Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible open candy virus cant download or run dds to add log


  • This topic is locked This topic is locked
26 replies to this topic

#1 sdsteve760

sdsteve760

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 22 July 2014 - 05:40 PM

Hi I am having severe issues and cant even get dds to run. I download it to my desktop and it doesn't show up. I try running it from the download on internet options and it never opens the dos screen. I did see some evidence that it could possibly be the open candy virus. I was working with someone else on another forum and he refereed me here to open new post. I cant get malwarebytes to finish at all. I get through about 55 min of scanning and over 80000 threats detected but it always gets not responding before it finishes. Here is a link to my previous topic.

http://www.bleepingcomputer.com/forums/t/541555/possible-virus-need-some-guidance-please/page-2#entry3428230



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 PM

Posted 27 July 2014 - 08:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#3 sdsteve760

sdsteve760
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 27 July 2014 - 11:16 AM

Hi, thanks for response. Everything I download a program to the desktop it doesn't show up. I tried creating a folder and adding it there so I can see the exe file which has worked. Anytime I try to run as administrator it gives me an error that says "These files can't be opened""Your Internet security settings prevented one or more files from being opened" this might be part of the malware. I do currently have roguekiller running by clicking it from the download section in my firefox. If this is not good please let me know. Otherwise I will continue and post my logs here when the scans are complete.

#4 sdsteve760

sdsteve760
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 27 July 2014 - 11:29 AM

Ok so I have had the scan running for Roguekiller for an hour and it has been stuck on searching tasks for about an hour. The status bar hasn't moved at all. I am going to leave it running for now but it does seem to be stuck there.Edit I think it is actually making progress going to keep it going logs when done.

Edited by sdsteve760, 27 July 2014 - 11:57 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 PM

Posted 27 July 2014 - 12:59 PM

Stop the RogueKiller process.

Try this.

Using a good computer Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#6 sdsteve760

sdsteve760
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 27 July 2014 - 01:36 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by SYSTEM on MININT-R088TJH on 27-07-2014 11:21:46
Running from f:\Farbar
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-04-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Steve\...\Run: [AdobeBridge] => [X]
HKU\UpdatusUser\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-24] (NETGEAR)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-11-11] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-11] ()
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-27] (AVG Technologies)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-06] (DT Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2013-05-24] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-17] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-14] (Duplex Secure Ltd.)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-27] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 ALSysIO; \??\C:\Users\Steve\AppData\Local\Temp\ALSysIO64.sys [X]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 cpuz132; \??\C:\Users\Steve\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 11:21 - 2014-07-27 11:21 - 00000000 ____D () C:\FRST
2014-07-27 08:14 - 2014-07-27 08:14 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-07-27 08:03 - 2014-07-27 09:16 - 00000000 ____D () C:\Users\TEMP\roguekiller
2014-07-27 07:52 - 2014-07-27 07:52 - 00000000 ____D () C:\Users\TEMP\farbar
2014-07-27 07:38 - 2014-07-27 09:14 - 00030312 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-07-27 07:38 - 2014-07-27 07:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-27 07:35 - 2014-07-27 09:13 - 00003354 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1673337759-4252953613-1966940125-1000
2014-07-22 14:43 - 2014-07-22 14:43 - 00002994 _____ () C:\Windows\System32\Tasks\{31CF1D77-E9CA-44B2-8912-15B3A13D6AB3}
2014-07-22 14:26 - 2014-07-22 14:26 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Adobe
2014-07-21 20:20 - 2014-07-21 20:20 - 00003032 _____ () C:\Windows\System32\Tasks\{BCB45AEE-905E-4A66-8617-D780C206F05D}
2014-07-21 20:20 - 2014-07-21 20:20 - 00003032 _____ () C:\Windows\System32\Tasks\{710CA953-29E9-4325-A338-A4CDB8CBF86E}
2014-07-21 20:20 - 2014-07-21 20:20 - 00003032 _____ () C:\Windows\System32\Tasks\{3C48670C-3EF4-4DD5-A37A-C2B0BCB651D0}
2014-07-21 20:20 - 2014-07-21 20:20 - 00003032 _____ () C:\Windows\System32\Tasks\{399E31F6-F9F6-4F0D-9349-CD670712B14F}
2014-07-21 20:14 - 2014-07-21 20:14 - 00003034 _____ () C:\Windows\System32\Tasks\{F21169D0-C406-4775-8171-4E8BEC3F8454}
2014-07-21 20:14 - 2014-07-21 20:14 - 00003034 _____ () C:\Windows\System32\Tasks\{EC0EF2B1-3430-4CF5-92B0-C2E36D250CFA}
2014-07-21 20:14 - 2014-07-21 20:14 - 00003034 _____ () C:\Windows\System32\Tasks\{85AF791D-6328-4BD2-A54E-C4821F9DA286}
2014-07-21 20:14 - 2014-07-21 20:14 - 00003034 _____ () C:\Windows\System32\Tasks\{310042AF-C2A0-4F34-8826-3112B8269A7E}
2014-07-21 20:14 - 2014-07-21 20:14 - 00000000 ____D () C:\Users\TEMP\Downloads\mbam-chameleon-3.1.4.0
2014-07-21 20:07 - 2014-07-21 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-21 20:03 - 2014-07-21 20:03 - 04872677 _____ () C:\Users\TEMP\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-21 19:56 - 2014-07-27 09:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-21 19:56 - 2014-07-21 20:19 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-07-21 19:56 - 2014-07-21 19:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 19:56 - 2014-07-21 19:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 19:56 - 2014-07-21 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 19:56 - 2014-05-12 06:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-07-21 19:56 - 2014-05-12 06:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-07-21 19:43 - 2014-07-21 19:43 - 00321848 _____ (Malwarebytes Corporation) C:\Users\TEMP\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-21 18:42 - 2014-07-21 18:42 - 00002952 _____ () C:\Windows\System32\Tasks\{82735318-AF4D-496B-9A54-ED1F0C049A02}
2014-07-21 18:41 - 2014-07-21 18:41 - 00002946 _____ () C:\Windows\System32\Tasks\{E6BBC0D7-9146-4442-845F-BF07B3A05AD4}
2014-07-21 18:41 - 2014-07-21 18:41 - 00002946 _____ () C:\Windows\System32\Tasks\{7DEB9C49-B3ED-4FAD-97CB-524FC0658E68}
2014-07-21 18:35 - 2014-07-21 18:43 - 00002406 _____ () C:\Users\TEMP\Desktop\Rkill.txt
2014-07-21 18:35 - 2014-07-21 18:35 - 00002946 _____ () C:\Windows\System32\Tasks\{D48F7B80-4631-4935-AFA7-32CB809003F7}
2014-07-21 18:35 - 2014-07-21 18:35 - 00002946 _____ () C:\Windows\System32\Tasks\{699090CA-7310-4B34-B284-AC3C0E6AB554}
2014-07-21 18:35 - 2014-07-21 18:35 - 00002946 _____ () C:\Windows\System32\Tasks\{3B40B5DE-8E70-49C2-8CEF-B7AB1643EFAD}
2014-07-21 18:35 - 2014-07-21 18:35 - 00002946 _____ () C:\Windows\System32\Tasks\{2782B6CB-7492-4063-8E80-31BB45FFB478}
2014-07-21 16:32 - 2014-07-21 16:32 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\DAEMON Tools Pro
2014-07-20 18:58 - 2014-07-21 18:35 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-07-19 18:13 - 2014-07-19 18:13 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-19 14:32 - 2014-07-21 19:14 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-19 14:09 - 2014-07-21 15:41 - 00000000 ____D () C:\ComboFix
2014-07-19 14:09 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-19 14:09 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-19 14:09 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-19 14:09 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-19 14:09 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-19 14:09 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-19 14:09 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-19 14:09 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-19 14:05 - 2014-07-19 14:09 - 00000000 ____D () C:\Qoobox
2014-07-19 13:51 - 2014-07-21 19:13 - 00000000 ____D () C:\AdwCleaner
2014-07-19 08:50 - 2014-07-19 08:50 - 00000947 _____ () C:\Users\Public\Desktop\µTorrent.lnk
2014-07-19 08:50 - 2014-07-19 08:50 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2014-07-19 08:49 - 2014-07-19 08:49 - 00968592 _____ (BitTorrent, Inc.) C:\Users\TEMP\Downloads\uTorrent.exe
2014-07-19 08:49 - 2014-07-19 08:49 - 00000000 __SHD () C:\Users\TEMP\Downloads\%APPDATA%
2014-07-19 08:43 - 2014-07-19 08:43 - 00001216 _____ () C:\Users\Steve\My Documents - Shortcut.lnk
2014-07-17 14:45 - 2014-07-17 14:45 - 00000135 _____ () C:\Windows\SysWOW64\debug.log
2014-07-17 14:18 - 2014-07-17 14:18 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Real
2014-07-17 14:09 - 2014-05-19 15:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-17 14:07 - 2014-05-19 18:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-07-17 14:07 - 2014-05-19 18:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433788.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433788.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2014-07-17 14:07 - 2014-05-19 18:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-17 14:06 - 2014-07-17 14:06 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe
2014-07-17 14:04 - 2014-07-17 14:04 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA
2014-07-17 14:04 - 2014-07-17 14:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA
2014-07-17 14:04 - 2014-05-29 15:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll
2014-07-17 14:04 - 2014-05-29 15:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-17 14:04 - 2014-03-31 08:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2014-07-17 14:04 - 2014-03-31 08:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-07-17 14:03 - 2014-07-17 14:04 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA Corporation
2014-07-17 14:03 - 2014-07-17 14:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA Corporation
2014-07-17 13:49 - 2014-07-17 13:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2014-07-17 13:49 - 2014-07-17 13:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe
2014-07-17 13:46 - 2014-07-17 13:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2014-07-17 13:46 - 2014-07-17 13:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-07-17 13:41 - 2014-07-17 14:04 - 00000000 ____D () C:\Users\TEMP\AppData\Local\NVIDIA Corporation
2014-07-17 13:40 - 2014-07-17 14:03 - 00000000 ____D () C:\Users\TEMP\AppData\Local\NVIDIA
2014-07-17 13:40 - 2014-07-17 13:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Real
2014-07-17 13:40 - 2014-07-17 13:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Real
2014-07-17 13:39 - 2014-07-27 08:03 - 00000000 ____D () C:\users\TEMP
2014-07-17 13:39 - 2014-06-05 14:23 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Overwolf
2014-07-17 13:39 - 2010-05-04 17:03 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-07-13 10:16 - 2014-07-13 10:16 - 00013179 _____ () C:\Users\Steve\Downloads\Need.For.Speed.2014.720p.BDRIP.x264.AC3-EVE-ipt [IPT].torrent
2014-07-08 14:45 - 2014-07-08 14:45 - 00036050 _____ () C:\Users\Steve\Downloads\Sabotage.2014.720p.WEB-DL.H264.AC3-EVO [IPT].torrent
2014-07-05 07:55 - 2014-07-05 07:55 - 00018564 _____ () C:\Users\Steve\Downloads\Noah.2013.BRRIP.x264.AC3.CrEwSaDe [IPT].torrent
2014-07-05 07:54 - 2014-07-05 07:54 - 00117452 _____ () C:\Users\Steve\Downloads\Noah.2013.720p.BluRay.x264-SPARKS [IPT].torrent
2014-07-04 18:59 - 2014-07-04 18:59 - 00050732 _____ () C:\Users\Steve\Downloads\Penny Dreadful S01 1080i HDTV MPEG2 DD5.1-CtrlHD [IPT].torrent
2014-07-04 18:58 - 2014-07-04 18:59 - 00008917 _____ () C:\Users\Steve\Downloads\Penny.Dreadful.S01E01.HDTV.XviD-AFG [IPT].torrent
2014-07-04 18:55 - 2014-07-04 18:55 - 00030803 _____ () C:\Users\Steve\Downloads\bp-towdvds(1) [IPT].torrent
2014-07-02 15:28 - 2014-07-02 15:28 - 00078718 _____ () C:\Users\Steve\Downloads\Locke 2013 720p KORSUB HDRip x264 AC3-MiLLENiUM [IPT].torrent
2014-07-02 03:28 - 2014-07-02 03:28 - 00018267 _____ () C:\Users\Steve\Downloads\Transcendence.2014.HDRip.XviD.AC3-EVO [IPT].torrent
2014-07-01 14:56 - 2014-07-01 14:56 - 00114175 _____ () C:\Users\Steve\Downloads\The Fault In Our Stars 2014 CAM READNFO XViD-BL4CKP34RL [IPT].torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 11:21 - 2014-07-27 11:21 - 00000000 ____D () C:\FRST
2014-07-27 10:14 - 2014-05-15 16:41 - 01974109 _____ () C:\Windows\setupact.log
2014-07-27 10:14 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 10:13 - 2011-07-22 15:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-27 10:11 - 2009-10-10 14:49 - 01654745 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 10:10 - 2014-06-20 14:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 09:21 - 2009-10-10 14:30 - 00009728 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 09:21 - 2009-10-10 14:30 - 00009728 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 09:18 - 2011-11-24 08:09 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-07-27 09:16 - 2014-07-27 08:03 - 00000000 ____D () C:\Users\TEMP\roguekiller
2014-07-27 09:14 - 2014-07-27 07:38 - 00030312 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-07-27 09:13 - 2014-07-27 07:35 - 00003354 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1673337759-4252953613-1966940125-1000
2014-07-27 09:13 - 2014-07-21 19:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-27 09:13 - 2014-06-19 15:12 - 00003220 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1673337759-4252953613-1966940125-1000
2014-07-27 09:11 - 2014-05-22 15:46 - 00024736 _____ () C:\Windows\PFRO.log
2014-07-27 08:14 - 2014-07-27 08:14 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-07-27 08:03 - 2014-07-17 13:39 - 00000000 ____D () C:\users\TEMP
2014-07-27 07:52 - 2014-07-27 07:52 - 00000000 ____D () C:\Users\TEMP\farbar
2014-07-27 07:43 - 2011-11-24 08:07 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-27 07:38 - 2014-07-27 07:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-27 07:33 - 2013-03-14 17:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 07:33 - 2013-03-14 17:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-22 14:43 - 2014-07-22 14:43 - 00002994 _____ () C:\Windows\System32\Tasks\{31CF1D77-E9CA-44B2-8912-15B3A13D6AB3}
2014-07-22 14:26 - 2014-07-22 14:26 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Adobe
2014-07-22 14:16 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-21 20:20 - 2014-07-21 20:20 - 00003032 _____ () C:\Windows\System32\Tasks\{BCB45AEE-905E-4A66-8617-D780C206F05D}
2014-07-21 20:20 - 2014-07-21 20:20 - 00003032 _____ () C:\Windows\System32\Tasks\{710CA953-29E9-4325-A338-A4CDB8CBF86E}
2014-07-21 20:20 - 2014-07-21 20:20 - 00003032 _____ () C:\Windows\System32\Tasks\{3C48670C-3EF4-4DD5-A37A-C2B0BCB651D0}
2014-07-21 20:20 - 2014-07-21 20:20 - 00003032 _____ () C:\Windows\System32\Tasks\{399E31F6-F9F6-4F0D-9349-CD670712B14F}
2014-07-21 20:19 - 2014-07-21 19:56 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-07-21 20:15 - 2014-07-21 20:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-21 20:14 - 2014-07-21 20:14 - 00003034 _____ () C:\Windows\System32\Tasks\{F21169D0-C406-4775-8171-4E8BEC3F8454}
2014-07-21 20:14 - 2014-07-21 20:14 - 00003034 _____ () C:\Windows\System32\Tasks\{EC0EF2B1-3430-4CF5-92B0-C2E36D250CFA}
2014-07-21 20:14 - 2014-07-21 20:14 - 00003034 _____ () C:\Windows\System32\Tasks\{85AF791D-6328-4BD2-A54E-C4821F9DA286}
2014-07-21 20:14 - 2014-07-21 20:14 - 00003034 _____ () C:\Windows\System32\Tasks\{310042AF-C2A0-4F34-8826-3112B8269A7E}
2014-07-21 20:14 - 2014-07-21 20:14 - 00000000 ____D () C:\Users\TEMP\Downloads\mbam-chameleon-3.1.4.0
2014-07-21 20:03 - 2014-07-21 20:03 - 04872677 _____ () C:\Users\TEMP\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-21 19:59 - 2014-07-21 19:56 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 19:59 - 2014-07-21 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 19:56 - 2014-07-21 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 19:43 - 2014-07-21 19:43 - 00321848 _____ (Malwarebytes Corporation) C:\Users\TEMP\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-21 19:14 - 2014-07-19 14:32 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-21 19:13 - 2014-07-19 13:51 - 00000000 ____D () C:\AdwCleaner
2014-07-21 18:43 - 2014-07-21 18:35 - 00002406 _____ () C:\Users\TEMP\Desktop\Rkill.txt
2014-07-21 18:42 - 2014-07-21 18:42 - 00002952 _____ () C:\Windows\System32\Tasks\{82735318-AF4D-496B-9A54-ED1F0C049A02}
2014-07-21 18:41 - 2014-07-21 18:41 - 00002946 _____ () C:\Windows\System32\Tasks\{E6BBC0D7-9146-4442-845F-BF07B3A05AD4}
2014-07-21 18:41 - 2014-07-21 18:41 - 00002946 _____ () C:\Windows\System32\Tasks\{7DEB9C49-B3ED-4FAD-97CB-524FC0658E68}
2014-07-21 18:35 - 2014-07-21 18:35 - 00002946 _____ () C:\Windows\System32\Tasks\{D48F7B80-4631-4935-AFA7-32CB809003F7}
2014-07-21 18:35 - 2014-07-21 18:35 - 00002946 _____ () C:\Windows\System32\Tasks\{699090CA-7310-4B34-B284-AC3C0E6AB554}
2014-07-21 18:35 - 2014-07-21 18:35 - 00002946 _____ () C:\Windows\System32\Tasks\{3B40B5DE-8E70-49C2-8CEF-B7AB1643EFAD}
2014-07-21 18:35 - 2014-07-21 18:35 - 00002946 _____ () C:\Windows\System32\Tasks\{2782B6CB-7492-4063-8E80-31BB45FFB478}
2014-07-21 18:35 - 2014-07-20 18:58 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-07-21 16:44 - 2013-11-29 17:16 - 00000000 ____D () C:\Windows\9155DB04A032491A88B27C19B9E9F945.TMP
2014-07-21 16:44 - 2013-11-29 17:15 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-07-21 16:44 - 2013-11-29 17:15 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-07-21 16:41 - 2013-10-27 07:01 - 00000000 ____D () C:\Program Files\Core Temp
2014-07-21 16:41 - 2013-10-27 06:55 - 00000000 ____D () C:\Program Files\CPUID
2014-07-21 16:32 - 2014-07-21 16:32 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\DAEMON Tools Pro
2014-07-21 15:41 - 2014-07-19 14:09 - 00000000 ____D () C:\ComboFix
2014-07-21 15:40 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-19 18:13 - 2014-07-19 18:13 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-19 14:21 - 2009-07-13 18:34 - 31457280 _____ () C:\Windows\System32\config\SYSTEM.bak
2014-07-19 14:21 - 2009-07-13 18:34 - 193724416 _____ () C:\Windows\System32\config\SOFTWARE.bak
2014-07-19 14:21 - 2009-07-13 18:34 - 05505024 _____ () C:\Windows\System32\config\DEFAULT.bak
2014-07-19 14:21 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\System32\config\SECURITY.bak
2014-07-19 14:21 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\System32\config\SAM.bak
2014-07-19 14:20 - 2013-05-03 19:23 - 00000000 ____D () C:\Windows\erdnt
2014-07-19 14:09 - 2014-07-19 14:05 - 00000000 ____D () C:\Qoobox
2014-07-19 08:50 - 2014-07-19 08:50 - 00000947 _____ () C:\Users\Public\Desktop\µTorrent.lnk
2014-07-19 08:50 - 2014-07-19 08:50 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2014-07-19 08:49 - 2014-07-19 08:49 - 00968592 _____ (BitTorrent, Inc.) C:\Users\TEMP\Downloads\uTorrent.exe
2014-07-19 08:49 - 2014-07-19 08:49 - 00000000 __SHD () C:\Users\TEMP\Downloads\%APPDATA%
2014-07-19 08:43 - 2014-07-19 08:43 - 00001216 _____ () C:\Users\Steve\My Documents - Shortcut.lnk
2014-07-19 08:43 - 2009-10-10 14:32 - 00000000 ____D () C:\users\Steve
2014-07-17 14:52 - 2009-06-27 01:16 - 00000000 ____D () C:\Program Files (x86)\Minefield
2014-07-17 14:45 - 2014-07-17 14:45 - 00000135 _____ () C:\Windows\SysWOW64\debug.log
2014-07-17 14:18 - 2014-07-17 14:18 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Real
2014-07-17 14:10 - 2009-06-27 17:29 - 00000000 ____D () C:\Temp
2014-07-17 14:09 - 2009-07-27 17:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-17 14:06 - 2014-07-17 14:06 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe
2014-07-17 14:04 - 2014-07-17 14:04 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA
2014-07-17 14:04 - 2014-07-17 14:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA
2014-07-17 14:04 - 2014-07-17 14:03 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA Corporation
2014-07-17 14:04 - 2014-07-17 14:03 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA Corporation
2014-07-17 14:04 - 2014-07-17 13:41 - 00000000 ____D () C:\Users\TEMP\AppData\Local\NVIDIA Corporation
2014-07-17 14:04 - 2013-10-31 17:12 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-17 14:04 - 2010-05-05 14:59 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-17 14:03 - 2014-07-17 13:40 - 00000000 ____D () C:\Users\TEMP\AppData\Local\NVIDIA
2014-07-17 13:49 - 2014-07-17 13:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2014-07-17 13:49 - 2014-07-17 13:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe
2014-07-17 13:46 - 2014-07-17 13:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2014-07-17 13:46 - 2014-07-17 13:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-07-17 13:40 - 2014-07-17 13:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Real
2014-07-17 13:40 - 2014-07-17 13:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Real
2014-07-14 04:11 - 2011-07-21 13:55 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\uTorrent
2014-07-13 16:29 - 2010-09-09 13:11 - 00000000 ____D () C:\Users\Steve\Documents\Outlook Files
2014-07-13 10:16 - 2014-07-13 10:16 - 00013179 _____ () C:\Users\Steve\Downloads\Need.For.Speed.2014.720p.BDRIP.x264.AC3-EVE-ipt [IPT].torrent
2014-07-09 02:12 - 2013-08-15 02:00 - 00000000 ____D () C:\Windows\System32\MRT
2014-07-09 02:00 - 2010-09-08 15:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 02:00 - 2009-10-17 09:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-07-08 14:45 - 2014-07-08 14:45 - 00036050 _____ () C:\Users\Steve\Downloads\Sabotage.2014.720p.WEB-DL.H264.AC3-EVO [IPT].torrent
2014-07-05 13:14 - 2012-10-14 07:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 07:55 - 2014-07-05 07:55 - 00018564 _____ () C:\Users\Steve\Downloads\Noah.2013.BRRIP.x264.AC3.CrEwSaDe [IPT].torrent
2014-07-05 07:54 - 2014-07-05 07:54 - 00117452 _____ () C:\Users\Steve\Downloads\Noah.2013.720p.BluRay.x264-SPARKS [IPT].torrent
2014-07-04 18:59 - 2014-07-04 18:59 - 00050732 _____ () C:\Users\Steve\Downloads\Penny Dreadful S01 1080i HDTV MPEG2 DD5.1-CtrlHD [IPT].torrent
2014-07-04 18:59 - 2014-07-04 18:58 - 00008917 _____ () C:\Users\Steve\Downloads\Penny.Dreadful.S01E01.HDTV.XviD-AFG [IPT].torrent
2014-07-04 18:55 - 2014-07-04 18:55 - 00030803 _____ () C:\Users\Steve\Downloads\bp-towdvds(1) [IPT].torrent
2014-07-03 07:38 - 2009-07-13 21:13 - 00796722 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-02 15:28 - 2014-07-02 15:28 - 00078718 _____ () C:\Users\Steve\Downloads\Locke 2013 720p KORSUB HDRip x264 AC3-MiLLENiUM [IPT].torrent
2014-07-02 03:28 - 2014-07-02 03:28 - 00018267 _____ () C:\Users\Steve\Downloads\Transcendence.2014.HDRip.XviD.AC3-EVO [IPT].torrent
2014-07-01 14:56 - 2014-07-01 14:56 - 00114175 _____ () C:\Users\Steve\Downloads\The Fault In Our Stars 2014 CAM READNFO XViD-BL4CKP34RL [IPT].torrent

Files to move or delete:
====================
C:\Users\Steve\error_report.exe
C:\Users\Steve\package_inst.exe
C:\Users\Steve\QtCore4.dll
C:\Users\Steve\QtGui4.dll
C:\Users\Steve\QtNetwork4.dll
C:\Users\Steve\ts3client_win64.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-07-04 23:00:15
Restore point made on: 2014-07-09 02:00:22
Restore point made on: 2014-07-19 14:46:06
Restore point made on: 2014-07-24 19:45:44

==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 18423.12 MB
Available physical RAM: 16909.92 MB
Total Pagefile: 18421.27 MB
Available Pagefile: 17050.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:122.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:465.75 GB) (Free:93.68 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1629.23 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 77054369)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)


LastRegBack: 2014-07-19 18:36

==================== End Of Log ============================



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 PM

Posted 28 July 2014 - 06:42 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.



 
start
HKLM-x32\...\Run: [] => [X]
HKU\Steve\...\Run: [AdobeBridge] => [X]
S3 ALSysIO; \??\C:\Users\Steve\AppData\Local\Temp\ALSysIO64.sys [X]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 cpuz132; \??\C:\Users\Steve\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
==

Run this tool and post the log if successful.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.

#8 sdsteve760

sdsteve760
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 28 July 2014 - 05:23 PM

here is a copy of my fixlog from FRST

Running OTL after

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Steve at 2014-07-28 15:00:40 Run:1
Running from F:\Farbar
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\Steve\...\Run: [AdobeBridge] => [X]
S3 ALSysIO; \??\C:\Users\Steve\AppData\Local\Temp\ALSysIO64.sys [X]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 cpuz132; \??\C:\Users\Steve\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\Steve\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value not found.
ALSysIO => Service deleted successfully.
Andbus => Service deleted successfully.
AndDiag => Service deleted successfully.
AndGps => Service deleted successfully.
ANDModem => Service deleted successfully.
androidusb => Service deleted successfully.
catchme => Service deleted successfully.
cleanhlp => Service deleted successfully.
cpuz132 => Service deleted successfully.
esgiguard => Service deleted successfully.
Lavasoft Kernexplorer => Service deleted successfully.
TfFsMon => Service deleted successfully.
TfNetMon => Service deleted successfully.
TFSysMon => Service deleted successfully.

==== End of Fixlog ====



#9 sdsteve760

sdsteve760
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 28 July 2014 - 05:37 PM

OTL.txt file is here

 

OTL logfile created on: 7/28/2014 3:25:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Windows\SysWOW64\config\systemprofile\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
17.99 Gb Total Physical Memory | 15.02 Gb Available Physical Memory | 83.47% Memory free
35.98 Gb Paging File | 33.00 Gb Available in Paging File | 91.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 121.02 Gb Free Space | 25.98% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 93.68 Gb Free Space | 20.11% Space Free | Partition Type: NTFS
Drive F: | 1862.98 Gb Total Space | 1629.23 Gb Free Space | 87.45% Space Free | Partition Type: NTFS
Drive G: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: STEVE7ULTIMATE- | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/28 15:05:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Windows\SysWOW64\config\systemprofile\Desktop\OTL.exe
PRC - [2014/05/29 16:35:33 | 002,352,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/05/29 16:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/05/19 16:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/11 16:33:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/10/23 01:25:06 | 002,744,960 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/05/21 08:10:04 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/05/06 15:37:53 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/20 10:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 10:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/06/18 05:46:44 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/06/12 16:10:46 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2014/05/29 16:28:54 | 021,055,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/11/11 16:33:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/02/08 11:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/06/22 14:14:47 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/20 15:06:13 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/29 16:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/19 16:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/11 16:33:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/24 23:06:14 | 000,231,752 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2012/01/05 08:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/27 18:41:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/06/26 21:46:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/27 10:14:20 | 000,030,312 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/06/20 10:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 10:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 10:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 10:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 10:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 10:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/06/18 03:12:12 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/06/18 03:11:44 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/05/29 16:28:53 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/27 20:06:28 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/03/31 09:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 06:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/05/24 20:01:41 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/05/06 15:35:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/15 02:50:30 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/04/14 14:51:36 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/01/03 01:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/01/03 01:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 01:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/01/03 01:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/06/16 22:10:08 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/12 05:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/22 19:18:41 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/07/30 19:21:48 | 000,093,784 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/10/31 08:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013/07/17 17:28:12 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1673337759-4252953613-1966940125-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1673337759-4252953613-1966940125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@View22/View22: C:\Program Files\View22\Version 3.10.50\NPView22.dll (View22 Technology)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/07/08 14:40:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/13 20:20:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/13 20:20:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/08/03 10:05:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.0.10\extensions\\Components: C:\Program Files (x86)\Minefield\components [2014/07/17 15:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.0.10\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins [2014/05/20 16:49:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/20 15:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/20 15:06:10 | 000,000,000 | ---D | M]
 
[2014/06/20 15:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/20 15:06:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/13 20:19:24 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2014/07/21 16:40:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1673337759-4252953613-1966940125-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1673337759-4252953613-1966940125-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1673337759-4252953613-1966940125-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: bleepingcomputer.com ([www] http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: bleepingcomputer.com ([www] http in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07FBE057-F9FF-42AD-ABD3-4AF30FC0A6E3}: NameServer = 68.105.28.11,68.105.29.11,68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1FCC7B6-7A0C-454B-98CE-D811E5F69EC3}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/28 15:32:06 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/02/28 09:42:54 | 000,467,168 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/02/28 09:58:30 | 000,000,000 | ---D | M] - G:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2011/02/28 09:58:24 | 003,582,976 | R--- | M] () - G:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/02/28 09:58:24 | 000,000,152 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/28 15:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/07/28 15:05:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2014/07/27 12:21:38 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/27 09:14:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%LOCALAPPDATA%
[2014/07/27 08:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/22 15:29:37 | 000,688,992 | ---- | C] (Swearware) -- C:\Windows\system32\config\systemprofile\Desktop\dds.com
[2014/07/21 21:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/07/21 21:07:28 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Desktop\mbar
[2014/07/21 21:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/07/21 20:56:43 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/21 20:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/21 20:56:08 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/21 20:56:08 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/21 20:56:07 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/21 20:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/21 20:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/21 17:30:58 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\HP
[2014/07/21 16:40:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/21 15:50:23 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Documents\TurboTax
[2014/07/21 15:45:54 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Intuit
[2014/07/20 19:58:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2014/07/19 19:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Emsisoft
[2014/07/19 15:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2014/07/19 15:20:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/07/19 15:09:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/07/19 15:09:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/07/19 15:09:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/07/19 15:09:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/07/19 15:05:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/19 15:00:51 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Programs
[2014/07/19 14:52:22 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Videos
[2014/07/19 14:52:22 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/07/19 14:52:22 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Pictures
[2014/07/19 14:52:22 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Music
[2014/07/19 14:52:22 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Documents
[2014/07/19 14:52:21 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/07/19 14:51:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/19 09:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2014/07/19 08:12:18 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Desktop\%APPDATA%
[2014/07/19 08:12:18 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\uTorrent
[2014/07/19 08:03:53 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/07/17 15:44:48 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Adobe
[2014/07/17 15:39:26 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Macromedia
[2014/07/17 15:39:26 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Macromedia
[2014/07/17 15:39:26 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe
[2014/07/17 15:19:03 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Temp
[2014/07/17 15:14:49 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2014/07/17 15:14:49 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla
[2014/07/17 15:14:49 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla
[2014/07/17 15:09:40 | 000,601,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/07/17 15:07:38 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/07/17 15:07:38 | 024,025,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/07/17 15:07:38 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/07/17 15:07:38 | 016,003,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/07/17 15:07:38 | 011,644,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/07/17 15:07:38 | 011,599,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/07/17 15:07:38 | 009,735,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/07/17 15:07:38 | 009,697,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/07/17 15:07:38 | 003,141,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/07/17 15:07:38 | 002,953,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/07/17 15:07:38 | 002,785,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/07/17 15:07:38 | 002,412,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/07/17 15:07:38 | 001,889,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433788.dll
[2014/07/17 15:07:38 | 001,541,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433788.dll
[2014/07/17 15:07:38 | 000,895,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/07/17 15:07:38 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/07/17 15:07:38 | 000,867,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/07/17 15:07:38 | 000,861,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/07/17 15:07:38 | 000,837,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/07/17 15:07:38 | 000,354,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/07/17 15:07:38 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/07/17 15:07:38 | 000,166,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/07/17 15:07:38 | 000,146,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/07/17 15:04:27 | 001,715,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014/07/17 15:04:27 | 001,291,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014/07/17 15:04:08 | 000,040,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/07/17 15:04:08 | 000,034,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/07/17 14:41:22 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Real
[2014/07/17 14:41:22 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\DAEMON Tools Pro
[2014/07/17 14:41:05 | 000,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/07/17 14:40:58 | 000,000,000 | -H-D | C] -- C:\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/01/19 00:44:40 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/28 15:10:53 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/28 15:10:53 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/28 15:07:56 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2014/07/28 15:05:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2014/07/28 15:03:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/28 15:02:42 | 1603,624,957 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/28 15:01:41 | 000,062,412 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/07/28 15:01:41 | 000,062,412 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/07/28 15:01:41 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/07/27 10:14:20 | 000,030,312 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/27 10:13:33 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/27 08:37:34 | 005,379,160 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\RogueKillerX64.exe
[2014/07/24 20:27:23 | 000,049,994 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Divergent.2014.HDRip.XviD-SaM[ETRG] [IPT].torrent
[2014/07/24 20:21:05 | 000,029,217 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\The.Expendables.3.2014.DVDSCR.XviD-VAiN [IPT].torrent
[2014/07/22 15:29:37 | 000,688,992 | ---- | M] (Swearware) -- C:\Windows\system32\config\systemprofile\Desktop\dds.com
[2014/07/21 21:19:50 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/21 20:59:44 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/21 16:40:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/07/19 09:50:18 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2014/07/19 09:18:12 | 000,003,853 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Starred Up 2014 WEBRIP XVID AC3 ACAB [IPT](1).torrent
[2014/07/19 08:21:22 | 000,003,853 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Starred Up 2014 WEBRIP XVID AC3 ACAB [IPT].torrent
[2014/07/19 08:16:07 | 000,002,230 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Tammy 2014 READNFO WEBRIP SUB XVID AC3 ACAB [IPT](1).torrent
[2014/07/19 08:11:30 | 000,002,230 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Tammy 2014 READNFO WEBRIP SUB XVID AC3 ACAB [IPT].torrent
[2014/07/05 14:14:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/03 08:38:05 | 000,796,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/03 08:38:05 | 000,671,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/03 08:38:05 | 000,126,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/27 08:38:36 | 000,030,312 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/27 08:37:34 | 005,379,160 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\RogueKillerX64.exe
[2014/07/24 20:23:54 | 000,049,994 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Divergent.2014.HDRip.XviD-SaM[ETRG] [IPT].torrent
[2014/07/24 20:21:04 | 000,029,217 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\The.Expendables.3.2014.DVDSCR.XviD-VAiN [IPT].torrent
[2014/07/21 20:56:15 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/21 20:48:15 | 000,001,459 | ---- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/07/19 15:09:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/07/19 15:09:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/07/19 15:09:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/19 15:09:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/07/19 15:09:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/19 09:50:18 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2014/07/19 09:18:09 | 000,003,853 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Starred Up 2014 WEBRIP XVID AC3 ACAB [IPT](1).torrent
[2014/07/19 08:21:11 | 000,003,853 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Starred Up 2014 WEBRIP XVID AC3 ACAB [IPT].torrent
[2014/07/19 08:16:05 | 000,002,230 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Tammy 2014 READNFO WEBRIP SUB XVID AC3 ACAB [IPT](1).torrent
[2014/07/19 08:11:22 | 000,002,230 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Tammy 2014 READNFO WEBRIP SUB XVID AC3 ACAB [IPT].torrent
[2014/06/21 06:32:52 | 000,000,618 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/14 16:26:12 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/02/13 17:18:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/28 09:48:00 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/13 18:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/13 18:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 00:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:01:38 | 000,136,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/01 22:25:12 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 21:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 18:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/13 18:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:29:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 00:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/13 18:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/13 18:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 00:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2010/12/20 23:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/08/26 23:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/13 18:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/13 18:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/01 22:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/13 18:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 18:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 22:32:43 | 000,208,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/13 18:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/13 18:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/13 18:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/13 18:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/13 18:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/13 18:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/13 18:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/13 18:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: SERVICES  >
[2006/09/18 14:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\etc\services
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2014/05/08 06:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 21:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.SBS  >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs
 
< MD5 for: SVCHOST.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2014/06/03 02:40:20 | 000,755,512 | ---- | M] (MalwareBytes) MD5=D332AA939A73A0094E4A296AAE5A7D47 -- C:\Users\TEMP\Downloads\mbam-chameleon-3.1.4.0\Chameleon\Windows\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2014/06/03 02:40:20 | 000,755,512 | ---- | M] (MalwareBytes) MD5=D332AA939A73A0094E4A296AAE5A7D47 -- C:\Users\TEMP\Downloads\mbam-chameleon-3.1.4.0\Chameleon\Windows\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >
 

Extras.txt is here

 

OTL Extras logfile created on: 7/28/2014 3:25:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Windows\SysWOW64\config\systemprofile\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
17.99 Gb Total Physical Memory | 15.02 Gb Available Physical Memory | 83.47% Memory free
35.98 Gb Paging File | 33.00 Gb Available in Paging File | 91.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 121.02 Gb Free Space | 25.98% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 93.68 Gb Free Space | 20.11% Space Free | Partition Type: NTFS
Drive F: | 1862.98 Gb Total Space | 1629.23 Gb Free Space | 87.45% Space Free | Partition Type: NTFS
Drive G: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: STEVE7ULTIMATE- | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1673337759-4252953613-1966940125-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296D020-C7BD-4118-A66C-054D610A675A}" = lport=56649 | protocol=17 | dir=in | name=pando media booster |
"{04C01A6E-29EA-44AB-BABC-EB3E69D2CEF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0AA6F99B-C20F-44A0-9CD0-C8DB23508966}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{0D703607-0AAA-456D-B458-163DFBFA42DA}" = lport=58836 | protocol=6 | dir=in | name=pando media booster |
"{0D868538-D979-48B1-90D1-716C7B356B69}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0E8D5ABB-F9B6-4069-89F9-9C7D220F6CF1}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{12CB6922-7432-4DE5-BA3F-DCE46F59016B}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{13B66FE3-2C32-4FA2-86AF-109745B80F46}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{1543FA11-0BE6-4767-89F3-537EAD5C836C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19AE99DE-EE40-4680-A2CC-5158429CC52E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{229EE8E7-CB2F-4E46-88EB-7B0C0F66710C}" = lport=56649 | protocol=17 | dir=in | name=pando media booster |
"{25954E3E-2AA1-44B1-AF0E-E79F166EC63A}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{2AF47039-0169-4449-9A1F-53A4D10C56F9}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{2B02F0E4-FEA6-4178-87F4-C20F03885E3B}" = lport=58836 | protocol=6 | dir=in | name=pando media booster |
"{2C164500-F48D-4CA8-BBA4-0011DD3E696D}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{2CC84BAF-8036-4EB8-972E-87F53885D5E3}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2F2088C4-4CCB-47AD-BFEC-9A3708983DA4}" = lport=58836 | protocol=17 | dir=in | name=pando media booster |
"{33177300-5511-40E0-8017-67417B0157DA}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{370E92D4-A2F6-4145-8248-BE5AF621B1AE}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{3B86A276-BB5B-488A-BE44-0CEFBD21C936}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{41A8C1CE-B4A9-424E-9F51-86381FD1E460}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{458D9831-6E21-44A7-BA0C-3EB9EC6F8D4A}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{4E0DE705-FCA3-4CA5-8D78-A4B42BD23B15}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{4F6754D6-5765-4287-BEF4-BFF1D3A2C1DD}" = lport=56649 | protocol=6 | dir=in | name=pando media booster |
"{5F5CF276-55F4-47C4-B1A4-7F9165234B5D}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{66308E85-7C8E-4C01-8666-E019231D9182}" = lport=2869 | protocol=6 | dir=in | app=system |
"{711E7854-8BB0-4575-A7EA-8A28BCB53D24}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{759B0545-5253-4371-94C3-3F53F9E5DC5D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{7BD69A08-37F4-4CBD-B642-976B8B4943F5}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7F2D5679-F748-4F58-ADCB-42C8F8EC84F2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8348E4ED-030D-4184-8B14-C44147E21210}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8CF4F1AF-8E78-4AC5-89B7-E3AFE8C8338D}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher |
"{972C946B-BC05-4777-B09E-4756DF9545EA}" = lport=56649 | protocol=6 | dir=in | name=pando media booster |
"{A3ABB964-5203-4BBC-9F16-D8C0E1310C2A}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{A3BD45A0-4CEA-4035-AD47-A384B7BD59B1}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{A91C9B56-1079-41B4-80EA-6DC22A8FCBAE}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{AF07A128-4177-4652-A0DE-D6B557727423}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B03AD641-CCBA-4A2F-B874-986475233359}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{B350221C-250F-422C-975C-72122960022A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B3968AC5-94C0-4B53-A8D8-BEF1CD47C90A}" = lport=58836 | protocol=17 | dir=in | name=pando media booster |
"{B3D83316-3347-4465-B70A-2A21B27ED1C0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B55A3477-6412-4BEC-A7D1-C180FE53E91F}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{B8A00E70-9098-479A-BBE4-6B2A1AB73384}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE9B1C27-78B6-44DC-9C6D-C966C29A0DD2}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C9B391DE-6DB9-45CF-8E83-657589CBFCD4}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{D242E794-545B-464E-B9B6-455F99448D22}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher |
"{D301E9E1-7472-42DD-9219-09C35CD2D212}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{E6B48BEE-1D9E-416E-B60D-F0B5FC490B86}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{EDB8603E-0880-4A17-9BBC-69CBD0E37C09}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{F172890A-709E-48BD-8F12-817DCE3830B3}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{FD12966F-9491-4726-B054-CAF69F24EC5D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2F109F-41D5-4CDD-A2BC-255439E03148}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0DE60C08-A65D-4C28-BEDF-B950C772A6C3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{0ED46E3B-C4C2-4A39-A72C-3546B8791ADF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{11BD108F-59E2-4C81-9075-02F98595AC3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{15D5FE2F-6902-4ECC-AB33-EDFEC60BFFEE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{17F015B0-88AB-4F80-AB5C-897967A7C4DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{1997CB69-D9FF-4032-9D9C-080E266C97E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{19A3692E-2EBD-4685-9528-4F57563D20B9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1BC9D349-145F-4315-BA60-6DD3858921EB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{22B56BDC-4992-4A02-9913-C23CA568DFDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22C3EA23-4DAA-452A-9574-A49C0456B648}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{23A1210A-8C17-45A4-A6A9-2715C1687BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{23DF935B-94B0-42C4-8718-D7ABBFA91A90}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2513A7B5-B54B-49CF-9F23-1C8350EA4991}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{2AEA8DB2-CAD2-431D-9A7D-81D9731C6F7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{32AEE2A2-CCE0-441A-B8D1-27EC79A73F0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{3ED2384A-7243-4A9D-B118-D69E80FDDC37}" = protocol=6 | dir=out | app=system |
"{40615F60-B7F6-4F2E-AA22-A4B7CA5F4CEC}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe |
"{423A39CF-9D41-48C3-8899-E4CEDF6152F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47976B25-DB52-4C4D-8AAD-0B760AD45034}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |
"{479C3C4C-3ABD-414A-ABFD-31328B58B741}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{4BFF7C2F-529B-4CE3-A1C9-A37F9DB147B2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4D7AEF71-3817-4D20-88BF-DBD22FBCDB83}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4D8D2D6F-CA15-43ED-97D9-C59CC170030A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{545BC801-CDC1-4263-B53F-02F367A0A1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\scrappykillu\counter-strike source\hl2.exe |
"{58E27B7B-96D8-4489-909B-CE4B4A8010F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5FBF25C4-32C1-410D-97E3-C29EDD1F5D92}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{60A78C44-8F47-43E0-9D7E-250569125520}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{62540490-D245-481C-AEB1-00F2BF52E61D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{62D2BE93-A00F-43BB-A025-2FA6FA985CB5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{63F91024-89D3-4198-A259-C0B491ABDFD2}" = protocol=17 | dir=in | app=c:\users\steve\appdata\local\apps\2.0\2jazh5jb.jo7\8cnv0xly.txk\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{662DC25B-D9BA-4E84-9E19-F57649CFE36D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{68ED1CA2-113D-4835-BEFC-E1E85657AA10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{69737031-E888-4175-BACC-B103137EAA70}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{6B1654CC-0B77-4244-95A0-2610B516BC78}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{6CCFE873-C59D-47FC-8040-FD1484371C27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2spdemo\fear2spdemo.exe |
"{6D55CEFC-8FF8-4A1E-A0F8-E3E9BC932EB3}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe |
"{6DF21D2D-01F0-452D-B196-6764F853E4B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{763F637E-E84F-475F-A3A4-3D3B662AE0CC}" = protocol=6 | dir=in | app=c:\users\steve\appdata\local\apps\2.0\2jazh5jb.jo7\8cnv0xly.txk\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{77771DD1-8AA9-4790-9C6B-2625AAAF8B2E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7AC4AD5A-A271-4908-A968-A91AEC4DDFFB}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{807E3F66-E4A7-4B85-86E5-133936EE3D53}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{835CBA69-E6F8-4372-A2E6-AC81D21AA94E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{84287DF3-A3B6-4B50-9774-138DCED77454}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{859A16E3-E994-4C29-9C4E-987763E4CE40}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8A6EBBCC-2A8C-4DE7-A0AC-04D1673E7E7F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{8FA5E67E-AE7F-4AD1-81D1-5E82159DFF18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{982E422E-769D-4B29-AC02-A0BDC0E54936}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\scrappykillu\counter-strike source\hl2.exe |
"{991155E7-CB83-4BA4-BD5F-3AC6CE1B53C9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A5C47568-356E-4C0B-AFD8-1E82F5795D85}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{A8B8BF20-D2DA-4912-BE33-D5AE7017A7ED}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{AACD18F4-FACE-4286-8788-C1AF926CD4F7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C12952C9-B815-42CB-B58C-880B88B7396D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C14F9528-47D4-4431-805B-1BAB2A9006F0}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{C1519D44-A22B-49FA-A587-CB840BC5EC94}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{C7A0B94F-1BF0-41E8-A2F4-A2E5275C4706}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2spdemo\fear2spdemo.exe |
"{CAA5B242-5547-4810-86C2-F426F0CA6FD4}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{CC2C1C74-B3F8-4736-9935-8FCF67E622A5}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{CCFEF797-CDD4-4A60-B2B2-3051EF134D74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF2CD5A1-DD26-4E0D-BF70-7136328EA795}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{E1027ABE-5FFE-4E8D-B70A-7F2363212843}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{E3D2E2F4-6454-47FE-ACA9-3776896494E9}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{E96376A4-3596-4FD8-AB56-D9C2C5A33B91}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{EC253DA3-7E6D-4A0B-AEFF-811511DE39F4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EC3D02D3-0E96-4461-A5EE-13CB3BD797EC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{ED8473D8-C3E1-487E-917D-13D22C302B09}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F0A48E78-52CE-4115-9F1A-275DB06CB090}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F33143DB-9A2E-43E5-8853-CEC37C08B958}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{F34EB761-555C-4C0E-AFE5-0C2A81FFBAEA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F7A17388-BE33-49EE-B177-184D93F1A01D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FA3E561D-1F2E-40D3-B02E-1DE9B11AA396}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FB1E8596-ADC2-4A78-9023-09473718F039}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{FE0DA6ED-911D-4D05-9D47-4EACFA28AD9D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{FE32C0CB-7ECD-4DA1-94C8-D4B2EEF0613E}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{FFB027B9-0089-483E-8F47-5267E45B5FAF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{C658185E-C3A7-4881-AAE0-333269455342}C:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe |
"UDP Query User{1CEA9B45-AB69-4B35-972D-5A58882FB430}C:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C20E609-768A-4FDC-AC75-2CE466D81506}" = Calisto DFU Driver (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7A92C561-A1D5-11E0-92E1-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F26D0153-CD17-4662-8592-DD98498DE6E4}" = HP Photosmart 5510d series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07AFE62D73C8799E9E5689F86FB9F48389717BA3" = Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports  (04/21/2009 5.1)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"sp6" = Logitech SetPoint 6.52
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DD4AE91-9B21-C9BF-ABA3-54CE54B8A4C5}" = TORParse
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B85D446-9E14-4309-BC3E-8E0940827BD3}" = TurboTax 2013 wcaiper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92C1B9C1-367D-4227-95D4-660412AFFD0D}" = Plantronics Spokes Software
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B31CBE7A-2542-E165-D79C-0CD159BEB50B}" = TouchScreen Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}" = Mumble 1.2.5
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DMIDI" = Creative 3DMIDI Player
"3ivx MPEG-4 5.0.2" = 3ivx MPEG-4 5.0.2 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AudioCS" = Creative Audio Control Panel
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"com.goodman.Touchscreen.Assistant" = TouchScreen Assistant
"com.torparse.TorparseApplication" = TORParse
"Console Launcher" = Creative Console Launcher
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo III" = Diablo III
"Diagnostics 4_5" = Creative Diagnostics
"Download Manager" = Download Manager 2.3.10
"EA Installer.1635480076" = EA Installer
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"HP Photo Creations" = HP Photo Creations
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"NETGEAR Genie" = NETGEAR Genie
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PowerISO" = PowerISO
"PrecisionX" = EVGA Precision X 4.2.1
"PunkBusterSvc" = PunkBuster Services
"Q2FsbG9mRHV0eUdob3N0cw==_is1" = Call of Duty Ghosts
"Revo Uninstaller" = Revo Uninstaller 1.94
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"TurboTax 2013" = TurboTax 2013
"uTorrent" = µTorrent
"V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1" = Wolfenstein: The New Order
"View22" = View22
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.3.0
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/28/2014 5:41:21 PM | Computer Name = Steve7Ultimate-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/28/2014 5:54:18 PM | Computer Name = Steve7Ultimate-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 7/28/2014 5:54:18 PM | Computer Name = Steve7Ultimate-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 7/28/2014 6:03:40 PM | Computer Name = Steve7Ultimate-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 7/28/2014 6:03:40 PM | Computer Name = Steve7Ultimate-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 7/28/2014 6:04:30 PM | Computer Name = Steve7Ultimate-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/28/2014 6:08:23 PM | Computer Name = Steve7Ultimate-PC | Source = VSS | ID = 8193
Description =
 
Error - 7/28/2014 6:21:38 PM | Computer Name = Steve7Ultimate-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1870    Start Time:
 01cfaab016774504    Termination Time: 0    Application Path: C:\Windows\SysWOW64\config\systemprofile\Desktop\OTL.exe

Report
 Id:   
 
Error - 7/28/2014 6:24:44 PM | Computer Name = Steve7Ultimate-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: c60    Start Time:
 01cfaab298106393    Termination Time: 0    Application Path: C:\Windows\SysWOW64\config\systemprofile\Desktop\OTL.exe

Report
 Id:   
 
Error - 7/28/2014 6:26:08 PM | Computer Name = Steve7Ultimate-PC | Source = VSS | ID = 8193
Description =
 
[ System Events ]
Error - 7/27/2014 2:14:21 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7038
Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService
 with the currently configured password due to the following error:   %%1352    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 7/27/2014 2:14:21 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7000
Description = The IPsec Policy Agent service failed to start due to the following
 error:   %%1069
 
Error - 7/27/2014 2:14:21 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7038
Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService
 with the currently configured password due to the following error:   %%1352    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 7/27/2014 2:14:21 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7000
Description = The IPsec Policy Agent service failed to start due to the following
 error:   %%1069
 
Error - 7/27/2014 2:14:21 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7038
Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService
 with the currently configured password due to the following error:   %%1352    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 7/27/2014 2:14:21 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7000
Description = The IPsec Policy Agent service failed to start due to the following
 error:   %%1069
 
Error - 7/27/2014 2:14:25 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error:   %%13
 
Error - 7/27/2014 2:34:35 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TfFsMon  TFSysMon
 
Error - 7/27/2014 2:34:38 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 7/28/2014 5:40:32 PM | Computer Name = Steve7Ultimate-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TfFsMon  TFSysMon
 
 
< End of report >
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 PM

Posted 29 July 2014 - 07:54 AM

Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1673337759-4252953613-1966940125-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall


    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ==============


#11 sdsteve760

sdsteve760
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 29 July 2014 - 05:26 PM

hello things have gone from bad to worse. I cant open any of my internets now mozilla or explorer cant change any setting in security or control panel. I am getting error message

Windows security

These files cant be opened

your internet security settings prevented one or more files from being opened

I tried downloading from laptop to external HD and running it from there same message. I am at a total loss ATM I cant seem to do anything from my system. same error message everything I do.

 

correction if I troubleshoot compatibility and run as windows xp mode it will run I think. Is this ok?


Edited by sdsteve760, 29 July 2014 - 05:34 PM.


#12 sdsteve760

sdsteve760
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 July 2014 - 07:43 AM

Hi I have backed up all my files pictures music etc to my external hard drive. How do I know if these files are infected with the virus? At what point do I need to decide to reinstall windows? Would this even get rid of the virus?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 PM

Posted 30 July 2014 - 08:03 AM


Before reformatting and reinstalling the operating systems I suggest you check your Boot sector.
Run these tools and post the logs for my review.


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#14 sdsteve760

sdsteve760
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 July 2014 - 08:07 AM

I can try to run these programs but like stated in my previous reply the virus is blocking me from running anything unless I run troubleshoot compatibility and run in xp mode. Is this ok? If not I won't be able to run anything. Thanks for your response.

Edited by sdsteve760, 30 July 2014 - 08:08 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 PM

Posted 30 July 2014 - 08:36 AM

Can you restore your computer to this point.?

Restore point made on: 2014-07-04 23:00:15

Or earlier if you can.

How to:
http://windows.microsoft.com/en-CA/windows7/products/features/system-restore




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users