05/08 08:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/09 10:59:59 | 002,153,792 | ---- | M] (IObit) [On_Demand | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/30 03:15:27 | 000,075,136 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/11/20 11:18:46 | 014,057,752 | ---- | M] (Piriform) [On_Demand | Stopped] -- C:\Program Files (x86)\Agomo\AgomoClient.exe -- (AgomoService)
SRV - [2013/10/30 04:45:38 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/10/10 16:19:42 | 000,088,424 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/08 00:21:14 | 000,583,968 | ---- | M] (Splashtop Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/04/17 20:13:58 | 000,936,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Everything\Everything.exe -- (Everything)
SRV - [2013/01/28 16:22:50 | 000,551,264 | ---- | M] (Splashtop Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/11/25 05:13:12 | 000,821,720 | ---- | M] (Mister Group) [On_Demand | Stopped] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2012/04/25 20:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/14 06:47:54 | 000,020,672 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV:64bit: - [2014/05/29 18:28:53 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/03/31 11:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/01/06 13:32:04 | 000,041,192 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vbaudio_vmvaio64_win7.sys -- (VBAudioVMVAIOMME)
DRV:64bit: - [2013/11/28 08:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/09/30 17:26:50 | 000,019,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/09/30 17:26:48 | 000,012,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/09/17 14:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/09/17 14:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/09/17 14:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013/09/17 14:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/09/17 14:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013/09/06 15:25:40 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/04/29 09:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2013/03/09 18:31:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/03/07 15:27:18 | 000,196,824 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/04 18:41:59 | 000,030,112 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2013/01/31 04:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/12/22 04:58:10 | 000,027,520 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2012/12/22 04:58:06 | 000,032,128 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2012/12/22 04:58:00 | 000,022,912 | ---- | M] (UC-Logic Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2012/12/22 04:57:54 | 000,032,128 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/09/13 21:03:14 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/15 16:32:14 | 001,071,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/25 01:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/04 05:22:16 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/10/04 05:22:12 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_MODEM.sys -- (ViaUsbModemDriver)
DRV:64bit: - [2011/10/04 05:22:12 | 000,021,760 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_ETS.sys -- (VIA_USB_ETS)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/05 10:14:34 | 000,019,568 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\evdd.sys -- (Evdd)
DRV:64bit: - [2011/09/05 10:14:00 | 000,205,512 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cumon.sys -- (cumon)
DRV:64bit: - [2011/09/02 01:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/17 07:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/08/17 07:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011/04/08 06:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 20:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 15:53:12 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qrkis.sys -- (qrkis)
DRV:64bit: - [2010/10/31 08:54:56 | 000,012,024 | ---- | M] (ZoneOS) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zsport.sys -- (zonescreen)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/11 15:37:14 | 000,015,368 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009/12/01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/18 08:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/09/25 09:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,start page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =  http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =  http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {9172C2C2-6A19-410b-AFF5-FB10704B0D41}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcrchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{9172C2C2-6A19-410b-AFF5-FB10704B0D41}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGAIDF&install_date=20111201&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{EE470B40-5287-4F5B-88B1-A255DC7A5CCA}: "URL" = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://localhost:9614
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: greasefire%40skrul.com:1.0.8
FF - prefs.js..extensions.enabledAddons: html5notifications%40paxal.net:1.2.4
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B8620c15f-30dc-4dba-a131-7c5d20cf4a29%7D:3.7
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: %7B677a8f98-fd64-40b0-a883-b8c95d0cbf17%7D:0.6
FF - prefs.js..extensions.enabledAddons: %7B95322c08-05ff-4f3c-85fd-8ceb821988dd%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.98
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120922-0402: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Robert\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2014/06/09 23:49:17 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 28.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 28.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2013/10/30 13:06:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/26 22:10:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014/06/09 23:49:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
 
[2012/09/14 18:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2012/09/14 18:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2011/12/03 09:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/03 09:10:09 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2014/05/10 10:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions
[2013/11/26 02:22:24 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2014/03/31 23:28:46 | 000,000,000 | ---D | M] (Hola Unblocker) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\jid1-4P0kohSJxU1qGg@jetpack
[2014/05/10 10:58:45 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\support@lastpass.com
[2012/09/15 17:52:14 | 005,438,448 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\greasefire@skrul.com.xpi
[2013/12/05 13:42:40 | 000,048,516 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\html5notifications@paxal.net.xpi
[2013/12/07 01:17:59 | 000,173,536 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\jid0-2XdU72GlY0qYebdQ9MsfVfaVmiI@jetpack.xpi
[2014/03/08 05:49:47 | 000,667,234 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\jid1-cwbvBTE216jjpg@jetpack.xpi
[2013/12/07 01:17:59 | 000,494,053 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2014/03/31 23:28:37 | 000,018,538 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\pure-url@jetpack.xpi
[2013/11/26 02:22:24 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/09/15 17:42:24 | 000,004,172 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{1823e248-6bf4-f6f1-7901-65a68e8b6c1e}.xpi
[2014/05/10 10:58:43 | 000,383,888 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014/05/10 10:58:43 | 000,021,105 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
[2014/05/10 10:58:43 | 000,537,316 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/05/10 10:58:43 | 000,018,565 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi
[2013/04/03 18:29:09 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/03/08 05:49:47 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/03/25 16:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/13 00:17:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/17 06:22:46 | 000,081,920 | ---- | M] (Kaneva, LLC.) -- C:\Program Files (x86)\mozilla firefox\plugins\npkanevapatch.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\pdf.dll
CHR - plugin: Kaneva WOK Patch Plugin for Mozilla 3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkanevapatch.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DownTango Browser Plugin (Disabled) = C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npDownTango.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Disabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Game Client Detector (Disabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: ArcPlugin (Enabled) = C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live™ Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Robert\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Disabled) = C:\Users\Robert\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni\0.1.22_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp\0.5.5_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.15_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\djifpbcmaphjihhelcdeannijfelfnbh\2.0_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\12.5_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaadakhobebhpoonppeechkocilojle\1.0.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekbocpjgbpkkheehgnimdnkmkapkagap\2.4.4_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf\3.8.4120_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.4.25_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdahehpjbafoalhcjgpbkkdibnamehm\1.0_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcplneddoadgichngfbobgpllfphdfla\0.2.1.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.31_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfacpfhgpmaifaanbmgbbjkfgelookom\1.0_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14214.1344_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm\2.0.0.6_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd\1.20_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.2.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmligehjhghebleanjcmenomghmcohn\1.3.10.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl\0.0.7.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.45_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\0.2.1.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf\0.8.8_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf\0.9.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.604.433.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhklgmkbkbcpfdocajomkcbjmeeamnj\0.9.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbifknmclbnmjlljdemhjjlkmppjjl\0.4.12_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\17.1.8_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\6.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.2.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh\2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn\4.1.308_0\
 
O1 HOSTS File: ([2013/10/30 17:52:56 | 000,000,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_8CC0C224CAA679A6B63017BE99A17B85] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe (Glarysoft Ltd)
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2013/06/13 22:32:41 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.3.0.cab (SysInfo Class)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11F2AEA9-2868-4B38-96CE-39AAD003B7E5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2AEC1C2-AC57-4277-9DC4-F2CD523A0F02}: DhcpNameServer = 24.220.0.10 24.220.0.11
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2013/02/07 14:09:34 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2014/06/03 03:20:03 | 000,020,844 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (PCloudBroom64.exe \systemroot\system32\BroomData.bit)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/14 06:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
[2014/06/14 06:47:54 | 000,020,672 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2014/06/14 06:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 5
[2014/06/14 06:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014/06/14 06:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014/06/14 06:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codebox
[2014/06/14 00:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy 7-Zip
[2014/06/14 00:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Easy 7-Zip
[2014/06/11 20:40:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/06/11 19:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SVP 3.1
[2014/06/11 19:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReClock
[2014/06/11 19:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReClock
[2014/06/11 19:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2014/06/11 19:07:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2014/06/11 19:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2014/06/11 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SVP 3.1
[2014/06/11 19:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SVP
[2014/06/11 18:53:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Quixel
[2014/06/11 18:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quixel
[2014/06/11 18:28:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Skype
[2014/06/11 18:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/06/11 18:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/06/11 03:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2014/06/11 03:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2014/06/11 03:51:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\MPC-HC
[2014/06/11 03:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/06/11 03:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/06/11 00:31:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\Downloads\Desktop\Cliffhorse
[2014/06/09 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\ESET
[2014/06/09 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ESET
[2014/06/09 23:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014/06/09 23:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014/06/09 23:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/06/09 22:53:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Audacity
[2014/06/09 22:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2014/06/08 10:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2014/06/07 16:04:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/07 05:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/06/07 05:25:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/06/07 05:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/06/07 04:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/06/07 03:14:58 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Robert\Downloads\Desktop\dds.com
[2014/06/07 03:05:57 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\Robert\Downloads\Desktop\HijackThis.exe
[2014/06/05 10:11:52 | 000,269,312 | ---- | C] (Panda Security) -- C:\Windows\SysNative\WPApi64.dll
[2014/06/05 10:11:52 | 000,197,600 | ---- | C] (Panda Security) -- C:\Windows\SysNative\PavTrc64.dll
[2014/06/05 10:11:52 | 000,177,664 | ---- | C] (Panda Security) -- C:\Windows\SysWow64\WPApi.dll
[2014/06/05 10:11:52 | 000,153,568 | ---- | C] (Panda Security) -- C:\Windows\SysWow64\PavTrc.dll
[2014/06/05 05:58:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unified Remote
[2014/06/05 05:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unified Remote
[2014/06/04 14:50:03 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2014/06/04 14:47:15 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2014/06/04 14:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2014/06/04 07:26:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\robertheadley
[2014/06/04 07:09:23 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2014/06/04 07:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/06/04 07:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/06/04 06:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/06/04 06:53:53 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUISkin.dll
[2014/06/04 06:53:53 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/06/04 06:53:53 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUH.dll
[2014/06/04 06:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/06/03 04:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/06/03 03:44:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\Doctor Web
[2014/06/03 02:29:12 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/03 02:09:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\NPE
[2014/05/28 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Waterfox
[2014/05/27 07:20:54 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\EmieUserList
[2014/05/27 07:20:54 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\EmieSiteList
[2014/05/27 05:20:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\xinorbis
[2014/05/27 05:20:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xinorbis6
[2014/05/27 05:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xinorbis6
[2014/05/27 05:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\freshney.org
[2014/05/27 01:14:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Green Man Gaming
[2014/05/27 01:14:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Capsule Utilities
[2014/05/27 01:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Capsule
[2014/05/26 21:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2014/05/26 16:49:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/05/21 15:30:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeakiezFree
[2014/05/21 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/15 11:29:22 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299517775-3806166994-2066899608-1000UA1cec98d47cd7f2f.job
[2014/06/15 11:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/15 11:10:51 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/15 00:29:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299517775-3806166994-2066899608-1000Core1cec98d444bec6b.job
[2014/06/14 19:52:10 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/14 19:52:10 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/14 19:43:58 | 000,000,392 | ---- | M] () -- C:\BackupLoader.ini
[2014/06/14 19:43:53 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/06/14 19:42:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/14 19:42:39 | 2078,724,095 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/14 08:15:17 | 000,000,012 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2014/06/14 07:09:29 | 000,001,110 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk
[2014/06/14 07:09:29 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2014/06/14 06:48:04 | 000,001,104 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/06/14 06:48:04 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/06/14 06:47:54 | 000,020,672 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2014/06/14 00:28:47 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\7-Zip File Manager.lnk
[2014/06/13 00:17:59 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/13 00:16:39 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014/06/13 00:14:28 | 000,001,795 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\XnView.lnk
[2014/06/13 00:14:28 | 000,000,943 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2014/06/13 00:14:25 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2014/06/11 19:36:36 | 000,006,144 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/11 19:09:08 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Configure ReClock.lnk
[2014/06/11 03:57:38 | 000,001,382 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/06/11 03:57:38 | 000,001,358 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2014/06/11 03:49:09 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/06/11 03:05:37 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/10 19:32:37 | 000,000,483 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/10 19:22:53 | 000,001,962 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\MPC-HC x64.lnk
[2014/06/09 22:53:49 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/06/08 06:05:32 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2014/06/07 05:25:54 | 000,003,217 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Sophos Virus Removal Tool.lnk
[2014/06/07 04:34:58 | 000,002,109 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Tweaking.com - Hardware Identify.lnk
[2014/06/07 03:56:08 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/07 03:15:01 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Robert\Downloads\Desktop\dds.com
[2014/06/05 05:58:00 | 000,001,041 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Unified Remote.lnk
[2014/06/04 15:35:50 | 000,000,706 | ---- | M] () -- C:\Windows\SysWow64\BroomData.bit
[2014/06/04 14:51:41 | 000,001,267 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2014/06/04 14:37:53 | 000,255,258 | ---- | M] () -- C:\ProgramData\1401910602.bdinstall.bin
[2014/06/04 08:06:59 | 000,478,557 | ---- | M] () -- C:\ProgramData\1401887156.bdinstall.bin
[2014/06/04 07:17:22 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/06/04 07:11:01 | 000,498,034 | ---- | M] () -- C:\ProgramData\1401883582.bdinstall.bin
[2014/06/04 06:58:50 | 000,001,636 | ---- | M] () -- C:\ProgramData\1401882805.384.bin
[2014/06/04 06:58:00 | 000,035,265 | ---- | M] () -- C:\ProgramData\1401882805.7876.bin
[2014/06/04 06:57:06 | 000,114,601 | ---- | M] () -- C:\ProgramData\1401882805.8024.bin
[2014/06/04 06:57:04 | 000,032,432 | ---- | M] () -- C:\ProgramData\1401882805.1856.bin
[2014/06/04 06:54:43 | 000,012,181 | ---- | M] () -- C:\ProgramData\1401882805.7688.bin
[2014/06/04 06:54:24 | 000,001,090 | ---- | M] () -- C:\ProgramData\1401882805.2756.bin
[2014/06/04 06:54:24 | 000,001,090 | ---- | M] () -- C:\ProgramData\1401882805.1220.bin
[2014/06/04 06:54:22 | 000,017,887 | ---- | M] () -- C:\ProgramData\1401882805.7224.bin
[2014/06/04 06:54:22 | 000,010,351 | ---- | M] () -- C:\ProgramData\1401882805.8052.bin
[2014/06/04 06:54:22 | 000,000,783 | ---- | M] () -- C:\ProgramData\1401882805.7204.bin
[2014/06/04 06:53:50 | 000,003,735 | ---- | M] () -- C:\ProgramData\1401882805.2416.bin
[2014/06/04 06:52:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/06/03 01:39:32 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/30 03:27:28 | 000,000,132 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/05/28 12:30:33 | 000,961,835 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\130207_mpaa_rating-poster.pdf
[2014/05/27 07:20:53 | 000,104,548 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Contig.zip
[2014/05/27 04:46:28 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014/05/27 01:14:26 | 000,001,087 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Capsule.lnk
[2014/05/25 23:59:12 | 000,251,886 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Dakotalapse.jpg
[2014/05/24 21:09:20 | 001,717,682 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\phonecomparison.png
[2014/05/24 21:02:42 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\paint.net.lnk
[2014/05/24 02:38:31 | 000,699,618 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\SNL_1185_14_Brian_Fellows.png
[2014/05/21 17:05:44 | 002,071,713 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\box.gif
[2014/05/20 18:47:13 | 000,234,567 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\scottstapp.png
[2014/05/20 03:07:53 | 000,391,262 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Cervical-Infographic.jpg
[2014/05/20 02:33:42 | 000,391,262 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\PreventCervicalCancer.jpg
[2014/05/19 21:44:03 | 000,026,069 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/05/17 22:58:32 | 000,046,331 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\CrowBar.jpg
[2014/05/17 16:02:33 | 024,613,339 | ---- | M] () -- C:\Users\Robert\Documents\Weirdal.gif
[2014/05/17 11:51:15 | 000,000,218 | ---- | M] () -- C:\Users\Robert\AppData\Local\recently-used.xbel
[2014/05/17 11:47:03 | 000,623,120 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Buzzy_002.jpg
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/14 07:09:29 | 000,001,110 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk
[2014/06/14 07:09:29 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2014/06/14 06:48:04 | 000,001,104 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/06/14 06:48:04 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
[2014/06/14 06:48:04 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/06/14 06:47:58 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/06/14 06:47:54 | 000,000,392 | ---- | C] () -- C:\BackupLoader.ini
[2014/06/14 00:28:47 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\7-Zip File Manager.lnk
[2014/06/13 00:17:59 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/13 00:14:28 | 000,001,795 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\XnView.lnk
[2014/06/13 00:14:25 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2014/06/13 00:14:25 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2014/06/13 00:13:33 | 000,000,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2014/06/11 19:09:08 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Configure ReClock.lnk
[2014/06/11 19:08:50 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/06/11 14:41:05 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014/06/11 03:57:38 | 000,001,382 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/06/11 03:57:38 | 000,001,358 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2014/06/11 03:49:09 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/06/10 19:22:53 | 000,001,962 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\MPC-HC x64.lnk
[2014/06/09 22:53:49 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/06/09 22:53:49 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/06/07 05:25:54 | 000,003,217 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Sophos Virus Removal Tool.lnk
[2014/06/07 04:34:58 | 000,002,109 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Tweaking.com - Hardware Identify.lnk
[2014/06/05 05:58:00 | 000,001,041 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Unified Remote.lnk
[2014/06/04 15:35:51 | 000,022,752 | ---- | C] () -- C:\Windows\SysNative\PCloudBroom64.exe
[2014/06/04 15:35:50 | 000,000,706 | ---- | C] () -- C:\Windows\SysWow64\BroomData.bit
[2014/06/04 14:59:47 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2014/06/04 14:50:01 | 000,001,267 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2014/06/04 14:37:53 | 000,255,258 | ---- | C] () -- C:\ProgramData\1401910602.bdinstall.bin
[2014/06/04 08:06:59 | 000,478,557 | ---- | C] () -- C:\ProgramData\1401887156.bdinstall.bin
[2014/06/04 07:11:01 | 000,498,034 | ---- | C] () -- C:\ProgramData\1401883582.bdinstall.bin
[2014/06/04 06:58:24 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/06/04 06:54:34 | 000,001,636 | ---- | C] () -- C:\ProgramData\1401882805.384.bin
[2014/06/04 06:53:52 | 000,010,351 | ---- | C] () -- C:\ProgramData\1401882805.8052.bin
[2014/06/04 06:53:52 | 000,000,783 | ---- | C] () -- C:\ProgramData\1401882805.7204.bin
[2014/06/04 06:53:46 | 000,017,887 | ---- | C] () -- C:\ProgramData\1401882805.7224.bin
[2014/06/04 06:53:46 | 000,012,181 | ---- | C] () -- C:\ProgramData\1401882805.7688.bin
[2014/06/04 06:53:46 | 000,001,090 | ---- | C] () -- C:\ProgramData\1401882805.2756.bin
[2014/06/04 06:53:46 | 000,001,090 | ---- | C] () -- C:\ProgramData\1401882805.1220.bin
[2014/06/04 06:53:37 | 000,003,735 | ---- | C] () -- C:\ProgramData\1401882805.2416.bin
[2014/06/04 06:53:29 | 000,035,265 | ---- | C] () -- C:\ProgramData\1401882805.7876.bin
[2014/06/04 06:53:29 | 000,032,432 | ---- | C] () -- C:\ProgramData\1401882805.1856.bin
[2014/06/04 06:53:25 | 000,114,601 | ---- | C] () -- C:\ProgramData\1401882805.8024.bin
[2014/06/03 01:39:32 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/28 12:30:33 | 000,961,835 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\130207_mpaa_rating-poster.pdf
[2014/05/27 07:20:53 | 000,104,548 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Contig.zip
[2014/05/27 07:03:52 | 000,492,488 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\PowerDefragmenter.exe
[2014/05/27 04:46:28 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014/05/27 01:14:26 | 000,001,181 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Capsule.lnk
[2014/05/27 01:14:26 | 000,001,087 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Capsule.lnk
[2014/05/26 19:13:52 | 000,022,807 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\1323328915204.jpg
[2014/05/26 19:13:48 | 000,024,187 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\1323328914308.jpg
[2014/05/26 19:12:42 | 000,018,514 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\1323328927728.jpg
[2014/05/25 23:59:12 | 000,251,886 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Dakotalapse.jpg
[2014/05/24 21:09:16 | 001,717,682 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\phonecomparison.png
[2014/05/24 21:02:42 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\paint.net.lnk
[2014/05/24 02:38:29 | 000,699,618 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\SNL_1185_14_Brian_Fellows.png
[2014/05/21 17:05:44 | 002,071,713 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\box.gif
[2014/05/20 18:47:12 | 000,234,567 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\scottstapp.png
[2014/05/20 03:07:53 | 000,391,262 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Cervical-Infographic.jpg
[2014/05/20 02:33:41 | 000,391,262 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\PreventCervicalCancer.jpg
[2014/05/17 22:58:25 | 000,046,331 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\CrowBar.jpg
[2014/05/17 16:02:30 | 024,613,339 | ---- | C] () -- C:\Users\Robert\Documents\Weirdal.gif
[2014/05/17 11:51:15 | 000,000,218 | ---- | C] () -- C:\Users\Robert\AppData\Local\recently-used.xbel
[2014/05/17 11:47:03 | 000,623,120 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Buzzy_002.jpg
[2014/05/13 22:42:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wuauclt.exe
[2014/05/13 22:42:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\WTSRV.EXE
[2014/05/13 22:42:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2014/05/13 22:42:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2014/05/13 22:42:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\conhost.exe
[2014/05/13 22:42:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nvvsvc.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2014/05/13 22:34:03 | 000,000,010 | ---- | C] () -- C:\Users\Robert\AppData\Local\sponge.last.runtime.cache
[2014/03/22 01:37:35 | 001,065,984 | ---- | C] () -- C:\Users\Robert\AppData\Local\file__0.localstorage
[2014/02/20 18:14:02 | 000,179,377 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2014/02/15 12:18:32 | 000,000,132 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/02/05 01:31:10 | 000,000,180 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\licecap.ini
[2014/01/06 18:11:22 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2014/01/06 18:11:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2014/01/06 13:37:47 | 000,001,080 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\VoiceMeeterDefault.xml
[2014/01/05 01:51:42 | 000,004,142 | ---- | C] () -- C:\Windows\Tablet10000x6250.M0800.ini
[2013/12/28 01:53:03 | 000,000,107 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/12/24 02:24:08 | 000,341,912 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2013/11/30 03:15:26 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/11/26 06:36:01 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/11/26 06:36:01 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/11/26 06:36:01 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat
[2013/11/23 22:27:30 | 000,002,605 | ---- | C] () -- C:\Users\Robert\WowPorn.13.11.16.Mia.A.Busy.Evening.XXX.1080p.MP4-KTR[rarbg], Twistys.13.11.19.Blanche.Bradburry.Cum....zip.aria2
[2013/10/26 21:58:27 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2013/10/26 21:57:58 | 000,000,551 | ---- | C] () -- C:\Windows\Qiii.INI
[2013/10/15 10:29:21 | 000,019,832 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2013/10/15 05:05:01 | 000,251,599 | ---- | C] () -- C:\ProgramData\1381831218.bdinstall.bin
[2013/10/15 01:35:16 | 000,838,123 | ---- | C] () -- C:\ProgramData\1381817753.bdinstall.bin
[2013/10/15 01:12:47 | 000,355,327 | ---- | C] () -- C:\ProgramData\1381817222.bdinstall.bin
[2013/10/15 01:04:58 | 000,080,884 | ---- | C] () -- C:\ProgramData\1381816971.bdinstall.bin
[2013/10/15 01:02:50 | 000,022,985 | ---- | C] () -- C:\ProgramData\1381816967.bdinstall.bin
[2013/10/15 00:25:17 | 000,177,796 | ---- | C] () -- C:\ProgramData\1381814162.bdinstall.bin
[2013/10/15 00:06:05 | 000,002,054 | ---- | C] () -- C:\ProgramData\1381813563.496.bin
[2013/10/15 00:06:03 | 000,026,900 | ---- | C] () -- C:\ProgramData\1381813563.4432.bin
[2013/10/15 00:05:24 | 000,030,589 | ---- | C] () -- C:\ProgramData\1381813476.bdinstall.bin
[2013/09/17 14:29:26 | 000,012,005 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\alsoft.ini
[2013/04/18 18:59:52 | 000,001,046 | ---- | C] () -- C:\Users\Robert\1EB5B89A24D0C0BE21CEC185547D6A2FC388F356, sweet_seduction-720.mp4, 9EB8E0594705A834FB298E302E9195467....zip.aria2
[2013/04/10 20:05:56 | 000,002,034 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/04/09 23:04:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 23:04:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 23:04:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 23:04:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 23:04:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/09 08:58:18 | 000,976,857 | ---- | C] () -- C:\Users\Robert\AppData\Local\census.cache
[2013/02/09 08:56:04 | 000,161,684 | ---- | C] () -- C:\Users\Robert\AppData\Local\ars.cache
[2013/02/09 08:45:29 | 000,000,036 | ---- | C] () -- C:\Users\Robert\AppData\Local\housecall.guid.cache
[2013/02/07 16:52:54 | 000,007,252 | ---- | C] () -- C:\Users\Robert\AppData\Local\Temp7.html
[2013/02/07 12:53:28 | 000,003,657 | ---- | C] () -- C:\Windows\Tablet10000x6250M.ini
[2013/01/02 20:31:17 | 000,004,849 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\wifi_speakers.dat
[2012/12/22 04:25:57 | 000,002,443 | ---- | C] () -- C:\Users\Robert\wxDownloadFast.ini
[2012/12/14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/12/09 23:48:30 | 000,109,256 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2012/12/09 23:48:30 | 000,090,824 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012/12/08 06:21:10 | 000,000,489 | ---- | C] () -- C:\Users\Robert\.swfinfo
[2012/11/11 00:47:37 | 000,001,477 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2012/11/11 00:42:21 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2012/11/08 02:20:01 | 000,209,697 | ---- | C] () -- C:\Users\Robert\final_bstSnapshot_15086.jpg
[2012/09/28 14:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/20 00:49:38 | 000,000,345 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Digital Clock_Settings.ini
[2012/09/20 00:34:16 | 000,000,252 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\GPU MeterV2_Settings.ini
[2012/09/20 00:34:00 | 000,000,530 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012/09/20 00:33:44 | 000,000,352 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Network Meter_Settings.ini
[2012/05/07 03:31:21 | 000,000,132 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/04/22 19:10:59 | 000,006,144 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/22 17:02:42 | 000,001,456 | ---- | C] () -- C:\Users\Robert\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/04/02 06:06:26 | 000,003,437 | ---- | C] () -- C:\Users\Robert\unigine_20120402_0606.html
[2012/01/01 20:12:07 | 000,012,399 | ---- | C] () -- C:\Users\Robert\AppData\Local\Temp10.html
[2011/12/30 20:21:24 | 000,007,605 | ---- | C] () -- C:\Users\Robert\AppData\Local\resmon.resmoncfg
[2011/12/17 20:08:35 | 000,001,955 | ---- | C] () -- C:\Users\Robert\AppData\Local\Temp1.html
[2011/12/17 19:21:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/07 23:51:05 | 000,000,094 | ---- | C] () -- C:\Users\Robert\AppData\Local\fusioncache.dat
[2011/12/07 23:12:57 | 000,000,058 | ---- | C] () -- C:\Users\Robert\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011/12/05 23:36:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/03 09:47:26 | 000,001,016 | ---- | C] () -- C:\Users\Robert\ono.properties
[2011/12/01 18:11:01 | 000,000,003 | ---- | C] () -- C:\Users\Robert\AppData\Local\user_data.ini
[2011/12/01 07:23:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\droidcam-settings
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/28 20:24:29 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.minecraft
[2013/02/12 09:21:05 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.purple
[2012/04/15 04:51:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.Tribler
[2012/04/26 00:06:55 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Ableton
[2012/09/15 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Acapela Group
[2013/02/07 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Ambient Design
[2013/10/12 01:30:35 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Arc
[2014/06/15 08:43:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Audacity
[2013/02/07 14:10:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Autodesk
[2012/12/09 23:27:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Avant Downloader
[2013/11/20 02:12:24 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\AVAST Software
[2013/11/07 08:21:35 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\avidemux
[2013/11/23 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Awesomium
[2013/03/02 07:28:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Azureus
[2012/04/04 00:40:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BigHugeEngine
[2012/08/06 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Binreader
[2012/05/28 06:15:21 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bioshock
[2014/04/09 11:14:53 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bitcoin
[2013/01/16 17:02:01 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BITS
[2013/09/11 03:41:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Braid
[2012/04/28 20:19:31 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Broad Intelligence
[2011/12/15 04:49:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Canneverbe Limited
[2012/06/28 01:06:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Carbon
[2014/02/16 08:02:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ChatZilla
[2013/02/10 22:14:53 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/13 04:54:20 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ColorCop
[2013/02/16 11:32:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\com.adobe.WidgetBrowser
[2012/12/27 02:35:01 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\com.quasimondo.nodewerk
[2014/01/17 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\com.ynab.YNAB4.LiveSteam
[2012/10/05 23:36:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/08/03 13:20:04 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\cYo
[2014/06/07 04:30:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DigitalVolcano
[2011/12/07 23:12:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DonationCoder
[2013/09/20 03:51:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Doublefine
[2014/06/15 02:22:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Dropbox
[2014/06/14 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DropboxMaster
[2012/09/15 17:19:10 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DRPSu
[2012/09/06 01:30:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Easeware
[2012/09/28 01:41:28 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\enchant
[2012/12/28 20:54:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\EQATEC Analytics
[2014/06/09 23:50:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ESET
[2013/11/30 09:51:20 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Everything
[2013/08/30 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FastCopy
[2013/09/27 20:03:16 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FEZ
[2013/11/07 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FFsplit
[2013/02/11 06:40:20 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Filedrop
[2013/01/19 22:57:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FlashgetSetup
[2012/07/07 22:40:36 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\fltk.org
[2013/11/06 00:07:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\foobar2000
[2013/05/14 21:36:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Foxit Software
[2014/06/15 10:48:04 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Free Download Manager
[2013/12/28 01:35:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\gcstar
[2014/06/14 06:48:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\GlarySoft
[2012/07/08 04:16:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Gmote
[2013/12/28 01:35:54 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\gtk-2.0
[2012/06/02 02:44:32 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Hackety Hack
[2012/04/03 02:20:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\HandBrake
[2014/05/07 06:45:44 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\import.io
[2014/05/17 11:47:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\inkscape
[2012/12/09 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Internet Download Accelerator
[2013/12/05 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\IObit
[2012/06/21 04:45:55 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\jdast
[2012/06/21 04:47:55 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\jdnetmon
[2012/04/22 23:04:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Kaneva
[2014/04/12 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\KC Softwares
[2011/12/16 14:20:43 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Leadertech
[2012/07/21 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Lionhead Studios
[2012/09/21 01:47:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Locate32
[2012/09/07 20:18:01 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\LucasArts
[2013/04/09 20:45:18 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Maxthon3
[2014/06/11 03:51:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MPC-HC
[2013/02/17 08:24:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MusicBee
[2013/01/13 14:14:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\NeatImage PS 64
[2014/04/11 05:36:49 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Notepad++
[2013/11/05 02:38:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\OBS
[2011/12/04 09:55:27 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\OnLive App
[2012/05/29 23:55:30 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\OpenDNS Updater
[2012/11/16 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Opera
[2013/08/07 18:47:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Opera Software
[2014/04/02 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Oracle
[2013/04/19 21:44:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Orbit
[2013/10/10 05:58:48 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Origin
[2012/09/15 17:08:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PACE Anti-Piracy
[2012/04/12 03:32:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PDAppFlex
[2013/10/24 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PhotoScape
[2014/01/01 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Plex Home Theater
[2013/10/24 23:45:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Portitle
[2014/01/16 23:08:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PotPlayer64
[2013/05/27 19:47:03 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PotPlayerMini64
[2014/03/08 08:00:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ProductData
[2012/11/10 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ProgSense
[2014/06/03 04:56:17 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\QuickScan
[2013/02/01 05:38:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Reason
[2011/12/02 00:39:28 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\runic games
[2011/12/17 02:39:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Screaming Bee
[2012/04/15 01:31:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SecondLife
[2012/05/09 01:43:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SeriousBit
[2012/04/27 00:57:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Shareaza
[2011/12/17 19:29:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Soluto
[2012/09/14 18:28:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Songbird2
[2013/11/07 12:52:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SplitMediaLabs
[2012/10/21 00:11:13 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Spotify
[2012/09/15 16:06:48 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/20 02:21:35 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SystemRequirementsLab
[2013/02/04 18:52:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TeamViewer
[2013/06/20 22:49:37 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TeraCopy
[2013/06/12 21:54:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Tether
[2012/10/27 05:10:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Titanium
[2014/05/24 04:44:27 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\tixati
[2013/09/17 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Trine2
[2013/11/30 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TuneUp Software
[2012/08/03 07:07:04 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Unified Remote
[2012/06/16 03:04:42 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Unity
[2012/04/28 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\VidCoder
[2014/04/15 19:55:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Warner Bros. Interactive Entertainment
[2013/01/28 03:34:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Waterfox Limited
[2012/04/27 01:04:21 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WebcamMax
[2013/10/26 01:49:23 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Wings3D
[2013/04/10 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Wise Uninstaller
[2012/07/07 18:40:01 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Woon
[2014/01/05 01:36:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\XBMC
[2013/10/10 23:25:32 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV - [2014/05/13 22:42:39 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2012/05/06 10:35:36 | 000,039,112 | ---- | M] () -- C:\Rainmeter.exe
[2012/05/06 10:35:38 | 000,196,296 | ---- | M] () -- C:\SkinInstaller.exe
[2011/12/08 06:27:02 | 004,770,816 | ---- | M] (Geza Kovacs) -- C:\unetbtin.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 7CEF-6D92
 Directory of C:\
07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  12:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Robert
12/01/2011  05:58 PM    <JUNCTION>     Application Data [C:\Users\Robert\AppData\Roaming]
12/01/2011  05:58 PM    <JUNCTION>     Cookies [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies]
12/01/2011  05:58 PM    <JUNCTION>     Local Settings [C:\Users\Robert\AppData\Local]
12/01/2011  05:58 PM    <JUNCTION>     My Documents [C:\Users\Robert\Documents]
12/01/2011  05:58 PM    <JUNCTION>     NetHood [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/01/2011  05:58 PM    <JUNCTION>     PrintHood [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/01/2011  05:58 PM    <JUNCTION>     Recent [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Recent]
12/01/2011  05:58 PM    <JUNCTION>     SendTo [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\SendTo]
12/01/2011  05:58 PM    <JUNCTION>     Start Menu [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu]
12/01/2011  05:58 PM    <JUNCTION>     Templates [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Robert\AppData\Local
12/01/2011  05:58 PM    <JUNCTION>     Application Data [C:\Users\Robert\AppData\Local]
12/01/2011  05:58 PM    <JUNCTION>     History [C:\Users\Robert\AppData\Local\Microsoft\Windows\History]
12/01/2011  05:58 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Robert\Documents
12/01/2011  05:58 PM    <JUNCTION>     My Music [C:\Users\Robert\Music]
12/01/2011  05:58 PM    <JUNCTION>     My Pictures [C:\Users\Robert\Pictures]
12/01/2011  05:58 PM    <JUNCTION>     My Videos [C:\Users\Robert\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              49 Dir(s)  67,818,602,496 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
 
< MD5 for: SERVICES  >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2014/01/29 16:24:18 | 000,000,221 | ---- | M] () MD5=1204D1B656363E8368AC73E618275154 -- C:\Users\Robert\Downloads\settings\AMD\services.cfg
[2014/05/08 08:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2013/12/06 23:00:50 | 000,000,119 | ---- | M] () MD5=71D301FC0D44154C287BF008E4B364F1 -- C:\Users\Robert\Downloads\settings\NVIDIA\services.cfg
[2012/09/23 21:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.DAT  >
[2014/04/05 23:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Robert\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.JAR  >
[2013/01/10 22:08:58 | 000,820,623 | ---- | M] () MD5=3EEF524562E5E4F768D62966D400D5A7 -- C:\SocketeQ\windowsandroid_root\system\framework\services.jar
 
< MD5 for: SERVICES.JS  >
[2014/06/12 11:17:28 | 000,001,465 | ---- | M] () MD5=D8D3E554AA44D5254BAE4A51700EE640 -- C:\Users\Robert\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni\0.1.22_0\scripts\services.js
[2014/06/12 11:17:28 | 000,001,465 | ---- | M] () MD5=D8D3E554AA44D5254BAE4A51700EE640 -- C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni\0.1.22_0\scripts\services.js
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.PY  >
[2013/12/23 22:16:24 | 000,007,391 | ---- | M] () MD5=1B17E843A4EF0031F7D5258F68E2F5E8 -- C:\Program Files (x86)\Plex\Plex Media Server\Resources\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.py
[2014/01/04 06:15:14 | 000,007,391 | ---- | M] () MD5=1B17E843A4EF0031F7D5258F68E2F5E8 -- C:\Users\Robert\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.py
[2013/12/23 22:16:24 | 000,032,427 | ---- | M] () MD5=5BA8BD62E63A532DF1CE0CFA58B27A7C -- C:\Program Files (x86)\Plex\Plex Media Server\Resources\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.py
[2014/01/04 06:15:13 | 000,032,427 | ---- | M] () MD5=5BA8BD62E63A532DF1CE0CFA58B27A7C -- C:\Users\Robert\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.py
 
< MD5 for: SERVICES.PYC  >
[2014/01/04 06:15:42 | 000,007,126 | ---- | M] () MD5=142C2C27791320E8C02950FC6ECDB8A9 -- C:\Users\Robert\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.pyc
[2014/01/04 06:15:42 | 000,030,871 | ---- | M] () MD5=3F4A5B65AB723680E74096D924728866 -- C:\Users\Robert\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.pyc
 
< MD5 for: SVCHOST.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\winlogon.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\ZUploader:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Witcher 2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Windows_NT6_BSOD_jcgriff2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\WB Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Vuze Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Vee-Hive:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\UT2003 IRC Chat on XGR.com - Edited by Tetris L - BeyondUnreal.com_files:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\TVTrigger Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\The Lord of the Rings Online:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\The KMPlayer:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Square Enix:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Speed_Tester:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\SightSpeed Recordings:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Shadow Warrior Demo:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Scanned Documents:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\SavedGames:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Rockstar Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Respawn:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\RegRun2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Receipts:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Razer:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\ProcAlyzer Dumps:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Photoshopery:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Penumbra Overture:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\PeerProject Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\PCSX2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Osmos:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\OnLive App:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\OneNote Notebooks:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Nexus Mod Manager:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Neat Image for Photoshop:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Mysonethan:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\My Kindle Content:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\My Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\InfiniteCrisis:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\HeroBlade Logs:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Guacamelee:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Giana Sisters - Twisted Dreams:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Games for Windows - LIVE Demos:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Freemake:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Fragments:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Fiddler2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Fax:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\ezvid:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Elder Scrolls Online:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\EagleGet Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\EA Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Dust:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Dungeons and Dragons Online:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\DonationCoder:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Diablo III:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Bioshock:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Assassin's Creed IV Black Flag:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Anti-Malware:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Amnesia:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Almost Human:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Adobe:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Add-in Express:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\4A Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents:PeerProject.GUID
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56E2E879
 
< End of report >

Edited by Robert Headley, 15 June 2014 - 11:55 AM.


#5 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 15 June 2014 - 11:56 AM


OTL Extras logfile created on: 6/15/2014 11:37:30 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 23.83% Memory free
15.83 Gb Paging File | 8.30 Gb Available in Paging File | 52.45% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 63.29 Gb Free Space | 4.53% Space Free | Partition Type: NTFS
Drive D: | 6.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: ORPHEUS | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Be.HexEditor] -- "C:\Program Files (x86)\freshney.org\Xinorbis6\Be.HexEditor.exe" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [disksorter] -- C:\Program Files\Disk Sorter\bin\sppshex.exe disksorter classify "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [portitle] -- C:\Program Files (x86)\Portitle\PortitleLauncher.exe "%1" ()
Directory [PotPlayer.Enqueue] -- "C:\Program Files\DAUM\PotPlayer\PotPlayer64.exe" "%1"  /Add (Daum Communications)
Directory [PotPlayer.Play] -- "C:\Program Files\DAUM\PotPlayer\PotPlayer64.exe" "%1" (Daum Communications)
Directory [Xinorbis6] -- "C:\Program Files (x86)\freshney.org\Xinorbis6\x6.exe" "%1" (www.MaximumOctopus.com)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Be.HexEditor] -- "C:\Program Files (x86)\freshney.org\Xinorbis6\Be.HexEditor.exe" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [disksorter] -- C:\Program Files\Disk Sorter\bin\sppshex.exe disksorter classify "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [portitle] -- C:\Program Files (x86)\Portitle\PortitleLauncher.exe "%1" ()
Directory [PotPlayer.Enqueue] -- "C:\Program Files\DAUM\PotPlayer\PotPlayer64.exe" "%1"  /Add (Daum Communications)
Directory [PotPlayer.Play] -- "C:\Program Files\DAUM\PotPlayer\PotPlayer64.exe" "%1" (Daum Communications)
Directory [Xinorbis6] -- "C:\Program Files (x86)\freshney.org\Xinorbis6\x6.exe" "%1" (www.MaximumOctopus.com)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe:*:Enabled:PotPlayer -- (Daum Communications)
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe:*:Enabled:PotPlayer -- (Daum Communications)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe:*:Enabled:PotPlayer -- (Daum Communications)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe:*:Enabled:PotPlayer -- (Daum Communications)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083ED3E5-8028-4D31-9DAF-6E78402C1F43}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0F4D453C-21DD-41E4-A6F3-42B0011BBA94}" = lport=41922 | protocol=6 | dir=in | name=41922 tcp | 
"{123F46EB-1764-43E7-8C10-2D33EFCFB967}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{23AEB1FC-58AF-4174-9BFC-A348418A0E45}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{278542A7-E64A-46D8-BCFD-C84BD0C9B5B3}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{2F03F56F-CA62-457E-A9E2-3F756091E59F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31CC3CB0-4A05-4CD3-893F-266F481AD881}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{326F1C41-E183-42E4-9C27-53ED7EE70E43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F4857C2-1A97-44B9-8C77-6A571EB12BA7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{431C8625-1078-4729-863D-8F3F423C5E48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{47DF6194-50B7-4DEC-B52F-2588519C1B81}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4879D97A-A8AC-4099-9829-3DB32A295C92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{489950CE-B20D-4747-872C-ECB342519549}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{4DED7C65-23B4-4390-890D-25F3F2E99F7B}" = lport=28541 | protocol=17 | dir=in | name=3184 udp | 
"{524AD408-DB59-42F3-8030-11965F9763B0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{56157F6C-8F47-4B88-9C86-F22C2C55BBA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A14C1FC-439B-4CD2-A0EF-D804D6DE6BD0}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{6F729FEA-3041-488B-BB41-B09D3DCD92CD}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{74DD9744-3552-43F3-A661-493C36398C70}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76CEF60C-BA92-4613-B0B3-E30474B49DA0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{804BD0BF-BB79-400C-A45B-3CABECE15C25}" = lport=3184 | protocol=6 | dir=in | name=port 3184 | 
"{8946CA32-6967-47F1-A5DE-1B6311C82EDA}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{8C293DF0-E9FF-42E4-987E-76C2378D1383}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{93D242B9-C247-4A76-AB07-FEA24E3DFCC3}" = lport=41922 | protocol=17 | dir=in | name=41922 udp | 
"{96F33F4A-0644-4B8A-BBEE-704747EC5CD6}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{A8ECDB82-A42B-4090-86E4-EB31305181A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ACBA939F-C6D2-4B2A-A08A-56AE442C548F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B1022439-B1D2-4B49-9DC1-AF2C26E2DD9F}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{C0E196ED-E39E-4CC2-8677-7154468A87F7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{C993F30C-DDCE-4271-9942-1AF2A23B7EEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CE45D89F-9B6F-4F79-AB03-242DE9026032}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{D429AAB3-1C6E-4BDE-B189-C7E5C1FA879E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D56EBA94-22C0-49F7-9766-EF9F35E7BABF}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{D61E1BB0-B358-4D6C-B091-6FDE86F816ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2B55769-AA8B-4AD1-AC52-E6968860FA10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2D38C72-DF46-4FF1-A4AB-9EC70FFD1EBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ECF5C7BE-7142-46CA-AA64-50E986B59DEA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F372F284-D276-410C-A767-638012972E0C}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{F3B5B470-DBBD-48F5-8B63-51E2DCD8AA05}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{FF2A071C-E32E-4EDE-96DC-C4C768AFB1AB}" = rport=3184 | protocol=17 | dir=out | name=3184 udp outbound | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017C5264-6D90-4C1C-A190-BBEE42FFAB99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe | 
"{01FFC7C3-5773-404E-A2FE-5DB1CB792ADE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{0311B509-BF89-4247-BD45-C947D579CCF5}" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"{0369B03D-AD5E-4E50-934B-75FC187B7D93}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | 
"{04E1B090-4596-465F-BD4D-918C31DFAD59}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{075FFD49-3F73-4BAD-BF30-B590642638D4}" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe | 
"{07D55376-98A3-4B8F-8D5F-CDA07C9D1497}" = protocol=6 | dir=in | app=c:\users\robert\downloads\toonel.jar | 
"{09DD4642-C100-4DDF-8D42-1D01671E0F0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AD67C1A-D1BB-4453-B2B2-BCB76BF4F132}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0B734190-584D-4E64-84E3-D0725E458807}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dust an elysian tail\dustaet.exe | 
"{0D9A82BA-A058-4B6B-B405-AB27AFF124E9}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{0E77ED9F-5BBC-4B1D-896E-55C4FA317447}" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{0E9C89E5-64EC-40A1-80ED-A66C7A9700F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{0E9FC0B5-484A-42EC-ADAC-F74D1618BC86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe | 
"{0F9576BD-E22D-4B7A-AFE7-79C3400C8DEF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1121E4B7-211B-43AE-92DA-C339122FB7D8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{12D277F8-22D9-49D0-AC06-9CE4AC155B86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{135A2779-227E-486E-B49A-3A1CB01A5C8C}" = dir=in | name=3184 udp | 
"{137CD510-5846-46C7-A6E0-95588468D624}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe | 
"{13C5623A-8319-4343-B55B-2A8EC7FCEB6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{14AF6CBF-D9F5-438F-9630-C47FE7AD4034}" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"{14D5FD7F-E4AE-40D6-AE53-F3AF53335C39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | 
"{15996AEC-6E0C-4E32-AD12-EF4249474E4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe | 
"{16EC6C8B-3676-45AF-A7E6-08C7FEDCC7B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{1959C627-5D58-426E-BC9B-1A72E1C29BE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fez\fez_launchoptions.exe | 
"{19673D89-7BBE-49DB-AA15-F09067C0A1D8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1B7A9E8C-4ADD-4E9B-B4DE-678013080F98}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{1D3905DF-11A5-463C-AAAD-83FC977922E8}" = dir=in | app=c:\program files (x86)\icube\woon cloud server\woon cloud server.exe | 
"{1EB53BB0-D76A-41FF-9EB1-56D524E3C6F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{1F3A37C1-36FB-4589-A3F1-2D69609B5A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | 
"{219CE837-E043-4ADF-864B-FECADBBD3F53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{23D21B62-F9AE-4F4E-9522-A0484F175260}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | 
"{2584360E-0E3B-4560-852F-2311694571F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{272B2BA2-EF8A-4F4C-B43D-793A428161E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fez\fez_launchoptions.exe | 
"{281C7919-3565-4682-B21F-C318B26FD616}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe | 
"{287E4DD9-4B0C-46E8-9009-001E83B6E6E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons & dragons hd\managame.exe | 
"{28BC794C-A22A-49EC-BB77-7E49D17C9F46}" = protocol=17 | dir=in | app=c:\users\robert\program files (x86)\torque\torque.exe | 
"{29A26DFC-8677-4FD1-92E0-3079B52758E5}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe | 
"{29C59EE5-D5A8-4246-A3BD-B45FE8375D94}" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"{2D04F0E9-E20C-4C20-8AA6-3476685F5A2F}" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"{2D5B7883-F68B-45F9-951C-118C8ADBFF12}" = protocol=17 | dir=in | app=c:\program files (x86)\sick beard\sickbeard.exe | 
"{2EBEFD13-8446-411D-9D17-6566CA61AAE8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe | 
"{2F5F8EC7-EC42-42BF-864A-68AD15651800}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{3115CFA6-745D-4A6C-93AC-BC0DF409D12A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | 
"{312BB1A2-A223-4D32-B1B5-54D6BA25AC10}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{33948BCB-99C2-4DBA-83C4-15F1A7315CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{34672B12-631D-46A1-BFF7-8C55D8A64120}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3477A5D7-2F2D-4C38-B741-96B6083F2E63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the stanley parable\stanley.exe | 
"{35140B38-1F7B-45AB-BA33-8D4CE0E07EB3}" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"{35AECE23-F0FE-4B53-AB2C-C37B318834F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37AF1559-4CBF-4763-98FF-1DD18B068E33}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"{37BBBC61-8D3E-4A7E-82C3-A4466427228C}" = protocol=17 | dir=in | app=c:\users\robert\downloads\toonel.jar | 
"{37CECC37-2D72-45CF-A875-ECC718BC366B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{383FA076-C5E1-4EEF-A95D-4BCE6594D49E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dust an elysian tail\dustaet.exe | 
"{38C6CACE-0CDB-4D63-888D-5694A8A95FE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe | 
"{3C53C4A2-FDD8-454E-B8A5-6AA3ECB9782D}" = protocol=17 | dir=in | app=c:\program files (x86)\wifi speaker\wirelesssound.exe | 
"{3C8F453F-333C-448D-9CAD-B82AA0DCA12A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{3CD2AC22-01A2-47D2-9F75-0D6AE148999F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel puzzle quest\binaries\pc\ship\marvel puzzle quest.exe | 
"{4023A72D-8FBE-42CC-9533-B3544DDEBA3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe | 
"{42709CBD-FAEB-4552-BAAB-67256ECA9CE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal\hl2.exe | 
"{44B39C0D-F344-46A9-B345-692401AAFCCF}" = protocol=6 | dir=in | app=c:\program files (x86)\virtual volumes\vv_cmd.exe | 
"{4722B1D3-BE8A-4A2B-9729-EB65DC3E4FCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the stanley parable\stanley.exe | 
"{496892D3-A1AE-4EC3-A370-7724FED1425B}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{4A734256-07A0-4BF4-9878-0255D7E87887}" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"{4B12D63E-B74F-4F9B-9C84-9C46F10344EC}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4D44CBCD-9599-4227-A395-94C2C9F3C81E}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\spotify\spotify.exe | 
"{4E014785-8B7B-4033-B70D-D00D35F54809}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fez\fez.exe | 
"{4F0C0D58-A347-4BCE-BDD0-71B811E05325}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{5052699A-0911-4082-855F-CC90497A5745}" = protocol=6 | dir=out | app=system | 
"{50C6E666-2F06-47D1-8D3B-244840B9959F}" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe | 
"{5252F2B2-1F1F-4E35-A7DC-A00CEA3E6BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{54E9DCBC-F348-4DD0-8E65-9461079DF15C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | 
"{5541812B-B2DF-47B7-AA8C-185FBC42BDB5}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe | 
"{57C652AB-E5D1-4638-A78A-148B0C97628A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{589D4983-B5C3-497D-9B31-8F78F8EBA61B}" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"{59177BEA-CDFE-40D2-876D-F81FF8621D59}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5A1C3573-C33E-4E30-BCBB-687053B7A780}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe | 
"{5D7DC6FA-16EE-4394-9380-C8AB09793F62}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\wysebrowser.exe | 
"{62CDA38C-728E-4B72-8437-320F2171786F}" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"{64C39699-B31B-41BE-855A-309C58DC313D}" = dir=out | app=%programfiles%\adobe\adobe photoshop cc (64 bit)\photoshop.exe | 
"{668D5AF6-1B8D-410F-A089-FD13DD99C594}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | 
"{670D8B7D-AB51-4FA7-B0D4-BC435352022C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{6736EEFD-75A7-489B-A5E6-9555864E5C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valvetestapp206500\airmech.exe | 
"{685F7617-FBF7-4613-8F19-97E2818C29CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{688D844F-0C33-414D-B0E8-887F71956970}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe | 
"{691EADFF-E945-46E2-A75D-B09957729C46}" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"{692EEA42-3655-4D75-88E3-231D1B5BE1D3}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{6AA0DCC9-0338-4346-9B6B-FE0B01BF8263}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe | 
"{6F08AF5A-3B0E-4270-9FFF-7DC258AEC920}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{701FFE03-95E9-4772-8411-0AF0CDA8AD61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pixeljunkeden\eden.exe | 
"{703F1D7D-BFBE-42CF-B40B-B2A1111B7B9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{70EFFEBB-C791-4BD0-936B-DBDBEFC5754C}" = dir=out | name=3184 tcp outbound | 
"{71BD9FD8-C9FE-4563-896A-9A2294E64693}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed iv black flag\ac4bfmp.exe | 
"{72CC5094-284D-4CE5-BD33-C97A5DB68059}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{74B4F27C-BD80-420D-A742-5EF43C1EF64E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{77349FF5-3815-4100-9EF1-664451E5FF33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{773C18C9-7B99-4DF7-AD85-672CBA99FC2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | 
"{77AA74C9-7089-45C1-8E97-0D16EDFAAFF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{7CF74327-BC67-4316-B577-25509DA731A4}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{7F53B190-C9F7-4734-9634-DB599B3257C3}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe | 
"{80560713-0DA1-4ABD-AD8B-0DAF7C7E3280}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{809A6CBF-E37E-4CAF-AC37-D060E6CA54BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{810B96D0-ABF3-4763-905B-E6A9CF571719}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{815D7559-5B54-4451-822D-DF5884982AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{82466CCE-6CD8-4985-BE94-569D9FE61BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{82A4B4CC-8C4C-4881-A6B4-26A3F48CA12F}" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe | 
"{86661D81-C15A-41FB-A452-D9700DF8FF6E}" = protocol=6 | dir=in | app=c:\program files (x86)\sick beard\sickbeard.exe | 
"{86856307-1D97-4E88-B7CA-C63376F4C5BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{8DA3C03B-1E56-4280-AE7F-03EB4AC72D6B}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{8E9A95C9-E516-4F58-BD5E-757342D9F02D}" = protocol=17 | dir=out | name=5228-5230 udp mightytext | 
"{8EBD2110-F49C-4463-B8E4-3F409D8B77C1}" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"{8F580394-9B8F-4887-B602-1C29577777B6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{8F70FD76-833F-417D-B292-26C14586AA30}" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"{90354F07-5D02-4A92-9B2D-CB8BA5EED060}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9051C35B-4161-4514-B8BB-96542808DB3E}" = protocol=17 | dir=in | app=c:\program files (x86)\virtual volumes\vv_cmd.exe | 
"{90B682AB-0FEB-4370-B330-A510CAEA11A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed iv black flag\ac4bfmp.exe | 
"{9103F164-F20D-46E6-BAA2-D5689B11A2D1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{913B2240-BE7C-4507-B71A-D0C252E51772}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | 
"{919909A3-6F44-45DE-952B-D59EDFCFD7ED}" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"{968847E3-CE79-409B-B56A-44D60E7A5C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{97A1DCE0-FE37-4FDE-B2F3-FC16BA04CE18}" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{98FADBE6-B754-4B81-8D69-B875ED6C2817}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{99C07A8C-2CAA-4F3E-B9B9-78C5EB04D6E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel puzzle quest\binaries\pc\ship\marvel puzzle quest.exe | 
"{9EBA2F47-52F8-4511-B837-54734BB6B29D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9F0D9B74-B65C-43FE-BC10-2F144E4B392F}" = protocol=17 | dir=out | name=5228-5230 tcp mightytext | 
"{9FDE7B23-54F0-40AA-AD00-DD5661A6C36F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A33048F2-50C5-445C-A5DC-E74AD319CBB5}" = protocol=6 | dir=in | app=c:\users\robert\program files (x86)\torque\torque.exe | 
"{A5516444-8EE2-4132-9AAA-3CD02DD70B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{A7865140-124C-4D72-BB19-F6C5D7059169}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe | 
"{A8A72249-B321-4F51-90AE-1E9470302675}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe | 
"{ACC234CA-32E5-445E-9199-26A91699A48C}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{AD1685DC-6463-4759-AC87-A285D6274F1C}" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe | 
"{AD700BAB-3F51-414F-83DF-01D592649209}" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"{AEBA9C89-3F97-4D17-B6C7-D5714A970E2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brotherslauncher.exe | 
"{AECAE271-233C-4772-B419-7B255848F977}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{AEDB2809-F813-4DC1-B861-1AF1D482966E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pixeljunkeden\eden.exe | 
"{AEDD162D-8F83-4D43-B74A-BD99323927C5}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{AEF3F4E2-0E56-4256-8557-05670C1519A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | 
"{AF8050A9-BA19-4843-8A4D-BCF6D592DF96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | 
"{B05EE2CD-C2FA-422A-B232-B4BD8F4E925A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe | 
"{B2C22F0C-CAC7-44CC-9B3B-CEA14DB49BDF}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{B33EA799-72D0-4E66-9889-CEB920BD2AE9}" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe | 
"{B771B19C-B0FD-41C0-A3A3-680BEDD4E187}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B79B723D-A383-426D-B7EE-A36242284DB6}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{B7EE6544-C36C-469E-A7C4-6E19E994E847}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{B88697B4-6BEA-42DC-AAA4-A457285E89FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B8DB3289-1C0A-4443-BC6E-252C3EC644E9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{BD0D1FA1-91B4-4BA4-AB4E-DDAC6DFC1779}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe | 
"{BF0C4D0C-3ADC-44C4-9B94-E0099F37F072}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{BF4E7277-1BCB-4368-AE5E-9E6BF507D708}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valvetestapp206500\airmech.exe | 
"{BFA8C2D7-631A-4F5A-80CE-87438F91D3E5}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | 
"{C0BE7A32-5A3E-4A37-8DC1-D5299A3F60F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rune classic\system\rune.exe | 
"{C274E508-805B-44CA-A005-008B9DDD4040}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fez\fez.exe | 
"{C6053279-7510-4E98-8399-28D4703E19C2}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C76F2E3B-57B0-48B8-B025-E96C08DA4AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{C78CA736-0072-4DC0-BBA8-61512EEF1F8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons & dragons hd\managame.exe | 
"{C80E00CE-53CC-4290-A425-56BC77F52D83}" = protocol=17 | dir=in | app=c:\program files (x86)\virtual volumes\vv_cmd.exe | 
"{C8FF2DC2-4471-4FB2-9CC7-B774312A15CF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CB770438-8484-4399-A897-FFEDCFF1CBFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CE121023-1A36-4F6E-815B-D8CC73A8B08D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{CEE61A07-3620-4588-A9C9-40E9FC50F7DA}" = protocol=6 | dir=in | app=c:\program files (x86)\wifi speaker\wirelesssound.exe | 
"{CFF9AB5F-B606-4FD0-AD56-D047C5FB2514}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D2A92403-B2D4-4478-9A18-F0BA841997E8}" = protocol=17 | dir=in | name=5228-5230 - udp mightytext | 
"{D307CFE5-1E85-4E68-AA8E-B07D7B4C440F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{D3C5703F-7555-4F26-A325-40B67D121545}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | 
"{D3C81FA5-D105-4AEE-8283-8323A6626663}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{D40ED204-F7D4-4643-B2E2-F65D3980F61A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brotherslauncher.exe | 
"{D5F080FD-698C-490A-B2BD-7D97FAA694C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D6A602BE-B29F-4E41-B447-10FBD96A0E09}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D6C75793-53CA-4AD4-B3F1-F8A560BB6604}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{D7AA2EA4-3388-492E-B30E-CA8C3ECA4937}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{D918A281-7E14-4BDD-8A69-E667663B8AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"{D942E62E-3B7A-4303-9BCC-14D42F30B036}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB0B6545-78DD-4A32-8743-3580E2A79611}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lego marvel super heroes\legomarvel.exe | 
"{DB241C21-4CFC-41BE-8C84-ED9B5C81DFEE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{DB4113BC-6FD0-4E5D-9F73-38B4F9956613}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DC08F3CF-2A80-491F-88F4-F3E9A5E75D01}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{DDA37623-A387-4213-A406-8806D48CFA81}" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"{DE10CEA9-F1DE-4362-9312-7E1A5A6D741B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{E0D7C9B8-D7BD-4821-B4FC-B6EE8AE7A968}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E310CDC5-07B5-41CD-B231-5EC951AC63E9}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{E682BB3E-B3C9-45F0-A3B1-CDEECA38FCA3}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | 
"{E71BDBB1-BB63-4EC3-A1EA-2BA51DFB4FDD}" = protocol=6 | dir=in | name=5228-5230 tcp - mightytext | 
"{E99E1F8E-9DD9-4D2F-A44F-CB2C8158FA28}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | 
"{E9B5E382-3310-4055-AA5A-8EE8B15627F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EC91E845-9D14-4F07-A5B0-233D25C3D982}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EE8F4C4A-63B1-4F63-9535-361601AE66C2}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe | 
"{EEC233CC-4C2B-4C4D-8C0A-800795791039}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe | 
"{F2C2BA04-A41D-4B7C-801A-E57A865E8F6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{F67CC28A-CE02-4EBA-A651-B8B90C17D70D}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe | 
"{F6EE3289-C862-4412-B031-2A3A5B1B9B5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rune classic\system\rune.exe | 
"{F7A91377-9D75-44D4-BA63-115B26366214}" = protocol=6 | dir=in | app=c:\program files (x86)\virtual volumes\vv_cmd.exe | 
"{F7C501DD-198D-4393-99D8-3F815AB8815E}" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe | 
"{F7E234C8-1984-4613-9FF8-91A7DB68E6B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{F8D92DB3-322D-4C23-B356-28737BE67D46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lego marvel super heroes\legomarvel.exe | 
"{F90DE30B-FE5D-472A-B238-C2CCA85EEB50}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F9E999A4-CFE1-4D1F-9394-C8CF29DDB0DC}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\spotify\spotify.exe | 
"{FA0C93D5-DA31-40EA-8649-C2BFD04BFF64}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | 
"{FB05B04C-FA97-44DF-9F03-2AF2544C6183}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{FB2FEFCC-68DC-4F85-BAB6-388AF7966F12}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"TCP Query User{0B35D645-72FE-45C5-A885-DFB5529A9127}C:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3.exe | 
"TCP Query User{0D0F59ED-F88E-4BB4-AEBF-B82D3AC21396}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"TCP Query User{0EEA2D68-C452-48AC-B8A7-8BCD1113A790}C:\users\robert\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{1F45D29C-AE04-496D-8E25-5E9BD11C0568}C:\program files (x86)\chatzilla\chatzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\chatzilla\chatzilla.exe | 
"TCP Query User{27CE24C8-97BE-452D-8E14-39750DD6BB6D}C:\program files (x86)\infinitecrisis\infinitecrisis.exe" = protocol=6 | dir=in | app=c:\program files (x86)\infinitecrisis\infinitecrisis.exe | 
"TCP Query User{2D0454FF-B1AC-460E-8BD3-66F4FDB9B661}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"TCP Query User{2FAE70F3-6D43-4FFF-B229-490B18212B1B}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{315B1D3E-701F-4435-AF70-C6B7F0125A75}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{3E123A62-ECA9-4934-867B-B285EFC14007}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{4428DAF3-7424-490D-BBC3-73632A6B3216}C:\program files\daum\potplayer\potplayer64.exe" = protocol=6 | dir=in | app=c:\program files\daum\potplayer\potplayer64.exe | 
"TCP Query User{595BDD3B-C614-4618-830F-BDE4DFCDA10D}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe | 
"TCP Query User{6258B0FF-BB07-4313-BA6A-F421D12F9C8D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{693BDB73-FB6D-4F6D-9878-02D260F82C47}C:\program files (x86)\open source\developer tools for upnp technologies\av wizard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\open source\developer tools for upnp technologies\av wizard.exe | 
"TCP Query User{71DA4C3F-3AB3-4CF5-AE0F-BC3D09478735}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{7296803A-1532-41D4-81DE-8DBB2447A1E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{78916BC1-5ED6-45D4-93B3-27DD47C0F135}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe | 
"TCP Query User{79F8131B-0922-4694-A092-97980550D7E4}C:\program files (x86)\open source\developer tools for upnp technologies\av media controller.exe" = protocol=6 | dir=in | app=c:\program files (x86)\open source\developer tools for upnp technologies\av media controller.exe | 
"TCP Query User{7C3C27D6-D27B-4E44-A44D-C1B0BE928F03}C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe | 
"TCP Query User{842D9861-B107-4074-957D-7C6285216201}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ps3 media server\jre64\bin\javaw.exe | 
"TCP Query User{8816397B-6B7D-44A0-B314-0649D1FA5FDC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{91DA5C72-FC43-45FC-BE6E-7C8DEEF1E231}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe | 
"TCP Query User{A4DC6849-21EB-4C6B-9859-0E6972DF3F32}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe | 
"TCP Query User{AC89C35F-C04F-4B75-8405-0D6DC69D0424}C:\program files (x86)\plex home theater\plex home theater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\plex home theater\plex home theater.exe | 
"TCP Query User{AD29B5D7-E2E5-4D8D-B70F-392BFB46ACDA}C:\program files (x86)\sick beard\sickbeard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sick beard\sickbeard.exe | 
"TCP Query User{B6B3ECBC-9022-4D0C-A849-39CB19A9FD92}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"TCP Query User{E1AA56CB-289C-4791-A885-C8959CDC216C}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{E3BFDA6F-629F-44A9-BEC4-5A4339C7EAB5}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"TCP Query User{E6B143E3-7646-458A-8777-EEB198658593}C:\downloads\fg740p.exe" = protocol=6 | dir=in | app=c:\downloads\fg740p.exe | 
"TCP Query User{E8CB2573-8D8F-4DDB-A861-60D45753E950}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe | 
"TCP Query User{ED3E5C82-FA90-4139-ADF4-886056F9A6D6}C:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe | 
"TCP Query User{F22B3387-557F-44B1-9DC4-9AF6A1901F39}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"TCP Query User{F52C8404-9AF6-4B78-ABDE-3E37913BB222}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{FDC98EBC-5325-4F3B-9C2A-04A85CF30846}C:\program files (x86)\wifi speaker\wirelesssound.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wifi speaker\wirelesssound.exe | 
"UDP Query User{0257F1EE-50FF-469A-86CB-0F925174BA4E}C:\program files (x86)\wifi speaker\wirelesssound.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wifi speaker\wirelesssound.exe | 
"UDP Query User{084F6854-4854-43CC-BC1D-0994A5A8AC9F}C:\program files (x86)\open source\developer tools for upnp technologies\av wizard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\open source\developer tools for upnp technologies\av wizard.exe | 
"UDP Query User{18E931BB-95CC-4098-91F4-4DA49CD6FF11}C:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\fallout3.exe | 
"UDP Query User{37D12AF7-61A2-485A-8064-4F5D6B2A10C9}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ps3 media server\jre64\bin\javaw.exe | 
"UDP Query User{45F79192-F776-4CBC-87C8-D7AD5FE46B6E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{544252AE-0335-4A95-8D7F-F42C988D6F55}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{56CCD9DE-BEBD-4D00-840C-E1006E45762B}C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe | 
"UDP Query User{73E0565B-CDA1-4B72-89EE-52294ABA5B48}C:\downloads\fg740p.exe" = protocol=17 | dir=in | app=c:\downloads\fg740p.exe | 
"UDP Query User{77ADD217-A68E-4136-AAFA-8CEE34DD83F6}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"UDP Query User{7FAEC713-3D11-46C5-9693-82DA80DFEB15}C:\program files\daum\potplayer\potplayer64.exe" = protocol=17 | dir=in | app=c:\program files\daum\potplayer\potplayer64.exe | 
"UDP Query User{8ADC5E23-64DF-4966-A76B-DFE77A0855C3}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"UDP Query User{9C720B89-EBA8-44CC-A38A-FD2FA20F1FA4}C:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe | 
"UDP Query User{B345C0CE-3A94-43C6-A574-91645509EED1}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe | 
"UDP Query User{B675C739-4BAA-459E-9B72-7E2366482938}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{B8BA90F1-90DE-4EA7-85B0-33ED4F55DC49}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{B971142A-2CD1-4724-9AF1-4B4372A832C3}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"UDP Query User{BBB6E420-B751-4764-BA63-3DF0AB293D46}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe | 
"UDP Query User{BE308D9D-3692-40DA-9D2D-1D5A3995E436}C:\program files (x86)\infinitecrisis\infinitecrisis.exe" = protocol=17 | dir=in | app=c:\program files (x86)\infinitecrisis\infinitecrisis.exe | 
"UDP Query User{C794DB65-D6B4-4814-9E22-E343583A8CD1}C:\users\robert\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{C8C925BD-4B0B-403E-9923-C9724630104C}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{D2787BF3-3B09-4394-8858-78F8B1BF230B}C:\program files (x86)\open source\developer tools for upnp technologies\av media controller.exe" = protocol=17 | dir=in | app=c:\program files (x86)\open source\developer tools for upnp technologies\av media controller.exe | 
"UDP Query User{D361DF8E-A9EB-4F5E-9FB4-46FE212DB982}C:\program files (x86)\plex home theater\plex home theater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\plex home theater\plex home theater.exe | 
"UDP Query User{DF546FE5-1A9F-414A-8A5B-153AC2499BCA}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{DFA895C0-679E-436F-8419-A9638F8C3C2E}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"UDP Query User{E2ACAE8F-5894-4A0C-8359-C9ECB0697F8E}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"UDP Query User{E6A16FE1-5917-4772-9495-F28B7A060C84}C:\program files (x86)\sick beard\sickbeard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sick beard\sickbeard.exe | 
"UDP Query User{E725C32B-5965-43C2-B6DE-64CFBDFEAFFF}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"UDP Query User{EA71B5D4-7B6D-4A48-B684-8786B5041E5E}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe | 
"UDP Query User{EF888FAA-C474-427E-81D7-BA256079CC99}C:\program files (x86)\ffsplit\ffsplit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ffsplit\ffsplit.exe | 
"UDP Query User{F80756B3-0281-41BE-B8BE-084E3AEB6072}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{F8B944BD-55D1-4BF4-9955-CB5CD0329A7E}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{FAEA491A-4BDF-40FF-A1E9-1AA9F846D015}C:\program files (x86)\chatzilla\chatzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\chatzilla\chatzilla.exe | 
"UDP Query User{FD3F0A0C-7544-40D0-A0F9-2805E800C497}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230C9C86-26A9-437F-8152-34D5F4C3F680}" = Oracle VM VirtualBox 4.2.18
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3B09F409-9BBC-4794-86D9-FC40F9A0EB05}" = Soluto
"{3F5F509B-E226-417C-8CD1-CAAE756C328A}" = paint.net 4.0 Pre-Release
"{470F4A33-DA87-4CF5-9E5A-42BD4F218B39}_is1" = My MP4Box GUI 0.5.6.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E6F6CE8-1A35-4629-A550-376D4FF74F9B}" = ESET Smart Security
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{661BB54F-5E4A-45F0-8153-DDF10C2E3FB7}_is1" = Easy 7-Zip v0.1.2
"{67D8297A-A990-4511-AEC5-5652DAAFC2D6}" = System Requirements Lab for Intel (64-bit)
"{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1" = Genymotion version 2.2.0
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DA1935-2F04-4AFF-BE48-085CCC7BD0CB}" = Microsoft Research Cliplets
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"0630-0716-3135-7887" = JDownloader 2
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.155
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"Defraggler" = Defraggler
"EnhanceMySe7en_is1" = EnhanceMySe7en
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.10" = GPL Ghostscript
"HWiNFO64_is1" = HWiNFO64 Version 4.12
"jdownloader2" = JDownloader 2
"MediaCoder x64" = MediaCoder x64 0.8.11
"MediaTab" = MediaTab
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"PotPlayer64" = Daum PotPlayer 1.5.44465 x64 Edition
"Recuva" = Recuva
"Sandboxie" = Sandboxie 4.01.03 (64-bit)
"sp6" = Logitech SetPoint 6.32
"Speccy" = Speccy
"TeraCopy_is1" = TeraCopy 2.3 beta 2
"UDK-e0806743-1e7b-4e69-ba18-8a6a6c259ad5" = My Game Long Name
"VidCoder-x64_is1" = VidCoder 1.2.4 (x64)
"Waterfox 28.0 (x64 en-US)" = Waterfox 28.0 (x64 en-US)
"WhoCrashed_is1" = WhoCrashed 3.03
"XFast LAN" = XFast LAN v6.61
"ZUploader_is1" = ZUploader 4.7.2.2924
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 8.1.1
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.3.0
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0F7ACD8E-66FC-4C14-90B4-9C457CC73D6E}" = Developer Tools for UPnP Technologies
"{14C8CE46-C68C-461B-BCA9-E276A85851C6}" = TuneUp Utilities 2014 (en-US)
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}" = Adobe Flash Player 14 ActiveX
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 60
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1" = System Explorer 5.7.0
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}" = Microsoft Games for Windows - LIVE Redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1" = Adobe Update Management Tool
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B24ECDD-968F-4DF2-91E5-E4BFC7B72134}" = RSDLite
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}" = Plants vs. Zombies™
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6576B1CD-0CF5-4B5A-BC77-1921123A9CBC}_is1" = Lost Photos version 1.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{6877DBA1-8E75-4357-A85E-464EA163262C}_is1" = Portitle Extension 1.1
"{68958E07-E685-40DB-93D6-242FB25A091D}_is1" = WiFi Speaker version 1.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{82458834-6226-4A34-AE96-6907354F9F36}_is1" = FFsplit version 0.7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{876ab221-6562-4f34-9335-68fc92bb3f1b}" = Plex Media Server
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8988EA30-14EF-41DE-843E-DBD4CFAAA0AF}" = Plex Media Server
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{a55ac379-46b0-461a-95b1-fef5c08443f2}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A8A439-D0A2-434F-8CD5-39BA840B2F23}" = AirPlay WMC Client
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0DBC9A-422A-4888-A8E5-A32EC1779E68}_is1" = Sunrise Seven 1.2.61
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BD8F867A-0ACB-427D-A4F2-9AEE29FBF98B}" = PocketCloud Windows Companion
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BD96B1DF-2A2E-4ED1-B255-F8050DEB1B3D}" = Unified Remote
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C26C216B-5F6F-F81C-B620-C19F0F81FD4E}" = Nodewerk
"{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}" = Adobe Flash Player 14 Plugin
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7C8BE4E-428D-4AA9-B7D4-EA4313BDB90E}" = Autodesk SketchBook Pro 6
"{C82F9A8E-229B-4602-A410-71FED8D9EA39}" = ChatZilla
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1" = EVGA OC Scanner X 2.1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc
"{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DA5C2127-BE1D-4262-81BD-37D5386A7813}" = WOON Cloud Server
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50142F0-0C8A-4E22-BC2D-98968AB83CDA}" = TweetDeck
"{E82CE03D-A5FF-4A41-BA1D-E2B33D1F4134}" = CSV Splitter and Merger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1" = GPU Caps Viewer 1.16.0
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
"{FF0AB597-3396-46DB-85CA-9EAEDF5F1590}" = STREET FIGHTER IV BENCHMARK
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Afterburner" = MSI Afterburner 2.3.1
"Agomo" = Agomo
"Anti-Twin 2012-06-21 05.01.50" = Anti-Twin (Installation 6/21/2012)
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.98
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"Audacity_is1" = Audacity 2.0.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"Cablenut" = Cablenut 4.08
"Capsule" = Capsule
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.quasimondo.nodewerk" = Nodewerk
"DcUpdater_is1" = DcUpdater 1.30.01
"Disk Sorter" = Disk Sorter 4.0.27
"DivX Setup" = DivX Setup
"Electric Sheep" = Electric Sheep 2.7b34
"ESET Online Scanner" = ESET Online Scanner v3
"Everything" = Everything 1.3.2.645
"FaceWorks" = NVIDIA FaceWorks: Real-time Performance Capture Demo
"ffdshow_is1" = ffdshow v1.3.4530 [2014-02-09]
"Fiddler2" = Fiddler
"FiddlerSyntaxAddons" = Fiddler Syntax-Highlighting Addons
"Find and Run Robot_is1" = Find+Run Robot 2.105.01
"Fotor" = Fotor 1.1.0
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free Download Manager_is1" = Free Download Manager 3.9.3
"FrostWire 5" = FrostWire 5.3.6
"GCstar" = GCstar 1.6.1
"GIF Animator" = Microsoft GIF Animator
"GIF Optimizer_is1" = GIF Optimizer 2.0
"Glary Utilities 5" = Glary Utilities 5.1
"Google Chrome" = Google Chrome
"InfiniteCrisis_410193F41CAE" = InfiniteCrisis_410193F41CAE
"Inkscape" = Inkscape 0.48.4
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"JDs Auto Speed Tester" = JDs Auto Speed Tester
"KC Softwares DUMo_is1" = KC Softwares DUMo
"KC Softwares RAMExpert_is1" = KC Softwares RAMExpert
"KC Softwares SUMo_is1" = KC Softwares SUMo
"Logitech Vid" = Logitech Vid HD
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MagniDriver" = marvell 91xx driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Maxthon3" = Maxthon Cloud Browser
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"ModPlug Player v1.46_is1" = ModPlug Player
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBee" = MusicBee 2.0
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OnLive" = OnLive
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Opera 12.14.1738" = Opera 12.14
"Opera 20.0.1387.82" = Opera Stable 20.0.1387.82
"Origin" = Origin
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Pictomio" = Pictomio
"Pidgin" = Pidgin
"Plex Home Theater" = Plex Home Theater
"PrecisionX" = EVGA Precision X 3.0.1
"PS2 Emulator + BIOS_is1" = PS2 Emulator r5135 + BIOS
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"ReClock" = ReClock
"Rockstar Games Social Club" = Rockstar Games Social Club
"ScreenshotCaptor_is1" = Screenshot Captor 3.04.01
"Smoke" = Smoke demo by NVIDIA (remove only)
"SmoothDraw_is1" = SmoothDraw version 4.0.4
"SmoothVideo Project_is1" = SmoothVideo Project version 3.1.6
"SMPlayer" = SMPlayer 0.6.9
"Songbird-release-2311" = Songbird 2.0.0 (Build 2311)
"Splashtop Software Updater" = Splashtop Software Updater
"Steam App 105600" = Terraria
"Steam App 105800" = PixelJunk Eden
"Steam App 203160" = Tomb Raider
"Steam App 206500" = AirMech
"Steam App 209830" = Lone Survivor
"Steam App 210950" = Rune Classic
"Steam App 212680" = FTL: Faster Than Light
"Steam App 214560" = Mark of the Ninja
"Steam App 219890" = Antichamber
"Steam App 22000" = World of Goo
"Steam App 221910" = The Stanley Parable
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 224760" = FEZ
"Steam App 229480" = Dungeons & Dragons: Chronicles of Mystara
"Steam App 234330" = Marvel Puzzle Quest: Dark Reign
"Steam App 236090" = Dust: An Elysian Tail
"Steam App 249130" = LEGO MARVEL Super Heroes
"Steam App 26800" = Braid
"Steam App 29180" = Osmos
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 33460" = From Dust
"Steam App 400" = Portal
"Steam App 40700" = Machinarium
"Steam App 40810" = Super Meat Boy Editor
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 620" = Portal 2
"Synergy" = Synergy
"TabletDriver" = Tablet Driver V5.02
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TUGZip_is1" = TUGZip 3.5
"Tweaking.com - Hardware Identify" = Tweaking.com - Hardware Identify
"Universal Media Server" = Universal Media Server
"Uplay" = Uplay
"Uplay Install 274" = Watch_Dogs
"Virtual Volumes" = Virtual Volumes
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 2.1.3
"Wings 3D 1.5.1" = Wings 3D 1.5.1
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"wxDownload Fast_is1" = wxDownload Fast 0.6.0
"XnView_is1" = XnView 2.22
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7E07052F-A4CE-4932-B066-B9203888439F}_is1" = WindowsAndroid version 4.0.3
"{95981586-8D7F-49E9-9C7F-3AA704641471}_is1" = import.io
"0afbacc69ba325bb" = BeakiezFree
"Amazon Kindle" = Amazon Kindle
"Beakiez" = Beakiez
"Beakiez Demo" = Beakiez Demo
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Google+ Auto Backup" = Google+ Auto Backup
"HuluDesktop" = Hulu Desktop
"LastPass" = LastPass (uninstall only)
"MusicManager" = Music Manager
"MyPaint" = MyPaint 1.0.0
"Should I Remove It 1.0.4" = Should I Remove It
"Spotify" = Spotify
"Torque" = Torque
"UnityWebPlayer" = Unity Web Player
"Virtual Globe." = Virtual Globe.
"WinDirStat" = WinDirStat 1.1.2
"XBMC" = XBMC
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/12/2014 3:23:16 AM | Computer Name = Orpheus | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/13/2014 12:33:43 AM | Computer Name = Orpheus | Source = Application Hang | ID = 1002
Description = The program psi.exe version 3.0.0.3001 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1270    Start Time:
 01cf86c05835c6e7    Termination Time: 2    Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe
 
Report
 Id: e4c68ad8-f2b3-11e3-93c1-002522e0ab25  
 
Error - 6/13/2014 1:19:27 AM | Computer Name = Orpheus | Source = Application Hang | ID = 1002
Description = The program psi.exe version 3.0.0.9016 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1dc8    Start Time:
 01cf86c3c46364b4    Termination Time: 7    Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe
 
Report
 Id: 48f24110-f2ba-11e3-93c1-002522e0ab25  
 
Error - 6/13/2014 1:21:28 AM | Computer Name = Orpheus | Source = Application Hang | ID = 1002
Description = The program psi.exe version 3.0.0.9016 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 2198    Start Time:
 01cf86c70f73a871    Termination Time: 6    Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe
 
Report
 Id: 90d20c9b-f2ba-11e3-93c1-002522e0ab25  
 
Error - 6/13/2014 1:21:37 AM | Computer Name = Orpheus | Source = Application Error | ID = 1000
Description = Faulting application name: PSIA.exe, version: 3.0.0.9016, time stamp:
 0x52a1d50f  Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
 0x521ea8e7  Exception code: 0xc0000005  Fault offset: 0x000332b0  Faulting process id:
 0x1d14  Faulting application start time: 0x01cf86c35cd0d0b7  Faulting application path:
 C:\Program Files (x86)\Secunia\PSI\PSIA.exe  Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
 Id: 96e3f0cb-f2ba-11e3-93c1-002522e0ab25
 
Error - 6/13/2014 5:37:44 AM | Computer Name = Orpheus | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 6/13/2014 11:12:44 PM | Computer Name = Orpheus | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 6/13/2014 11:12:44 PM | Computer Name = Orpheus | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 6/13/2014 11:12:44 PM | Computer Name = Orpheus | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 6/14/2014 10:02:41 PM | Computer Name = Orpheus | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 6/11/2014 4:28:13 AM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 6/11/2014 4:52:26 AM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 6/11/2014 4:57:49 AM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 6/11/2014 3:17:53 PM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 6/11/2014 9:07:17 PM | Computer Name = Orpheus | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
 is 252.
 
Error - 6/13/2014 12:29:03 AM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 6/13/2014 11:13:07 PM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 6/14/2014 8:43:42 PM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 6/14/2014 8:43:42 PM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 6/14/2014 8:43:45 PM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
 


#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 AM

Posted 16 June 2014 - 12:34 AM

Hi Robert Headley, :)

Please uninstall the following security program while we are working with your PC. You may (although not necessary) re-install it after I declare you clean.
  • SUPERAntiSpyware
  • Panda Cloud Cleaner
  • Kaspersky Security Scan
  • Step #2 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • JDownloader 2
    • JDownloader 2
    • TuneUp Utilities 2014 (en-US)
    • Ph
    • Bl
    • Should I Remove It
    • TuneUp Utilities 2014
    • Agomo
    • FrostWire 5.3.6
 
  • Step #3 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • Vuze
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
 
  • Step #4 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #5 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 

Re-run OTL and click on Quick Scan and post the log when done.

 
  • Required Log(s):
    • AdwCleaner Log
    • Junkware Removal Tool Log
    • OTL.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 16 June 2014 - 05:09 PM

# AdwCleaner v3.212 - Report created 16/06/2014 at 17:03:03
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Robert - ORPHEUS
# Running from : C:\Users\Robert\Downloads\AdwCleaner (4).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_sb.scorecardresearch.com_0.localstorage
File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_sb.scorecardresearch.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.67
 
[ File : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&AF=110018&babsrc=SP_ss&mntrId=7cef6d92000000000000002522e0ab25
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322287&octid=EB_ORIGINAL_CTID&ISID=M0759F53F-739B-49FF-8B71-74582F01D311&SearchSource=58&CUI=&UM=5&UP=SP6A878BF8-E6BC-4C84-8551-941A56F95188&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://blekko.com/ws/+{searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [5866 octets] - [15/04/2014 13:57:14]
AdwCleaner[R1].txt - [1642 octets] - [12/05/2014 01:04:37]
AdwCleaner[R2].txt - [1751 octets] - [03/06/2014 04:30:30]
AdwCleaner[R3].txt - [1486 octets] - [07/06/2014 04:22:13]
AdwCleaner[R4].txt - [1546 octets] - [16/06/2014 17:02:12]
AdwCleaner[S0].txt - [5995 octets] - [15/04/2014 13:59:19]
AdwCleaner[S1].txt - [2639 octets] - [03/06/2014 04:32:51]
AdwCleaner[S2].txt - [2284 octets] - [16/06/2014 17:03:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2344 octets] ##########


#8 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 16 June 2014 - 05:16 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Robert on Mon 06/16/2014 at 17:10:16.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/16/2014 at 17:15:46.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 16 June 2014 - 05:18 PM

I do not know what PH and BI, they were not in the list, so I could not uninstall them. 



#10 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 16 June 2014 - 05:31 PM

OTL logfile created on: 6/16/2014 5:19:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 4.87 Gb Available Physical Memory | 61.50% Memory free
15.83 Gb Paging File | 11.84 Gb Available in Paging File | 74.79% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 63.55 Gb Free Space | 4.55% Space Free | Partition Type: NTFS
Drive D: | 6.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: ORPHEUS | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/16 17:18:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL (1).exe
PRC - [2014/06/16 17:01:32 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Robert\Downloads\JRT (1).exe
PRC - [2014/06/10 22:18:03 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/06/06 11:27:16 | 000,064,384 | ---- | M] (Google) -- C:\Users\Robert\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/06/02 20:25:48 | 000,792,864 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
PRC - [2014/05/29 18:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/05/29 12:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/13 22:42:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWOW64\drivers\WTSRV.EXE
PRC - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012/12/22 04:58:46 | 000,040,832 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 22:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/10 22:18:01 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\ppgooglenaclpluginchrome.dll
MOD - [2014/06/10 22:17:59 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\pdf.dll
MOD - [2014/06/10 22:17:56 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\libglesv2.dll
MOD - [2014/06/10 22:17:54 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\libegl.dll
MOD - [2014/06/10 22:17:53 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\ffmpegsumo.dll
MOD - [2014/06/02 20:26:40 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
MOD - [2014/05/29 12:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 12:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/16 20:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/01 18:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 19:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 19:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 19:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 19:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 19:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/29 18:28:54 | 021,055,432 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/10/31 22:15:56 | 000,078,064 | ---- | M] (UC-Logic Technology Corp.) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2013/10/30 04:45:38 | 000,043,320 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/02 23:55:24 | 000,423,424 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Synergy\synergyd.exe -- (Synergy)
SRV:64bit: - [2013/03/07 15:27:20 | 000,169,048 | ---- | M] (Sandboxie Holdings, LLC) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/09/13 21:09:42 | 000,603,704 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/07/04 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [On_Demand | Stopped] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2014/06/13 00:19:20 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/05 23:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/29 18:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/13 22:42:47 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\drivers\WTSRV.EXE -- (WinTabService)
SRV - [2014/05/13 22:42:39 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\nvvsvc.exe -- (nvsvc)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2014/05/08 08:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/09 10:59:59 | 002,153,792 | ---- | M] (IObit) [On_Demand | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/30 03:15:27 | 000,075,136 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/30 04:45:38 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/10/10 16:19:42 | 000,088,424 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/08 00:21:14 | 000,583,968 | ---- | M] (Splashtop Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/04/17 20:13:58 | 000,936,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Everything\Everything.exe -- (Everything)
SRV - [2013/01/28 16:22:50 | 000,551,264 | ---- | M] (Splashtop Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/11/25 05:13:12 | 000,821,720 | ---- | M] (Mister Group) [On_Demand | Stopped] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/14 06:47:54 | 000,020,672 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV:64bit: - [2014/05/29 18:28:53 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/03/31 11:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/01/06 13:32:04 | 000,041,192 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vbaudio_vmvaio64_win7.sys -- (VBAudioVMVAIOMME)
DRV:64bit: - [2013/11/28 08:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/09/30 17:26:50 | 000,019,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/09/30 17:26:48 | 000,012,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/09/17 14:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/09/17 14:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/09/17 14:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013/09/17 14:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/09/17 14:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013/09/06 15:25:40 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/04/29 09:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2013/03/09 18:31:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/03/07 15:27:18 | 000,196,824 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/04 18:41:59 | 000,030,112 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2013/01/31 04:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/12/22 04:58:10 | 000,027,520 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2012/12/22 04:58:06 | 000,032,128 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2012/12/22 04:58:00 | 000,022,912 | ---- | M] (UC-Logic Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2012/12/22 04:57:54 | 000,032,128 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/09/13 21:03:14 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/15 16:32:14 | 001,071,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/25 01:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/04 05:22:16 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/10/04 05:22:12 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_MODEM.sys -- (ViaUsbModemDriver)
DRV:64bit: - [2011/10/04 05:22:12 | 000,021,760 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_ETS.sys -- (VIA_USB_ETS)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/05 10:14:34 | 000,019,568 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\evdd.sys -- (Evdd)
DRV:64bit: - [2011/09/05 10:14:00 | 000,205,512 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cumon.sys -- (cumon)
DRV:64bit: - [2011/09/02 01:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/17 07:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/08/17 07:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011/04/08 06:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 20:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 15:53:12 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qrkis.sys -- (qrkis)
DRV:64bit: - [2010/10/31 08:54:56 | 000,012,024 | ---- | M] (ZoneOS) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zsport.sys -- (zonescreen)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/11 15:37:14 | 000,015,368 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009/12/01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/18 08:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/09/25 09:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,start page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =  http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =  http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{9172C2C2-6A19-410b-AFF5-FB10704B0D41}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGAIDF&install_date=20111201&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{EE470B40-5287-4F5B-88B1-A255DC7A5CCA}: "URL" = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://localhost:9614
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: greasefire%40skrul.com:1.0.8
FF - prefs.js..extensions.enabledAddons: html5notifications%40paxal.net:1.2.4
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B8620c15f-30dc-4dba-a131-7c5d20cf4a29%7D:3.7
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: %7B677a8f98-fd64-40b0-a883-b8c95d0cbf17%7D:0.6
FF - prefs.js..extensions.enabledAddons: %7B95322c08-05ff-4f3c-85fd-8ceb821988dd%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.98
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120922-0402: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Robert\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2014/06/09 23:49:17 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 28.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 28.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2013/10/30 13:06:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/26 22:10:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014/06/09 23:49:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/04 07:01:10 | 000,000,000 | ---D | M]
 
[2012/09/14 18:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2012/09/14 18:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2011/12/03 09:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/03 09:10:09 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2014/05/10 10:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions
[2013/11/26 02:22:24 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2014/03/31 23:28:46 | 000,000,000 | ---D | M] (Hola Unblocker) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\jid1-4P0kohSJxU1qGg@jetpack
[2014/05/10 10:58:45 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\support@lastpass.com
[2012/09/15 17:52:14 | 005,438,448 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\greasefire@skrul.com.xpi
[2013/12/05 13:42:40 | 000,048,516 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\html5notifications@paxal.net.xpi
[2013/12/07 01:17:59 | 000,173,536 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\jid0-2XdU72GlY0qYebdQ9MsfVfaVmiI@jetpack.xpi
[2014/03/08 05:49:47 | 000,667,234 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\jid1-cwbvBTE216jjpg@jetpack.xpi
[2013/12/07 01:17:59 | 000,494,053 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2014/03/31 23:28:37 | 000,018,538 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\pure-url@jetpack.xpi
[2013/11/26 02:22:24 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/09/15 17:42:24 | 000,004,172 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{1823e248-6bf4-f6f1-7901-65a68e8b6c1e}.xpi
[2014/05/10 10:58:43 | 000,383,888 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014/05/10 10:58:43 | 000,021,105 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
[2014/05/10 10:58:43 | 000,537,316 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/05/10 10:58:43 | 000,018,565 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi
[2013/04/03 18:29:09 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/03/08 05:49:47 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ovn0u3a9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/03/25 16:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/13 00:17:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/17 06:22:46 | 000,081,920 | ---- | M] (Kaneva, LLC.) -- C:\Program Files (x86)\mozilla firefox\plugins\npkanevapatch.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.67\pdf.dll
CHR - plugin: Kaneva WOK Patch Plugin for Mozilla 3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkanevapatch.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DownTango Browser Plugin (Disabled) = C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npDownTango.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Disabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Game Client Detector (Disabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: ArcPlugin (Enabled) = C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live™ Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Robert\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Disabled) = C:\Users\Robert\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Robert\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni\0.1.22_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp\0.5.5_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.15_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\djifpbcmaphjihhelcdeannijfelfnbh\2.0_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\12.5_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaadakhobebhpoonppeechkocilojle\1.0.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekbocpjgbpkkheehgnimdnkmkapkagap\2.4.4_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf\3.8.4120_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.4.25_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdahehpjbafoalhcjgpbkkdibnamehm\1.0_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcplneddoadgichngfbobgpllfphdfla\0.2.1.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.33_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfacpfhgpmaifaanbmgbbjkfgelookom\1.0_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14214.1344_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm\2.0.0.6_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd\1.20_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.2.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmligehjhghebleanjcmenomghmcohn\1.3.10.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl\0.0.7.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.45_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\0.2.1.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf\0.9.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.604.433.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhklgmkbkbcpfdocajomkcbjmeeamnj\0.9.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbifknmclbnmjlljdemhjjlkmppjjl\0.4.12_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\17.1.8_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\6.3_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.2.2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh\2_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\
CHR - Extension: No name found = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn\4.1.308_0\
 
O1 HOSTS File: ([2013/10/30 17:52:56 | 000,000,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_8CC0C224CAA679A6B63017BE99A17B85] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe (Glarysoft Ltd)
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2013/06/13 22:32:41 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.3.0.cab (SysInfo Class)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11F2AEA9-2868-4B38-96CE-39AAD003B7E5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2AEC1C2-AC57-4277-9DC4-F2CD523A0F02}: DhcpNameServer = 24.220.0.10 24.220.0.11
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2013/02/07 14:09:34 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2014/06/03 03:20:03 | 000,020,844 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (PCloudBroom64.exe \systemroot\system32\BroomData.bit)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/16 16:55:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\.appwork
[2014/06/15 15:29:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\Downloads\Desktop\New folder (2)
[2014/06/14 06:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
[2014/06/14 06:47:54 | 000,020,672 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2014/06/14 06:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 5
[2014/06/14 06:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014/06/14 06:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014/06/14 06:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codebox
[2014/06/14 00:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy 7-Zip
[2014/06/14 00:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Easy 7-Zip
[2014/06/11 20:40:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/06/11 19:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SVP 3.1
[2014/06/11 19:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReClock
[2014/06/11 19:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReClock
[2014/06/11 19:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2014/06/11 19:07:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2014/06/11 19:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2014/06/11 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SVP 3.1
[2014/06/11 19:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SVP
[2014/06/11 18:53:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Quixel
[2014/06/11 18:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quixel
[2014/06/11 18:28:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Skype
[2014/06/11 18:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/06/11 18:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/06/11 03:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2014/06/11 03:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2014/06/11 03:51:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\MPC-HC
[2014/06/11 03:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/06/11 03:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/06/11 00:31:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\Downloads\Desktop\Cliffhorse
[2014/06/09 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\ESET
[2014/06/09 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ESET
[2014/06/09 23:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014/06/09 23:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014/06/09 23:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/06/09 22:53:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Audacity
[2014/06/09 22:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2014/06/08 10:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2014/06/07 16:04:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/07 05:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/06/07 05:25:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/06/07 05:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/06/07 04:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/06/07 03:14:58 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Robert\Downloads\Desktop\dds.com
[2014/06/07 03:05:57 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\Robert\Downloads\Desktop\HijackThis.exe
[2014/06/05 10:11:52 | 000,269,312 | ---- | C] (Panda Security) -- C:\Windows\SysNative\WPApi64.dll
[2014/06/05 10:11:52 | 000,197,600 | ---- | C] (Panda Security) -- C:\Windows\SysNative\PavTrc64.dll
[2014/06/05 10:11:52 | 000,177,664 | ---- | C] (Panda Security) -- C:\Windows\SysWow64\WPApi.dll
[2014/06/05 10:11:52 | 000,153,568 | ---- | C] (Panda Security) -- C:\Windows\SysWow64\PavTrc.dll
[2014/06/05 05:58:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unified Remote
[2014/06/05 05:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unified Remote
[2014/06/04 14:50:03 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2014/06/04 14:47:15 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2014/06/04 07:26:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\robertheadley
[2014/06/04 07:09:23 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2014/06/04 07:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/06/04 07:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/06/04 06:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/06/04 06:53:53 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUISkin.dll
[2014/06/04 06:53:53 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/06/04 06:53:53 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUH.dll
[2014/06/04 06:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/06/03 04:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/06/03 03:44:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\Doctor Web
[2014/06/03 02:29:12 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/03 02:09:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\NPE
[2014/05/28 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Waterfox
[2014/05/27 07:20:54 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\EmieUserList
[2014/05/27 07:20:54 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\EmieSiteList
[2014/05/27 05:20:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\xinorbis
[2014/05/27 05:20:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xinorbis6
[2014/05/27 05:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xinorbis6
[2014/05/27 05:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\freshney.org
[2014/05/27 01:14:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Green Man Gaming
[2014/05/27 01:14:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Capsule Utilities
[2014/05/27 01:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Capsule
[2014/05/26 21:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2014/05/26 16:49:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/05/21 15:30:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeakiezFree
[2014/05/21 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/16 17:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/16 17:12:55 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/16 17:12:55 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/16 17:11:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/16 17:05:17 | 000,000,392 | ---- | M] () -- C:\BackupLoader.ini
[2014/06/16 17:05:16 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/06/16 17:04:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/16 17:04:03 | 2078,724,095 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/16 17:03:30 | 000,000,012 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2014/06/16 00:29:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299517775-3806166994-2066899608-1000Core1cec98d444bec6b.job
[2014/06/16 00:29:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299517775-3806166994-2066899608-1000UA1cec98d47cd7f2f.job
[2014/06/14 07:09:29 | 000,001,110 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk
[2014/06/14 07:09:29 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2014/06/14 06:48:04 | 000,001,104 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/06/14 06:48:04 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/06/14 06:47:54 | 000,020,672 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2014/06/14 00:28:47 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\7-Zip File Manager.lnk
[2014/06/13 00:17:59 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/13 00:16:39 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014/06/13 00:14:28 | 000,001,795 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\XnView.lnk
[2014/06/13 00:14:28 | 000,000,943 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2014/06/13 00:14:25 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2014/06/11 19:36:36 | 000,006,144 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/11 19:09:08 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Configure ReClock.lnk
[2014/06/11 03:57:38 | 000,001,382 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/06/11 03:57:38 | 000,001,358 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2014/06/11 03:49:09 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/06/11 03:05:37 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/10 19:32:37 | 000,000,483 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/10 19:22:53 | 000,001,962 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\MPC-HC x64.lnk
[2014/06/09 22:53:49 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/06/08 06:05:32 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2014/06/07 05:25:54 | 000,003,217 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Sophos Virus Removal Tool.lnk
[2014/06/07 04:34:58 | 000,002,109 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Tweaking.com - Hardware Identify.lnk
[2014/06/07 03:56:08 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/07 03:15:01 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Robert\Downloads\Desktop\dds.com
[2014/06/05 05:58:00 | 000,001,041 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Unified Remote.lnk
[2014/06/04 15:35:50 | 000,000,706 | ---- | M] () -- C:\Windows\SysWow64\BroomData.bit
[2014/06/04 14:37:53 | 000,255,258 | ---- | M] () -- C:\ProgramData\1401910602.bdinstall.bin
[2014/06/04 08:06:59 | 000,478,557 | ---- | M] () -- C:\ProgramData\1401887156.bdinstall.bin
[2014/06/04 07:17:22 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/06/04 07:11:01 | 000,498,034 | ---- | M] () -- C:\ProgramData\1401883582.bdinstall.bin
[2014/06/04 06:58:50 | 000,001,636 | ---- | M] () -- C:\ProgramData\1401882805.384.bin
[2014/06/04 06:58:00 | 000,035,265 | ---- | M] () -- C:\ProgramData\1401882805.7876.bin
[2014/06/04 06:57:06 | 000,114,601 | ---- | M] () -- C:\ProgramData\1401882805.8024.bin
[2014/06/04 06:57:04 | 000,032,432 | ---- | M] () -- C:\ProgramData\1401882805.1856.bin
[2014/06/04 06:54:43 | 000,012,181 | ---- | M] () -- C:\ProgramData\1401882805.7688.bin
[2014/06/04 06:54:24 | 000,001,090 | ---- | M] () -- C:\ProgramData\1401882805.2756.bin
[2014/06/04 06:54:24 | 000,001,090 | ---- | M] () -- C:\ProgramData\1401882805.1220.bin
[2014/06/04 06:54:22 | 000,017,887 | ---- | M] () -- C:\ProgramData\1401882805.7224.bin
[2014/06/04 06:54:22 | 000,010,351 | ---- | M] () -- C:\ProgramData\1401882805.8052.bin
[2014/06/04 06:54:22 | 000,000,783 | ---- | M] () -- C:\ProgramData\1401882805.7204.bin
[2014/06/04 06:53:50 | 000,003,735 | ---- | M] () -- C:\ProgramData\1401882805.2416.bin
[2014/06/04 06:52:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/06/03 01:39:32 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/30 03:27:28 | 000,000,132 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/05/28 12:30:33 | 000,961,835 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\130207_mpaa_rating-poster.pdf
[2014/05/27 07:20:53 | 000,104,548 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Contig.zip
[2014/05/27 04:46:28 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014/05/27 01:14:26 | 000,001,087 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Capsule.lnk
[2014/05/25 23:59:12 | 000,251,886 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Dakotalapse.jpg
[2014/05/24 21:09:20 | 001,717,682 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\phonecomparison.png
[2014/05/24 21:02:42 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\paint.net.lnk
[2014/05/24 02:38:31 | 000,699,618 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\SNL_1185_14_Brian_Fellows.png
[2014/05/21 17:05:44 | 002,071,713 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\box.gif
[2014/05/20 18:47:13 | 000,234,567 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\scottstapp.png
[2014/05/20 03:07:53 | 000,391,262 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\Cervical-Infographic.jpg
[2014/05/20 02:33:42 | 000,391,262 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\PreventCervicalCancer.jpg
[2014/05/19 21:44:03 | 000,026,069 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/05/17 22:58:32 | 000,046,331 | ---- | M] () -- C:\Users\Robert\Downloads\Desktop\CrowBar.jpg
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/14 07:09:29 | 000,001,110 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk
[2014/06/14 07:09:29 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2014/06/14 06:48:04 | 000,001,104 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/06/14 06:48:04 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
[2014/06/14 06:48:04 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/06/14 06:47:58 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/06/14 06:47:54 | 000,000,392 | ---- | C] () -- C:\BackupLoader.ini
[2014/06/14 00:28:47 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\7-Zip File Manager.lnk
[2014/06/13 00:17:59 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/13 00:14:28 | 000,001,795 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\XnView.lnk
[2014/06/13 00:14:25 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2014/06/13 00:14:25 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2014/06/13 00:13:33 | 000,000,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2014/06/11 19:09:08 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Configure ReClock.lnk
[2014/06/11 19:08:50 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/06/11 14:41:05 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014/06/11 03:57:38 | 000,001,382 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/06/11 03:57:38 | 000,001,358 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2014/06/11 03:49:09 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/06/10 19:22:53 | 000,001,962 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\MPC-HC x64.lnk
[2014/06/09 22:53:49 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/06/09 22:53:49 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/06/07 05:25:54 | 000,003,217 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Sophos Virus Removal Tool.lnk
[2014/06/07 04:34:58 | 000,002,109 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Tweaking.com - Hardware Identify.lnk
[2014/06/05 05:58:00 | 000,001,041 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Unified Remote.lnk
[2014/06/04 15:35:51 | 000,022,752 | ---- | C] () -- C:\Windows\SysNative\PCloudBroom64.exe
[2014/06/04 15:35:50 | 000,000,706 | ---- | C] () -- C:\Windows\SysWow64\BroomData.bit
[2014/06/04 14:59:47 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2014/06/04 14:37:53 | 000,255,258 | ---- | C] () -- C:\ProgramData\1401910602.bdinstall.bin
[2014/06/04 08:06:59 | 000,478,557 | ---- | C] () -- C:\ProgramData\1401887156.bdinstall.bin
[2014/06/04 07:11:01 | 000,498,034 | ---- | C] () -- C:\ProgramData\1401883582.bdinstall.bin
[2014/06/04 06:58:24 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/06/04 06:54:34 | 000,001,636 | ---- | C] () -- C:\ProgramData\1401882805.384.bin
[2014/06/04 06:53:52 | 000,010,351 | ---- | C] () -- C:\ProgramData\1401882805.8052.bin
[2014/06/04 06:53:52 | 000,000,783 | ---- | C] () -- C:\ProgramData\1401882805.7204.bin
[2014/06/04 06:53:46 | 000,017,887 | ---- | C] () -- C:\ProgramData\1401882805.7224.bin
[2014/06/04 06:53:46 | 000,012,181 | ---- | C] () -- C:\ProgramData\1401882805.7688.bin
[2014/06/04 06:53:46 | 000,001,090 | ---- | C] () -- C:\ProgramData\1401882805.2756.bin
[2014/06/04 06:53:46 | 000,001,090 | ---- | C] () -- C:\ProgramData\1401882805.1220.bin
[2014/06/04 06:53:37 | 000,003,735 | ---- | C] () -- C:\ProgramData\1401882805.2416.bin
[2014/06/04 06:53:29 | 000,035,265 | ---- | C] () -- C:\ProgramData\1401882805.7876.bin
[2014/06/04 06:53:29 | 000,032,432 | ---- | C] () -- C:\ProgramData\1401882805.1856.bin
[2014/06/04 06:53:25 | 000,114,601 | ---- | C] () -- C:\ProgramData\1401882805.8024.bin
[2014/06/03 01:39:32 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/28 12:30:33 | 000,961,835 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\130207_mpaa_rating-poster.pdf
[2014/05/27 07:20:53 | 000,104,548 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Contig.zip
[2014/05/27 07:03:52 | 000,492,488 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\PowerDefragmenter.exe
[2014/05/27 04:46:28 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014/05/27 01:14:26 | 000,001,181 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Capsule.lnk
[2014/05/27 01:14:26 | 000,001,087 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Capsule.lnk
[2014/05/26 19:13:52 | 000,022,807 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\1323328915204.jpg
[2014/05/26 19:13:48 | 000,024,187 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\1323328914308.jpg
[2014/05/26 19:12:42 | 000,018,514 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\1323328927728.jpg
[2014/05/25 23:59:12 | 000,251,886 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Dakotalapse.jpg
[2014/05/24 21:09:16 | 001,717,682 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\phonecomparison.png
[2014/05/24 21:02:42 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\paint.net.lnk
[2014/05/24 02:38:29 | 000,699,618 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\SNL_1185_14_Brian_Fellows.png
[2014/05/21 17:05:44 | 002,071,713 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\box.gif
[2014/05/20 18:47:12 | 000,234,567 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\scottstapp.png
[2014/05/20 03:07:53 | 000,391,262 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\Cervical-Infographic.jpg
[2014/05/20 02:33:41 | 000,391,262 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\PreventCervicalCancer.jpg
[2014/05/17 22:58:25 | 000,046,331 | ---- | C] () -- C:\Users\Robert\Downloads\Desktop\CrowBar.jpg
[2014/05/17 11:51:15 | 000,000,218 | ---- | C] () -- C:\Users\Robert\AppData\Local\recently-used.xbel
[2014/05/13 22:42:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wuauclt.exe
[2014/05/13 22:42:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\WTSRV.EXE
[2014/05/13 22:42:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2014/05/13 22:42:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2014/05/13 22:42:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\conhost.exe
[2014/05/13 22:42:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nvvsvc.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2014/05/13 22:34:03 | 000,000,010 | ---- | C] () -- C:\Users\Robert\AppData\Local\sponge.last.runtime.cache
[2014/03/22 01:37:35 | 001,065,984 | ---- | C] () -- C:\Users\Robert\AppData\Local\file__0.localstorage
[2014/02/20 18:14:02 | 000,179,377 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2014/02/15 12:18:32 | 000,000,132 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/02/05 01:31:10 | 000,000,180 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\licecap.ini
[2014/01/06 18:11:22 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2014/01/06 18:11:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2014/01/06 13:37:47 | 000,001,080 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\VoiceMeeterDefault.xml
[2014/01/05 01:51:42 | 000,004,142 | ---- | C] () -- C:\Windows\Tablet10000x6250.M0800.ini
[2013/12/28 01:53:03 | 000,000,107 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/12/24 02:24:08 | 000,341,912 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2013/11/30 03:15:26 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/11/26 06:36:01 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/11/26 06:36:01 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/11/26 06:36:01 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat
[2013/11/23 22:27:30 | 000,002,605 | ---- | C] () -- C:\Users\Robert\WowPorn.13.11.16.Mia.A.Busy.Evening.XXX.1080p.MP4-KTR[rarbg], Twistys.13.11.19.Blanche.Bradburry.Cum....zip.aria2
[2013/10/26 21:58:27 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2013/10/26 21:57:58 | 000,000,551 | ---- | C] () -- C:\Windows\Qiii.INI
[2013/10/15 10:29:21 | 000,019,832 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2013/10/15 05:05:01 | 000,251,599 | ---- | C] () -- C:\ProgramData\1381831218.bdinstall.bin
[2013/10/15 01:35:16 | 000,838,123 | ---- | C] () -- C:\ProgramData\1381817753.bdinstall.bin
[2013/10/15 01:12:47 | 000,355,327 | ---- | C] () -- C:\ProgramData\1381817222.bdinstall.bin
[2013/10/15 01:04:58 | 000,080,884 | ---- | C] () -- C:\ProgramData\1381816971.bdinstall.bin
[2013/10/15 01:02:50 | 000,022,985 | ---- | C] () -- C:\ProgramData\1381816967.bdinstall.bin
[2013/10/15 00:25:17 | 000,177,796 | ---- | C] () -- C:\ProgramData\1381814162.bdinstall.bin
[2013/10/15 00:06:05 | 000,002,054 | ---- | C] () -- C:\ProgramData\1381813563.496.bin
[2013/10/15 00:06:03 | 000,026,900 | ---- | C] () -- C:\ProgramData\1381813563.4432.bin
[2013/10/15 00:05:24 | 000,030,589 | ---- | C] () -- C:\ProgramData\1381813476.bdinstall.bin
[2013/09/17 14:29:26 | 000,012,005 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\alsoft.ini
[2013/04/18 18:59:52 | 000,001,046 | ---- | C] () -- C:\Users\Robert\1EB5B89A24D0C0BE21CEC185547D6A2FC388F356, sweet_seduction-720.mp4, 9EB8E0594705A834FB298E302E9195467....zip.aria2
[2013/04/10 20:05:56 | 000,002,034 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/04/09 23:04:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 23:04:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 23:04:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 23:04:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 23:04:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/09 08:58:18 | 000,976,857 | ---- | C] () -- C:\Users\Robert\AppData\Local\census.cache
[2013/02/09 08:56:04 | 000,161,684 | ---- | C] () -- C:\Users\Robert\AppData\Local\ars.cache
[2013/02/09 08:45:29 | 000,000,036 | ---- | C] () -- C:\Users\Robert\AppData\Local\housecall.guid.cache
[2013/02/07 16:52:54 | 000,007,252 | ---- | C] () -- C:\Users\Robert\AppData\Local\Temp7.html
[2013/02/07 12:53:28 | 000,003,657 | ---- | C] () -- C:\Windows\Tablet10000x6250M.ini
[2013/01/02 20:31:17 | 000,004,849 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\wifi_speakers.dat
[2012/12/22 04:25:57 | 000,002,443 | ---- | C] () -- C:\Users\Robert\wxDownloadFast.ini
[2012/12/14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/12/09 23:48:30 | 000,109,256 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2012/12/09 23:48:30 | 000,090,824 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012/12/08 06:21:10 | 000,000,489 | ---- | C] () -- C:\Users\Robert\.swfinfo
[2012/11/11 00:47:37 | 000,001,477 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2012/11/11 00:42:21 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2012/11/08 02:20:01 | 000,209,697 | ---- | C] () -- C:\Users\Robert\final_bstSnapshot_15086.jpg
[2012/09/28 14:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/20 00:49:38 | 000,000,345 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Digital Clock_Settings.ini
[2012/09/20 00:34:16 | 000,000,252 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\GPU MeterV2_Settings.ini
[2012/09/20 00:34:00 | 000,000,530 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012/09/20 00:33:44 | 000,000,352 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Network Meter_Settings.ini
[2012/05/07 03:31:21 | 000,000,132 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/04/22 19:10:59 | 000,006,144 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/22 17:02:42 | 000,001,456 | ---- | C] () -- C:\Users\Robert\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/04/02 06:06:26 | 000,003,437 | ---- | C] () -- C:\Users\Robert\unigine_20120402_0606.html
[2012/01/01 20:12:07 | 000,012,399 | ---- | C] () -- C:\Users\Robert\AppData\Local\Temp10.html
[2011/12/30 20:21:24 | 000,007,605 | ---- | C] () -- C:\Users\Robert\AppData\Local\resmon.resmoncfg
[2011/12/17 20:08:35 | 000,001,955 | ---- | C] () -- C:\Users\Robert\AppData\Local\Temp1.html
[2011/12/17 19:21:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/07 23:51:05 | 000,000,094 | ---- | C] () -- C:\Users\Robert\AppData\Local\fusioncache.dat
[2011/12/07 23:12:57 | 000,000,058 | ---- | C] () -- C:\Users\Robert\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011/12/05 23:36:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/03 09:47:26 | 000,001,016 | ---- | C] () -- C:\Users\Robert\ono.properties
[2011/12/01 18:11:01 | 000,000,003 | ---- | C] () -- C:\Users\Robert\AppData\Local\user_data.ini
[2011/12/01 07:23:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\droidcam-settings
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/28 20:24:29 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.minecraft
[2013/02/12 09:21:05 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.purple
[2012/04/15 04:51:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.Tribler
[2012/04/26 00:06:55 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Ableton
[2012/09/15 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Acapela Group
[2013/02/07 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Ambient Design
[2013/10/12 01:30:35 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Arc
[2014/06/15 08:43:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Audacity
[2013/02/07 14:10:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Autodesk
[2012/12/09 23:27:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Avant Downloader
[2013/11/20 02:12:24 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\AVAST Software
[2013/11/07 08:21:35 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\avidemux
[2013/11/23 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Awesomium
[2013/03/02 07:28:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Azureus
[2012/04/04 00:40:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BigHugeEngine
[2012/08/06 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Binreader
[2012/05/28 06:15:21 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bioshock
[2014/04/09 11:14:53 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bitcoin
[2013/01/16 17:02:01 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BITS
[2013/09/11 03:41:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Braid
[2012/04/28 20:19:31 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Broad Intelligence
[2011/12/15 04:49:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Canneverbe Limited
[2012/06/28 01:06:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Carbon
[2014/02/16 08:02:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ChatZilla
[2013/02/10 22:14:53 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/13 04:54:20 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ColorCop
[2013/02/16 11:32:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\com.adobe.WidgetBrowser
[2012/12/27 02:35:01 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\com.quasimondo.nodewerk
[2014/01/17 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\com.ynab.YNAB4.LiveSteam
[2012/10/05 23:36:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/08/03 13:20:04 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\cYo
[2014/06/07 04:30:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DigitalVolcano
[2011/12/07 23:12:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DonationCoder
[2013/09/20 03:51:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Doublefine
[2014/06/15 02:22:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Dropbox
[2014/06/14 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DropboxMaster
[2012/09/15 17:19:10 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DRPSu
[2012/09/06 01:30:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Easeware
[2012/09/28 01:41:28 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\enchant
[2012/12/28 20:54:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\EQATEC Analytics
[2014/06/09 23:50:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ESET
[2013/11/30 09:51:20 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Everything
[2013/08/30 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FastCopy
[2013/09/27 20:03:16 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FEZ
[2013/11/07 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FFsplit
[2013/02/11 06:40:20 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Filedrop
[2013/01/19 22:57:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FlashgetSetup
[2012/07/07 22:40:36 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\fltk.org
[2013/11/06 00:07:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\foobar2000
[2013/05/14 21:36:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Foxit Software
[2014/06/15 10:48:04 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Free Download Manager
[2013/12/28 01:35:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\gcstar
[2014/06/14 06:48:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\GlarySoft
[2012/07/08 04:16:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Gmote
[2013/12/28 01:35:54 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\gtk-2.0
[2012/06/02 02:44:32 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Hackety Hack
[2012/04/03 02:20:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\HandBrake
[2014/05/07 06:45:44 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\import.io
[2014/05/17 11:47:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\inkscape
[2012/12/09 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Internet Download Accelerator
[2013/12/05 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\IObit
[2012/06/21 04:45:55 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\jdast
[2012/06/21 04:47:55 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\jdnetmon
[2012/04/22 23:04:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Kaneva
[2014/04/12 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\KC Softwares
[2011/12/16 14:20:43 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Leadertech
[2012/07/21 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Lionhead Studios
[2012/09/21 01:47:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Locate32
[2012/09/07 20:18:01 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\LucasArts
[2013/04/09 20:45:18 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Maxthon3
[2014/06/11 03:51:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MPC-HC
[2013/02/17 08:24:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MusicBee
[2013/01/13 14:14:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\NeatImage PS 64
[2014/04/11 05:36:49 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Notepad++
[2013/11/05 02:38:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\OBS
[2011/12/04 09:55:27 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\OnLive App
[2012/05/29 23:55:30 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\OpenDNS Updater
[2012/11/16 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Opera
[2013/08/07 18:47:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Opera Software
[2014/04/02 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Oracle
[2013/04/19 21:44:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Orbit
[2013/10/10 05:58:48 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Origin
[2012/09/15 17:08:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PACE Anti-Piracy
[2012/04/12 03:32:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PDAppFlex
[2013/10/24 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PhotoScape
[2014/01/01 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Plex Home Theater
[2013/10/24 23:45:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Portitle
[2014/01/16 23:08:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PotPlayer64
[2013/05/27 19:47:03 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PotPlayerMini64
[2014/03/08 08:00:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ProductData
[2012/11/10 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ProgSense
[2014/06/03 04:56:17 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\QuickScan
[2011/12/02 00:39:28 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\runic games
[2011/12/17 02:39:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Screaming Bee
[2012/04/15 01:31:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SecondLife
[2012/05/09 01:43:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SeriousBit
[2012/04/27 00:57:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Shareaza
[2011/12/17 19:29:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Soluto
[2012/09/14 18:28:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Songbird2
[2013/11/07 12:52:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SplitMediaLabs
[2012/10/21 00:11:13 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Spotify
[2012/09/15 16:06:48 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/20 02:21:35 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SystemRequirementsLab
[2013/02/04 18:52:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TeamViewer
[2013/06/20 22:49:37 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TeraCopy
[2013/06/12 21:54:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Tether
[2012/10/27 05:10:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Titanium
[2014/05/24 04:44:27 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\tixati
[2013/09/17 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Trine2
[2013/11/30 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TuneUp Software
[2012/08/03 07:07:04 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Unified Remote
[2012/06/16 03:04:42 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Unity
[2012/04/28 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\VidCoder
[2014/04/15 19:55:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Warner Bros. Interactive Entertainment
[2013/01/28 03:34:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Waterfox Limited
[2012/04/27 01:04:21 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WebcamMax
[2013/10/26 01:49:23 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Wings3D
[2013/04/10 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Wise Uninstaller
[2012/07/07 18:40:01 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Woon
[2014/01/05 01:36:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\XBMC
[2013/10/10 23:25:32 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV - [2014/05/13 22:42:39 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV - [2014/05/13 22:42:30 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2012/05/06 10:35:36 | 000,039,112 | ---- | M] () -- C:\Rainmeter.exe
[2012/05/06 10:35:38 | 000,196,296 | ---- | M] () -- C:\SkinInstaller.exe
[2011/12/08 06:27:02 | 004,770,816 | ---- | M] (Geza Kovacs) -- C:\unetbtin.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 7CEF-6D92
 Directory of C:\
07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  12:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Robert
12/01/2011  05:58 PM    <JUNCTION>     Application Data [C:\Users\Robert\AppData\Roaming]
12/01/2011  05:58 PM    <JUNCTION>     Cookies [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies]
12/01/2011  05:58 PM    <JUNCTION>     Local Settings [C:\Users\Robert\AppData\Local]
12/01/2011  05:58 PM    <JUNCTION>     My Documents [C:\Users\Robert\Documents]
12/01/2011  05:58 PM    <JUNCTION>     NetHood [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/01/2011  05:58 PM    <JUNCTION>     PrintHood [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/01/2011  05:58 PM    <JUNCTION>     Recent [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Recent]
12/01/2011  05:58 PM    <JUNCTION>     SendTo [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\SendTo]
12/01/2011  05:58 PM    <JUNCTION>     Start Menu [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu]
12/01/2011  05:58 PM    <JUNCTION>     Templates [C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Robert\AppData\Local
12/01/2011  05:58 PM    <JUNCTION>     Application Data [C:\Users\Robert\AppData\Local]
12/01/2011  05:58 PM    <JUNCTION>     History [C:\Users\Robert\AppData\Local\Microsoft\Windows\History]
12/01/2011  05:58 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Robert\Documents
12/01/2011  05:58 PM    <JUNCTION>     My Music [C:\Users\Robert\Music]
12/01/2011  05:58 PM    <JUNCTION>     My Pictures [C:\Users\Robert\Pictures]
12/01/2011  05:58 PM    <JUNCTION>     My Videos [C:\Users\Robert\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              49 Dir(s)  68,042,432,512 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
 
< MD5 for: SERVICES  >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2014/01/29 16:24:18 | 000,000,221 | ---- | M] () MD5=1204D1B656363E8368AC73E618275154 -- C:\Users\Robert\Downloads\settings\AMD\services.cfg
[2014/05/08 08:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2013/12/06 23:00:50 | 000,000,119 | ---- | M] () MD5=71D301FC0D44154C287BF008E4B364F1 -- C:\Users\Robert\Downloads\settings\NVIDIA\services.cfg
[2012/09/23 21:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.DAT  >
[2014/04/05 23:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Robert\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.JAR  >
[2013/01/10 22:08:58 | 000,820,623 | ---- | M] () MD5=3EEF524562E5E4F768D62966D400D5A7 -- C:\SocketeQ\windowsandroid_root\system\framework\services.jar
 
< MD5 for: SERVICES.JS  >
[2014/06/12 11:17:28 | 000,001,465 | ---- | M] () MD5=D8D3E554AA44D5254BAE4A51700EE640 -- C:\Users\Robert\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni\0.1.22_0\scripts\services.js
[2014/06/12 11:17:28 | 000,001,465 | ---- | M] () MD5=D8D3E554AA44D5254BAE4A51700EE640 -- C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni\0.1.22_0\scripts\services.js
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.PY  >
[2013/12/23 22:16:24 | 000,007,391 | ---- | M] () MD5=1B17E843A4EF0031F7D5258F68E2F5E8 -- C:\Program Files (x86)\Plex\Plex Media Server\Resources\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.py
[2014/01/04 06:15:14 | 000,007,391 | ---- | M] () MD5=1B17E843A4EF0031F7D5258F68E2F5E8 -- C:\Users\Robert\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.py
[2013/12/23 22:16:24 | 000,032,427 | ---- | M] () MD5=5BA8BD62E63A532DF1CE0CFA58B27A7C -- C:\Program Files (x86)\Plex\Plex Media Server\Resources\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.py
[2014/01/04 06:15:13 | 000,032,427 | ---- | M] () MD5=5BA8BD62E63A532DF1CE0CFA58B27A7C -- C:\Users\Robert\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.py
 
< MD5 for: SERVICES.PYC  >
[2014/01/04 06:15:42 | 000,007,126 | ---- | M] () MD5=142C2C27791320E8C02950FC6ECDB8A9 -- C:\Users\Robert\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.pyc
[2014/01/04 06:15:42 | 000,030,871 | ---- | M] () MD5=3F4A5B65AB723680E74096D924728866 -- C:\Users\Robert\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.pyc
 
< MD5 for: SVCHOST.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/05/13 22:42:30 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\winlogon.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\ZUploader:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Witcher 2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Windows_NT6_BSOD_jcgriff2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\WB Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Vuze Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Vee-Hive:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\UT2003 IRC Chat on XGR.com - Edited by Tetris L - BeyondUnreal.com_files:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\TVTrigger Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\The Lord of the Rings Online:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\The KMPlayer:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Square Enix:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Speed_Tester:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\SightSpeed Recordings:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Shadow Warrior Demo:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Scanned Documents:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\SavedGames:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Rockstar Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Respawn:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\RegRun2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Receipts:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Razer:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\ProcAlyzer Dumps:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Photoshopery:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Penumbra Overture:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\PeerProject Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\PCSX2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Osmos:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\OnLive App:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\OneNote Notebooks:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Nexus Mod Manager:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Neat Image for Photoshop:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Mysonethan:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\My Kindle Content:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\My Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\InfiniteCrisis:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\HeroBlade Logs:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Guacamelee:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Giana Sisters - Twisted Dreams:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Games for Windows - LIVE Demos:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Freemake:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Fragments:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Fiddler2:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Fax:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\ezvid:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Elder Scrolls Online:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\EagleGet Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\EA Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Dust:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Dungeons and Dragons Online:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Downloads:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\DonationCoder:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Diablo III:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Bioshock:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Assassin's Creed IV Black Flag:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Anti-Malware:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Amnesia:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Almost Human:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Adobe:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\Add-in Express:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents\4A Games:PeerProject.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Robert\Documents:PeerProject.GUID
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56E2E879
 
< End of report >


#11 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:40 AM

Posted 17 June 2014 - 12:30 AM

Hi Robert Headley, :)

Did you run ComboFix prior seeking assistance here?
  • Step #6 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      SRV:64bit: - [2013/10/30 04:45:38 | 000,043,320 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
      SRV - [2014/04/09 10:59:59 | 002,153,792 | ---- | M] (IObit) [On_Demand | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
      SRV - [2013/11/30 03:15:27 | 000,075,136 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
      SRV - [2013/10/30 04:45:38 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
      IE - HKCU\..\SearchScopes\{EE470B40-5287-4F5B-88B1-A255DC7A5CCA}: "URL" = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://localhost:9614
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
      DRV:64bit: - [2013/04/29 09:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
      NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
      [2014/06/05 10:11:52 | 000,269,312 | ---- | C] (Panda Security) -- C:\Windows\SysNative\WPApi64.dll
      [2014/06/05 10:11:52 | 000,197,600 | ---- | C] (Panda Security) -- C:\Windows\SysNative\PavTrc64.dll
      [2014/06/05 10:11:52 | 000,177,664 | ---- | C] (Panda Security) -- C:\Windows\SysWow64\WPApi.dll
      [2014/06/05 10:11:52 | 000,153,568 | ---- | C] (Panda Security) -- C:\Windows\SysWow64\PavTrc.dll
      [2014/06/04 14:50:03 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
      [2014/06/04 07:09:23 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
      [2014/06/04 06:53:53 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUISkin.dll
      [2014/06/04 06:53:53 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
      [2014/06/04 06:53:53 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUH.dll
      [2014/06/04 06:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
      [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
      [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:07BF512B
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56E2E879

      :Commands
      [emptytemp]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Step #7 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #8 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
    • Click on Advanced Setting and check the following boxes--
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • OTL Fix Log
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#12 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 17 June 2014 - 05:32 PM

I ran combofix months and months and months ago, for another issue. Not in recent history. 



#13 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 17 June 2014 - 05:47 PM

Windows couldn't reboot after otl fixes. I attached a screenshot. Trying system restore.

Attached Files



#14 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 17 June 2014 - 05:55 PM

I can't boot into safe mode. It blue screens. I'll disable reboot on failure and see what the bs says.

#15 Robert Headley

Robert Headley
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 17 June 2014 - 05:58 PM

This is it. It wouldn't restore via system restore.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users