Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Continue Zip Opener Installation.lnk Malware

  1. #1
    Junior Member
    Join Date
    Sep 2013
    Posts
    11

    Angry Continue Zip Opener Installation.lnk Malware

    Hi - First, I really appreciate that something like this exists, and would gladly donate for any assistance.

    I have a file on my wife's desktop that I cannot remove called "Continue Zip Opener Installation.lnk" which had full system access before I attempted to disable it yesterday. I cannot remove it's access to Special Permissions however, and cannot delete the file. The file has never been run to my knowledge.

    FYI: Before I found this forum, I ran Windows Security Essentials, which supposedly found and removed a threat. I did not save a log at the time, but I know it mentioned 6 files being infected associated with 3 music files on the E:\ drive from an older desktop I put into this machine, which were subsequently deleted. *edit* found History of scan:

    Detected Item: TrojanDownloader:ASX/Wimad.CJ
    Alert Level: Severe
    Action Taken: Removed

    Category: Trojan Downloader
    Description: This program is dangerous and downloads other programs.
    Recommended action: Remove this software immediately.


    Items:
    containerfile:E:\Users\Amanda\Desktop\Music\Smashing Pumpkins\Smashing Pumpkins The - Beautiful.wma
    containerfile:E:\Users\Amanda\Desktop\Music\Smashing Pumpkins\smashing pumpkins the - home.wma
    containerfile:E:\Users\Amanda\Desktop\Music\Smashing Pumpkins\Smashing Pumpkins The - Shame.wma
    file:E:\Users\Amanda\Desktop\Music\Smashing Pumpkins\Smashing Pumpkins The - Beautiful.wma->(ASF_Script_Commands)
    file:E:\Users\Amanda\Desktop\Music\Smashing Pumpkins\smashing pumpkins the - home.wma->(ASF_Script_Commands)
    file:E:\Users\Amanda\Desktop\Music\Smashing Pumpkins\Smashing Pumpkins The - Shame.wma->(ASF_Script_Commands)

    Get more information about this item online.



    I also ran the Microsoft Malicious Software Removal Tool, which found no problems.

    A google search of this desktop icon's name leads to three results on the McAffee Antivirus Pages:
    1

    3

    I do not own McAfee AntiVirus, but I did download a trial version. I have not run it yet.



    DDS.txt




    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
    Run by Petry at 22:13:53 on 2013-09-06
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8077.3929 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Lucidlogix Technologies\VIRTU MVP\lucidservices.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\MsSpellCheckingFacility.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\WUDFHost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Amanda\Downloads\Windows-KB890830-x64-V5.3.exe
    c:\9822b4af798adc88d7\mrtstub.exe
    C:\Windows\system32\MRT.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Petry\AppData\Local\Temp\McInstallTemp\Install.exe
    C:\Users\Petry\AppData\Local\Temp\MCINST~2\McItInfo.exe
    C:\Windows\system32\mfevtps.exe
    C:\Users\Petry\AppData\Local\Temp\McInstallTemp\SelfProtect\Win64\aploader.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.dell.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [ASRockXTU] <no file>
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
    DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{3D5B7E30-A1D7-4B2D-8110-33A4C00E09A6} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
    R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-4-20 34640]
    R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-4-20 652344]
    R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-4-20 28216]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-8-7 776168]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2013-4-28 166400]
    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-4-28 128512]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-4-20 129856]
    R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-4-20 166720]
    R2 LucidSrv;LucidSrv;C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe [2013-4-20 16616]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-9-6 182752]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-4-20 365344]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
    R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
    R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-4-20 32344]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-20 565352]
    R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2013-4-20 97512]
    R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-4-20 34752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-20 14904]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-22 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-09-07 01:57:01 182752 ----a-w- C:\Windows\System32\mfevtps.exe.d986.deleteme
    2013-09-07 01:56:58 -------- d-----w- C:\Program Files\Common Files\McAfee
    2013-09-07 01:01:22 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D5E01F3-BAB3-4F77-8E95-CB34A5367801}\mpengine.dll
    2013-09-07 00:44:52 -------- d-----w- C:\9822b4af798adc88d7
    2013-09-06 00:42:22 -------- d-----w- C:\Windows\SysWow64\BestPractices
    2013-09-06 00:42:22 -------- d-----w- C:\Program Files\Microsoft Games
    2013-09-06 00:42:04 -------- d-----w- C:\Windows\System32\BestPractices
    2013-09-06 00:41:37 -------- d-----w- C:\inetpub
    2013-09-06 00:28:26 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74A41AA2-B836-4AD4-B038-80A2ECE81DE5}\gapaengine.dll
    2013-09-06 00:28:23 9515512 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-09-06 00:27:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2013-09-06 00:27:23 -------- d-----w- C:\Program Files\Microsoft Security Client
    2013-09-06 00:24:51 -------- d-----w- C:\2cfd6d4da2c50c6d0e9748ed64
    2013-09-04 01:01:41 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{657D8B6F-72D9-4CAD-9238-B58F6DA8CC1C}\mpengine.dll
    2013-08-29 22:51:52 -------- d-----w- C:\Program Files\iPod
    2013-08-29 22:51:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-08-29 22:51:51 -------- d-----w- C:\Program Files\iTunes
    2013-08-29 22:51:51 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-08-28 07:46:24 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
    2013-08-28 07:18:22 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2013-08-28 07:18:22 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2013-08-28 07:18:22 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2013-08-28 07:18:22 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-08-28 07:15:05 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2013-08-28 07:15:05 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2013-08-28 07:15:03 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2013-08-28 07:15:03 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2013-08-28 07:15:03 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2013-08-28 07:15:03 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2013-08-28 07:15:03 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2013-08-27 18:48:03 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2013-08-27 18:48:03 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2013-08-27 18:48:03 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2013-08-27 18:48:03 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2013-08-27 18:48:00 2871808 ----a-w- C:\Windows\explorer.exe
    2013-08-27 18:48:00 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
    2013-08-27 18:46:32 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-08-27 18:45:49 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-08-27 18:45:48 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-08-27 18:45:48 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-08-27 18:45:47 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2013-08-27 18:45:47 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2013-08-27 18:45:46 503808 ----a-w- C:\Windows\System32\srcore.dll
    2013-08-27 18:45:45 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2013-08-27 18:45:44 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-08-27 18:45:44 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-08-27 18:45:43 67072 ----a-w- C:\Windows\splwow64.exe
    2013-08-27 18:45:43 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2013-08-27 04:51:12 -------- d-----w- C:\Windows\en
    2013-08-27 04:50:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2013-08-27 04:45:44 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4829a4951cea2e003\DSETUP.dll
    2013-08-27 04:45:44 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4829a4951cea2e003\DXSETUP.exe
    2013-08-27 04:45:44 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4829a4951cea2e003\dsetup32.dll
    2013-08-27 04:45:40 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\472f144a1cea2e002\DSETUP.dll
    2013-08-27 04:45:40 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\472f144a1cea2e002\DXSETUP.exe
    2013-08-27 04:45:40 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\472f144a1cea2e002\dsetup32.dll
    2013-08-27 04:45:38 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44e3e3311cea2e001\DSETUP.dll
    2013-08-27 04:45:38 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44e3e3311cea2e001\DXSETUP.exe
    2013-08-27 04:45:38 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44e3e3311cea2e001\dsetup32.dll
    2013-08-27 04:45:32 -------- d-----w- C:\Users\Petry\AppData\Local\Windows Live
    2013-08-27 04:42:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2013-08-21 01:02:54 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-08-14 03:37:16 -------- d-----w- C:\Windows\System32\MRT
    2013-08-13 22:55:08 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-08-13 22:55:08 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-08-13 22:55:07 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-08-13 22:55:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-08-13 22:55:07 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-08-13 22:55:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-08-13 22:55:07 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-08-13 22:55:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-08-13 22:55:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-08-13 22:55:02 2048 ----a-w- C:\Windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2013-08-28 07:46:24 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
    2013-08-21 23:20:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-21 23:20:27 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-13 18:57:35 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-13 18:57:35 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-07-13 18:57:35 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    .
    ============= FINISH: 22:14:44.93 ===============









    aswMBR Log

    For AV scan I only did a QuickScan (because I didn't notice this selection until after I ran it). I have two drives in this computer C:\ and E:\ so if I need to do anything different, please let me know.

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-09-06 22:32:57
    -----------------------------
    22:32:57.656 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:32:57.656 Number of processors: 4 586 0x3A09
    22:32:57.657 ComputerName: ZIG-PC UserName: Petry
    22:32:58.632 Initialize success
    22:35:45.238 AVAST engine defs: 13090601
    22:36:30.409 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    22:36:30.411 Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 11
    22:36:30.414 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000065
    22:36:30.417 Disk 1 Vendor: ATA_____ A750 Size: 953869MB BusType: 11
    22:36:30.502 Disk 1 MBR read successfully
    22:36:30.506 Disk 1 MBR scan
    22:36:30.567 Disk 1 Windows 7 default MBR code
    22:36:30.569 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:36:30.589 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 699900 MB offset 206848
    22:36:30.649 Disk 1 scanning C:\Windows\system32\drivers
    22:36:42.039 Service scanning
    22:37:10.738 Modules scanning
    22:37:10.742 Disk 1 trace - called modules:
    22:37:11.098 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
    22:37:11.104 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80097bb060]
    22:37:11.109 3 CLASSPNP.SYS[fffff880011d043f] -> nt!IofCallDriver -> [0xfffffa80079f9c50]
    22:37:11.114 5 iaStorF.sys[fffff880018d49a0] -> nt!IofCallDriver -> \Device\00000065[0xfffffa80079099c0]
    22:37:12.100 AVAST engine scan C:\Windows
    22:37:14.297 AVAST engine scan C:\Windows\system32
    22:40:42.778 AVAST engine scan C:\Windows\system32\drivers
    22:41:01.099 AVAST engine scan C:\Users\Petry
    22:45:13.528 Disk 1 MBR has been saved successfully to "C:\Users\Amanda\Desktop\MBR.dat"
    22:45:13.557 The log file has been saved successfully to "C:\Users\Amanda\Desktop\aswMBR.txt"

    This scan wasn't complete when I posted the first log. My fault. Here is a complete aswMBR log. Thanks--

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-09-06 22:32:57
    -----------------------------
    22:32:57.656 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:32:57.656 Number of processors: 4 586 0x3A09
    22:32:57.657 ComputerName: ZIG-PC UserName: Petry
    22:32:58.632 Initialize success
    22:35:45.238 AVAST engine defs: 13090601
    22:36:30.409 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    22:36:30.411 Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 11
    22:36:30.414 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000065
    22:36:30.417 Disk 1 Vendor: ATA_____ A750 Size: 953869MB BusType: 11
    22:36:30.502 Disk 1 MBR read successfully
    22:36:30.506 Disk 1 MBR scan
    22:36:30.567 Disk 1 Windows 7 default MBR code
    22:36:30.569 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:36:30.589 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 699900 MB offset 206848
    22:36:30.649 Disk 1 scanning C:\Windows\system32\drivers
    22:36:42.039 Service scanning
    22:37:10.738 Modules scanning
    22:37:10.742 Disk 1 trace - called modules:
    22:37:11.098 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
    22:37:11.104 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80097bb060]
    22:37:11.109 3 CLASSPNP.SYS[fffff880011d043f] -> nt!IofCallDriver -> [0xfffffa80079f9c50]
    22:37:11.114 5 iaStorF.sys[fffff880018d49a0] -> nt!IofCallDriver -> \Device\00000065[0xfffffa80079099c0]
    22:37:12.100 AVAST engine scan C:\Windows
    22:37:14.297 AVAST engine scan C:\Windows\system32
    22:40:42.778 AVAST engine scan C:\Windows\system32\drivers
    22:41:01.099 AVAST engine scan C:\Users\Petry
    22:45:13.528 Disk 1 MBR has been saved successfully to "C:\Users\Amanda\Desktop\MBR.dat"
    22:45:13.557 The log file has been saved successfully to "C:\Users\Amanda\Desktop\aswMBR.txt"
    23:00:33.445 AVAST engine scan C:\ProgramData
    23:01:10.697 Scan finished successfully
    23:02:01.857 Disk 1 MBR has been saved successfully to "C:\Users\Amanda\Desktop\MBR.dat"
    23:02:01.887 The log file has been saved successfully to "C:\Users\Amanda\Desktop\aswMBR.txt"

    Sorry, not sure what happened with editing hyperlinks up above, but one of them disappeared.

    Here are the three links to the information:
    http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=3924055#none
    http://home.mcafee.com/virusinfo/virusprofile.aspx?key=3248815#none
    http://home.mcafee.com/virusinfo/virusprofile.aspx?key=3369990#
    Attached Files Attached Files
    Last edited by tashi; 2013-09-07 at 20:10. Reason: Merged 3 posts, please refer to the FAQ and don't add posts before someone responds. ;-)

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi EveryZig,

    Sorry for the delay, if you still require assistance please continue:

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    Important: All tools MUST be run from the Desktop.

    =========================

    P2P - (Peer to Peer)

    I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall this now.

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
    • uTorrent
    If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

    =========================

    Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    OTL

    Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      services.*
      /md5stop
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    =========================

    In your next post please provide the following:
    • checkup.txt
    • OTL.txt
    • Extras.txt
    • How is the computer running at the moment?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Junior Member
    Join Date
    Sep 2013
    Posts
    11

    Default

    Extras.txt


    OTL Extras logfile created on: 9/23/2013 8:12:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petry\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.89 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 76.55% Memory free
    15.77 Gb Paging File | 11.70 Gb Available in Paging File | 74.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 683.50 Gb Total Space | 455.73 Gb Free Space | 66.68% Space Free | Partition Type: NTFS
    Drive E: | 69.80 Gb Total Space | 9.69 Gb Free Space | 13.88% Space Free | Partition Type: NTFS

    Computer Name: ZIG-PC | User Name: Petry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00E718ED-CD8E-413E-B2E3-2585B232B1BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{0161BE91-C57D-4559-AFF5-BAF2756F121D}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{06AF7FA2-256E-4EAF-BD44-1B2328A9D0F2}" = rport=445 | protocol=6 | dir=out | app=system |
    "{09FB8CC6-D924-432E-9D73-E0370841D3F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
    "{0A112DFF-30C2-4933-B039-E540E5152801}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{11FCE424-885A-45A8-AF01-5AFEA787AACB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{16111A8A-6D7E-4747-B127-8BD9DF6C3C4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{29FCB340-FF8A-429C-BE1A-B4FBD855A122}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{41CE9038-629B-4F77-80E5-B0EB61C8EE25}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{49C31D13-5E8F-4B5C-A5C5-C4613A2B2C6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4D065DC6-65B4-4B5A-ABD2-D15F74CEC147}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{4DA79B58-4302-4218-BF89-54A221525A77}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{50ACBFD9-60C7-454A-9933-51E7F792B5A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{5289EB75-69F5-4591-966F-44717137F68F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5A04C8C1-627F-4B62-BCF2-728750F1E797}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{5ED392DF-6F3C-455F-82A8-85EB3558972B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{60E13D57-E787-49DB-8869-691294B45BF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{6179A8C9-B8F1-4850-90C1-93966F9BB8B6}" = rport=139 | protocol=6 | dir=out | app=system |
    "{627391F9-1155-4900-9E6C-5782864FABF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{69C8F175-5D7A-4BA3-A483-103B3F762218}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{7E6188E9-4F19-4C95-BBC9-47F5B2C37B9D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{7F42C4E6-A137-4708-BFAF-4B7EB1496A85}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{80D7C95D-BFE5-4E09-A74C-098CC7C4BD5C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{84936990-E413-4FC0-B6E2-CB2AB7B931C3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{859F2124-9553-4364-93C4-6FE117E08B95}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{88687C71-BF98-48D2-B87A-1470EA55357A}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{8B9F4567-31FB-47F0-92A2-1DA814C970FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9129B6B9-A3D3-4916-8B0C-55BA0F56D5A5}" = lport=137 | protocol=17 | dir=in | app=system |
    "{979D45B9-DA5F-4F08-BCCE-BCDFE6A6A6A3}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{98A40DEF-30B0-4943-91BF-B62B933D63F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9CD9BCD7-1F09-401C-BE69-3243523A9431}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{A2DB9C4E-8067-4FA8-B4AD-E5150016423B}" = lport=10245 | protocol=6 | dir=in | app=system |
    "{A493F3EA-9B2A-49A8-9F1C-A730D966EDAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A5D4300A-1C18-4A00-BAFB-9057A6629F8A}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{AC0031EC-BAD5-400B-83D9-C64B0E4EC38E}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{AC9C374F-3C78-4804-BEBA-E82ED07807FD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{AE7075DF-49D9-40A1-B566-9F48EC530E65}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{B40FC460-5124-4BA8-BAD5-0DE3C9E69D11}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BAAA4C46-B0CA-491A-9000-9944B96A004D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{C37A5C1B-0318-4A81-8837-96611496B720}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C69C77C1-9462-4360-894F-7D31369472DC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CA79328A-873F-4DA9-9899-05F8FC6C9737}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CB5BA03F-4B1C-4CB3-BF61-B361F1FAB7A9}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{D8BCD576-EE08-4757-AC36-CC8F94D87231}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{E09AEB66-9056-4F4B-8539-9562EA3C9859}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{E236673A-E0BF-4989-98CF-6D16A751021C}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{EAB2517D-70D4-43D2-A678-6B136761B6A2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EDCED1B1-D50E-4A61-82D3-7C321A869C92}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{EF2FEF26-BB97-40FD-AD3B-2FE2365D8046}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F5E47148-C252-41C2-9C62-2B492D58C006}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{FA74F5D3-AD38-4BBE-8AB9-497E6F74A184}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{FB4B41BF-F196-4B0E-B730-7456A1B0CD17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{FDF82F93-0019-492D-864C-52CA65CBC160}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FE113F19-84CE-4D89-A8D1-72BD5A0B69A2}" = lport=139 | protocol=6 | dir=in | app=system |
    "{FEBFC1D9-64FA-4BAA-971A-0B61E3F644A3}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01E787EF-1441-462B-92AA-426C8F023217}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{01F65ED0-F9F0-4354-9A2D-3E3EF3E1DDBD}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
    "{02C782A3-02E0-44B1-A824-EEEAF7A1E7A3}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{091D0616-D24B-493A-85B0-515D8774DB33}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{0CA266BF-94C1-4695-9E7C-DEA39264B9CE}" = protocol=6 | dir=in | app=c:\users\petry\appdata\local\temp\7zs33b7.tmp\symnrt.exe |
    "{0CE4FFE6-C17F-4D46-81B4-40861BDA7A4B}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
    "{1776899E-EC19-4EF0-8C60-B4307B69BFA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{1B52CDD6-56F2-42EA-8DE3-8EF78D68C629}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{1B831F71-8704-49F4-B99F-86BDD7F9287D}" = protocol=6 | dir=in | app=c:\users\petry\appdata\roaming\utorrent\utorrent.exe |
    "{1C8E7BD1-3B9D-44A3-BFE6-23E9C4FFBBA6}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
    "{1DA8B27B-4FD2-41C9-8F6E-A0EAD3BE745A}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
    "{1F5ACC3D-0622-40FD-935C-F3A714A36DF8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{2018C851-6C90-4C58-9804-3B440C20C87B}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
    "{265406F8-BFC6-4D7B-A92A-012BA974E564}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{2FC862EA-E894-4356-B60C-206CE3ADCCF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
    "{3820130C-1BC3-4BC1-8102-971154BF6FB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3A7C37A7-2D5A-49ED-9F23-E36C66005E63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3AF6ED01-E6CF-492E-B7F3-6B12DC15CE40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{3C25EA83-91F0-4E27-A584-4999CE2879C7}" = protocol=17 | dir=in | app=c:\users\petry\appdata\roaming\utorrent\utorrent.exe |
    "{3C370EEB-6B40-43E0-9673-E485B69AC8F4}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{41A54E91-AEE3-4CE6-9C56-73132D1C87F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{4FF4AE7E-0700-497F-B557-FF181A2A5502}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "{543F653E-079F-4E68-9E48-855EC8D570AE}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
    "{5A1E7035-17DA-4F2C-B46F-E8056598A153}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
    "{5BAE16F1-A1DD-43BD-B9CE-1293714239F9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{5BEE64BC-6ED7-4390-B803-CF06A2876BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5C48CEEB-FC52-465C-9F11-B94275323672}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
    "{63CF37AC-322B-499E-87F5-CB3E26702B41}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{64078EF2-7449-4D46-A617-9B44B4D8BC10}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{6AE217EB-4F15-4093-865C-1BB0EF182450}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
    "{6EFFBAFA-625F-45B3-AC6C-60E8874251D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{75570583-F826-4C7D-849A-89889DDFB173}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{75BA272A-9FE3-4FF0-96B3-19D4743B8C0F}" = protocol=6 | dir=in | app=c:\users\petry\appdata\local\temp\7zse6d5.tmp\symnrt.exe |
    "{77F0FEBA-4160-4150-9380-C9E6E3841687}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{78769B9B-FCCF-4FA2-86BF-1B3955574E87}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
    "{79A26813-CAF3-4FDB-A521-E14BA7E62EE4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7AD22559-F316-4BFC-9A6E-DF96F6F625B6}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{7CA2BD72-64AE-4404-9B7A-067D7F8AF1F4}" = protocol=6 | dir=out | app=system |
    "{807C93F8-4060-4664-92B6-D661F29E7380}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{8216089A-BDA3-4B74-98BA-B865005086F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
    "{84C3CB21-1C43-4B11-9D11-E375896A16AC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{898332C6-E282-45B3-BF98-86D79DD1235D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{89D9CE2F-1310-4580-868C-BBDB119AD445}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
    "{8DD1F8BE-4812-4C3B-A1D1-522A02DED2E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\surgeon simulator 2013\ss2013.exe |
    "{9062C79C-0524-4B55-A0CA-2382C5E36CE7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{9228D39E-F08B-43EE-B9D0-BFB13FFFD119}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{930CD973-E2BD-4582-B16F-D883F7A402A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{94316272-9C49-4A2D-9334-BD54EFBD18BB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
    "{954FAA27-28F7-451A-B0C2-509CB550C715}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "{9B3372F6-DB6B-46BB-9FA0-528D29F2EAD4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9D86F633-B361-48E3-9FAB-1446AF82FF34}" = protocol=17 | dir=in | app=c:\users\petry\appdata\local\temp\7zs33b7.tmp\symnrt.exe |
    "{9E8DEE92-2ABB-4610-9ADC-E68D3788AE17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
    "{A0E92F86-3652-4823-BFF4-2AF2BE83045E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{A1540269-77CD-4AA8-A898-AD974AB22D90}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A21CFD9D-2F6B-471E-9EA2-FB0E6BFBE821}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A5DED148-A0F1-4085-8713-6F7368D87A0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
    "{A699F9FE-CB4C-4AA4-99E2-F3C9E6F06FB9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AC5EAA54-1FFF-46E4-9177-5E8A5F64B409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{ACFE4D09-1D7F-4A3B-8966-600CD7711EF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AFB58F73-9E72-45CC-B41C-13FD7B099893}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\surgeon simulator 2013\ss2013.exe |
    "{B2DCC398-0132-45B1-89A4-FF5FE7FD8A84}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "{B3601858-F6E2-424E-84DA-B993CDCDD2BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{B7E6630F-EC4E-469D-B668-EC5E84581781}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{BCDC5A50-E216-4F84-AD3F-821B239FE456}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BD173915-AEFF-443C-87EA-BC14F4EA00DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BE276575-A452-4A28-80DB-FCBBC026D9CE}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{BFB46AA5-0F3D-4203-8A68-E5705709F769}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C117FDD0-E950-451A-A0B9-85337B4B3F3B}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
    "{C35912B4-BE93-4F1F-B663-BE05D23B862D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{C4B7222A-B288-4BF0-B0BA-919DAB0ACB21}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
    "{C704CDCD-7C65-40B9-880A-A22D0B6BDA70}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
    "{D5FA93E9-1383-4985-9E37-53D82C7F2851}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D897E6B5-B862-4E89-8F03-105F5EC29482}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "{DE06563A-749E-48D0-819A-73965E4AFEC7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
    "{DEC62C94-30F8-4152-ADD9-4AC2A125507F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E445D25F-A010-4180-A275-00DA846D087D}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{E55E9CCD-6886-48E7-BD91-2E5779427CC9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E90B384A-ED4A-46DC-B050-C7E5439520A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{EA0B4200-D9A2-46F4-BA2B-25F575B28E76}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
    "{EB4AEFE7-E9C9-4530-8964-97A7855D8A9C}" = protocol=17 | dir=in | app=c:\users\petry\appdata\local\temp\7zse6d5.tmp\symnrt.exe |
    "{F086DA22-3A29-48C8-99BC-D975D6D89F06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F1995755-9CE3-4BBC-90DB-721546719822}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{F374F39B-EC63-43A2-B002-1F7C71961A3E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{F66172AA-74FC-46B1-8828-5A205226F80B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
    "{FCD94AB6-5D08-4DD9-AE3F-59467E93551C}" = protocol=6 | dir=in | app=c:\users\petry\appdata\roaming\dropbox\bin\dropbox.exe |
    "{FEC76F28-2164-4883-BFF0-8C4066802163}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{FF02FCA2-8C46-4E6D-B41B-D34DB20A1110}" = protocol=17 | dir=in | app=c:\users\petry\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{11D2B478-E86F-4FB6-8D7D-CB660C3BE1FF}C:\users\petry\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\petry\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{4D15E041-DD22-4CD6-86FA-2A75406A89C1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{8EBFC04F-3E84-4468-8DC3-97D1C213B1A7}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{ACC13D07-DA26-4E98-9459-4E234E192CBB}C:\users\petry\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\petry\appdata\roaming\spotify\spotify.exe |

  4. #4
    Junior Member
    Join Date
    Sep 2013
    Posts
    11

    Default

    Computer is running fine, maybe a bit slower than it has been, but overall fine. I was unsure if I was going to get a response, so I did download and run McAfee (the only one that recognized this file as malware). Hopefully that doesn't mess anything up. I also deleted the offending program off of my desktop (after figuring that, in an effort to quarantine the program, i had removed all permissions for everyone to do everything relating to that file..including deleting it. after regranting some permissions, i was able to delete the file...again, sorry if this makes your job harder.)

    Also, the offending file was on my wife's Windows profile, and I originally ran the first post scans on her desktop. I ran these programs off of my own profile....does this make any difference? I noted that there was a "Scan All Users" option in the OTL program.


    Security Check

    Results of screen317's Security Check version 0.99.73
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 25
    Mozilla Thunderbird (17.0.8)
    Google Chrome 29.0.1547.66
    Google Chrome 29.0.1547.76
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````





    [U]OTL.txt/U]

    While running OTL I got an error, that no hard disk was installed. It wouldn't let me copy the exact error message. I tried "try again", with no success, so after cancelling it continued to run the scan.

    OTL logfile created on: 9/23/2013 8:12:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petry\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.89 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 76.55% Memory free
    15.77 Gb Paging File | 11.70 Gb Available in Paging File | 74.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 683.50 Gb Total Space | 455.73 Gb Free Space | 66.68% Space Free | Partition Type: NTFS
    Drive E: | 69.80 Gb Total Space | 9.69 Gb Free Space | 13.88% Space Free | Partition Type: NTFS

    Computer Name: ZIG-PC | User Name: Petry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Petry\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Users\Petry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
    PRC - C:\Program Files\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe (Software Security System)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\0601f9789858f40777a4219a6bd7b3fe\System.WorkflowServices.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9fa70774f4fdb66f3f500c46fa3ac824\System.ServiceModel.Discovery.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3fae818d7b77ce74ea15675ec06d2b1f\System.ServiceModel.Routing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d9d0cfcd2148c32aeb8dc27530903125\System.ServiceModel.Channels.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f66b00ba5a843cc8c3d8a133c6523443\System.ServiceModel.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ad71a48cf5a6828d4e07f78e50a9eb54\System.ServiceModel.Activities.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\224d59cb515eb3660e0b4d4530f946bc\System.IdentityModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\069130d01589ff7ead36c597b37fcdf7\System.ServiceModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\3be1eaa4f2962fe60a2eeb671a4ea535\IAStorDataMgrSvcInterfaces.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d82770dc4e5fee30ca8a7244bf7f613a\System.Runtime.DurableInstancing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\420022aad3481c670eb86a4ca72d5b43\System.Runtime.Serialization.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\ac9ee7b598cb72fef20e6c18608ba0cc\IAStorCommon.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\b3e963577c3ac96568df806034aaeee6\IAStorUtil.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c25ede0d0127774c504c4fc41d4de273\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
    SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
    SRV:64bit: - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
    SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
    SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (LucidSrv) -- C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe (LucidLogix)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
    SRV:64bit: - (ISCTAgent) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
    SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
    SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
    SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
    SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
    SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
    SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys ()
    DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
    DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
    DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
    DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
    DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.)
    DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.)
    DRV:64bit: - (VirtuWDDM) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys (Lucidlogix Inc.)
    DRV:64bit: - (HP1319FAX) -- C:\Windows\SysNative\drivers\HP1319FAX.sys (Marvell Semiconductor, Inc.)
    DRV:64bit: - (HP1319EWS) -- C:\Windows\SysNative\drivers\HP1319EWS.sys (Marvell Semiconductor, Inc.)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
    DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
    DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (AsrRamDisk) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys (ASRock Inc.)
    DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
    DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
    DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
    DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
    DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
    DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
    DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
    IE - HKCU\..\SearchScopes\{B4D59789-ACEE-4BA4-83A5-1E7FA3EA6FD6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/04/20 17:48:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/15 21:42:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/15 21:42:58 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2013/04/20 20:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petry\AppData\Roaming\Mozilla\Extensions
    [2013/06/13 20:45:42 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
    CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
    CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
    CHR - Extension: Google Docs = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Docs = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Search = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
    CHR - Extension: Gmail = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Users\Petry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/04/20 17:41:33 | 000,001,805 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
    O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKCU..\Run: [1AD8D426D83A05779688F01D475E7FA4DED8C693._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKCU..\Run: [ASRockXTU] File not found
    O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
    O4 - HKCU..\Run: [EPSON NX620 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S9DF3.tmp" /EF "HKCU" File not found
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Petry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://games.king.com/ctl/kingcomie.cab (king.com)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/lau...0/iewwload.cab (WorldWinner ActiveX Launcher Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D5B7E30-A1D7-4B2D-8110-33A4C00E09A6}: NameServer = 71.242.0.12,71.250.0.12
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{8f83cff4-b06d-11e2-a13a-bc5ff48eef3d}\Shell - "" = AutoRun
    O33 - MountPoints2\{8f83cff4-b06d-11e2-a13a-bc5ff48eef3d}\Shell\AutoRun\command - "" = J:\setup.exe -a
    O33 - MountPoints2\{d5d69c6f-aa0e-11e2-8eaf-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{d5d69c6f-aa0e-11e2-8eaf-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

  5. #5
    Junior Member
    Join Date
    Sep 2013
    Posts
    11

    Default

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/23 20:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2013/09/23 20:11:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Petry\Desktop\OTL.exe
    [2013/09/21 09:09:09 | 000,016,896 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\HP1319FAX.sys
    [2013/09/21 09:09:07 | 002,219,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltwvc15u.dll
    [2013/09/21 09:09:07 | 001,711,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltclr15u.dll
    [2013/09/21 09:09:07 | 001,035,408 | ---- | C] (The OpenSSL Project) -- C:\Windows\SysWow64\ltcry15u.dll
    [2013/09/21 09:09:07 | 000,482,448 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltkrn15u.dll
    [2013/09/21 09:09:07 | 000,445,584 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltimgsfx15u.dll
    [2013/09/21 09:09:07 | 000,212,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltimgclr15u.dll
    [2013/09/21 09:09:07 | 000,117,904 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltimgutl15u.dll
    [2013/09/21 09:09:07 | 000,105,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltpnt15u.dll
    [2013/09/21 09:09:07 | 000,068,752 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltpdg15u.dll
    [2013/09/21 09:09:07 | 000,038,032 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltimgopt15u.dll
    [2013/09/21 09:09:06 | 000,646,288 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltdlgfile15u.dll
    [2013/09/21 09:09:06 | 000,302,224 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltimgcor15u.dll
    [2013/09/21 09:09:06 | 000,261,264 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTDIS15u.dll
    [2013/09/21 09:09:06 | 000,257,168 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltefx15u.dll
    [2013/09/21 09:09:06 | 000,232,592 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltdlgkrn15u.dll
    [2013/09/21 09:09:06 | 000,216,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltimgefx15u.dll
    [2013/09/21 09:09:06 | 000,150,672 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltfil15u.dll
    [2013/09/21 09:09:06 | 000,146,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Lftif15u.dll
    [2013/09/21 09:09:06 | 000,117,904 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Lttwn15u.dll
    [2013/09/21 09:09:06 | 000,064,656 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTCON15u.dll
    [2013/09/21 09:09:05 | 000,384,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Lfcmp15u.dll
    [2013/09/21 09:09:05 | 000,097,424 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Lffax15u.dll
    [2013/09/21 09:09:05 | 000,024,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Lfbmp15u.dll
    [2013/09/21 09:09:03 | 000,015,360 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\HP1319EWS.sys
    [2013/09/21 09:08:58 | 000,166,912 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\ZLM1319.DLL
    [2013/09/21 09:08:58 | 000,114,688 | ---- | C] (Marvell) -- C:\Windows\SysNative\HPMCoSetup.dll
    [2013/09/21 09:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2013/09/21 09:08:02 | 000,089,600 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\m1319wia2.dll
    [2013/09/14 22:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
    [2013/09/14 22:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
    [2013/09/14 22:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2013/09/14 22:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2013/09/14 22:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
    [2013/09/14 22:14:50 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine
    [2013/09/14 22:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
    [2013/09/14 22:08:00 | 000,182,752 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2013/09/12 03:09:31 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/09/12 03:09:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/09/12 03:09:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/09/12 03:09:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/09/12 03:09:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/09/12 03:09:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/09/12 03:09:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/09/12 03:09:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/09/12 03:09:29 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/09/12 03:09:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/09/12 03:09:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/09/12 03:09:26 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/09/12 03:09:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/09/12 03:09:25 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/09/12 03:09:24 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/09/11 06:07:07 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
    [2013/09/11 06:07:04 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/09/11 06:07:03 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/09/11 06:07:02 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/09/11 06:07:02 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2013/09/11 06:07:01 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013/09/11 06:07:01 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013/09/11 06:07:01 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/09/11 06:07:00 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013/09/11 06:07:00 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013/09/11 06:07:00 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/09/11 06:07:00 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
    [2013/09/11 06:07:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2013/09/11 06:07:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013/09/11 06:07:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/09/11 06:07:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013/09/11 06:07:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/09/11 06:07:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013/09/11 06:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013/09/11 06:06:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013/09/11 06:06:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/09/11 06:06:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/09/11 06:06:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
    [2013/09/11 06:06:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
    [2013/09/11 06:06:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013/09/11 06:06:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013/09/11 06:06:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013/09/11 06:06:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013/09/11 06:06:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013/09/11 06:06:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013/09/11 06:06:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/09/11 06:06:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
    [2013/09/06 22:13:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2013/09/06 22:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/09/06 22:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2013/09/06 21:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2013/09/06 14:36:20 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
    [2013/09/06 14:36:20 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
    [2013/09/06 14:36:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
    [2013/09/06 14:36:19 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
    [2013/09/06 14:36:19 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
    [2013/09/06 14:36:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
    [2013/09/06 14:36:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
    [2013/09/06 14:36:19 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
    [2013/09/06 14:36:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
    [2013/09/06 14:36:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
    [2013/09/06 14:36:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
    [2013/09/06 14:36:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
    [2013/09/05 20:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
    [2013/09/05 20:42:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
    [2013/09/05 20:42:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
    [2013/09/05 20:41:37 | 000,000,000 | ---D | C] -- C:\inetpub
    [2013/08/29 18:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/08/29 18:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/08/29 18:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/08/29 18:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/08/29 18:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2013/08/28 03:18:22 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2013/08/28 03:18:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2013/08/28 03:15:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2013/08/28 03:15:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2013/08/28 03:15:03 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2013/08/28 03:15:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2013/08/28 03:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/08/27 14:48:04 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
    [2013/08/27 14:48:03 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
    [2013/08/27 14:48:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
    [2013/08/27 14:48:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
    [2013/08/27 14:48:00 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
    [2013/08/27 14:48:00 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
    [2013/08/27 14:47:56 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
    [2013/08/27 14:47:52 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
    [2013/08/27 14:47:52 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
    [2013/08/27 14:47:52 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
    [2013/08/27 14:47:52 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
    [2013/08/27 14:47:52 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
    [2013/08/27 14:47:52 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
    [2013/08/27 14:47:52 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
    [2013/08/27 14:47:52 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
    [2013/08/27 14:47:52 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
    [2013/08/27 14:47:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
    [2013/08/27 14:47:52 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
    [2013/08/27 14:47:52 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
    [2013/08/27 14:47:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
    [2013/08/27 14:47:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
    [2013/08/27 14:47:47 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
    [2013/08/27 14:47:47 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
    [2013/08/27 14:47:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
    [2013/08/27 14:47:37 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
    [2013/08/27 14:47:37 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
    [2013/08/27 14:47:37 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
    [2013/08/27 14:47:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2013/08/27 14:47:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
    [2013/08/27 14:47:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
    [2013/08/27 14:47:29 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
    [2013/08/27 14:47:28 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
    [2013/08/27 14:47:23 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
    [2013/08/27 14:47:21 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
    [2013/08/27 14:47:21 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
    [2013/08/27 14:47:21 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
    [2013/08/27 14:47:21 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
    [2013/08/27 14:47:21 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
    [2013/08/27 14:47:21 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
    [2013/08/27 14:47:21 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
    [2013/08/27 14:47:21 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
    [2013/08/27 14:47:21 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
    [2013/08/27 14:47:21 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
    [2013/08/27 14:47:21 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
    [2013/08/27 14:47:21 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
    [2013/08/27 14:47:21 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
    [2013/08/27 14:47:21 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
    [2013/08/27 14:47:21 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
    [2013/08/27 14:47:21 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
    [2013/08/27 14:47:21 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
    [2013/08/27 14:47:21 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
    [2013/08/27 14:47:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
    [2013/08/27 14:47:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
    [2013/08/27 14:47:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
    [2013/08/27 14:47:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
    [2013/08/27 14:47:21 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
    [2013/08/27 14:47:21 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
    [2013/08/27 14:47:20 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
    [2013/08/27 14:47:20 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
    [2013/08/27 14:47:20 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
    [2013/08/27 14:47:20 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
    [2013/08/27 14:47:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
    [2013/08/27 14:47:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
    [2013/08/27 14:47:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
    [2013/08/27 14:47:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
    [2013/08/27 14:47:02 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
    [2013/08/27 14:46:32 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2013/08/27 14:46:32 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2013/08/27 14:46:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
    [2013/08/27 14:46:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
    [2013/08/27 14:46:07 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
    [2013/08/27 14:46:06 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
    [2013/08/27 14:46:06 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
    [2013/08/27 14:46:06 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
    [2013/08/27 14:46:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
    [2013/08/27 14:46:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
    [2013/08/27 14:46:06 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
    [2013/08/27 14:45:48 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/08/27 14:45:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
    [2013/08/27 14:45:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
    [2013/08/27 14:45:46 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2013/08/27 14:45:44 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/08/27 14:45:44 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/08/27 14:45:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2013/08/27 00:51:12 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2013/08/27 00:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2013/08/27 00:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2013/08/27 00:45:32 | 000,000,000 | ---D | C] -- C:\Users\Petry\AppData\Local\Windows Live
    [2013/08/27 00:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/09/23 20:16:24 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    [2013/09/23 20:11:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petry\Desktop\OTL.exe
    [2013/09/23 20:09:24 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/23 20:09:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/09/23 20:09:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/09/23 19:05:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    [2013/09/23 00:21:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/22 11:15:59 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    [2013/09/21 09:09:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HP1319FAX_01009.Wdf
    [2013/09/21 09:09:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HP1319EWS_01009.Wdf
    [2013/09/21 09:04:48 | 000,025,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/09/21 09:04:48 | 000,025,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/09/21 07:23:03 | 000,883,072 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/09/21 07:23:03 | 000,734,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/09/21 07:23:03 | 000,147,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/09/21 07:18:48 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
    [2013/09/21 07:18:36 | 2056,761,343 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/20 05:32:04 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/09/20 05:32:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/09/14 22:11:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/09/12 03:27:57 | 000,443,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/09/07 21:29:42 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2013/09/06 22:12:20 | 000,000,905 | ---- | M] () -- C:\Users\Petry\Desktop\ERUNT.lnk
    [2013/09/05 20:45:03 | 000,834,808 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/08/29 18:52:10 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/08/25 20:37:35 | 000,002,110 | ---- | M] () -- C:\Users\Petry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/21 09:09:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HP1319FAX_01009.Wdf
    [2013/09/21 09:09:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_HP1319EWS_01009.Wdf
    [2013/09/21 09:08:58 | 000,195,072 | ---- | C] () -- C:\Windows\SysNative\hpsfs.dll
    [2013/09/21 09:08:58 | 000,024,772 | ---- | C] () -- C:\Windows\M1319DEF.css
    [2013/09/21 09:08:58 | 000,009,731 | ---- | C] () -- C:\Windows\M1319BTN.js
    [2013/09/21 09:08:58 | 000,008,085 | ---- | C] () -- C:\Windows\M1319GLB.js
    [2013/09/21 09:08:58 | 000,002,944 | ---- | C] () -- C:\Windows\M1319SIG.gif
    [2013/09/21 09:08:02 | 000,405,504 | ---- | C] () -- C:\Windows\ZSM1319.EXE
    [2013/09/21 09:08:02 | 000,405,504 | ---- | C] () -- C:\Windows\SysNative\ZSM1319.EXE
    [2013/09/21 09:08:02 | 000,038,912 | ---- | C] () -- C:\Windows\SysNative\HPImgFlt.dll
    [2013/09/21 09:08:01 | 000,004,380 | ---- | C] () -- C:\Windows\M1319OS.htm
    [2013/09/14 22:22:38 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    [2013/09/14 22:22:03 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf
    [2013/09/14 22:21:58 | 000,002,951 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
    [2013/09/06 22:12:20 | 000,000,905 | ---- | C] () -- C:\Users\Petry\Desktop\ERUNT.lnk
    [2013/09/05 20:27:46 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2013/08/29 18:52:10 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/08/28 03:18:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2013/08/28 03:15:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2013/08/27 00:50:56 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    [2013/08/27 00:50:42 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    [2013/06/01 22:51:01 | 000,003,584 | ---- | C] () -- C:\Users\Petry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/05/31 21:18:38 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2013/04/28 20:41:16 | 000,000,071 | ---- | C] () -- C:\Windows\ESNX625.ini
    [2013/04/20 19:17:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\193847656
    [2013/04/20 18:25:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2013/04/20 18:08:24 | 000,834,808 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/04/20 17:34:09 | 000,000,003 | ---- | C] () -- C:\Users\Petry\AppData\Local\user_data.ini
    [2012/12/19 15:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/12/19 15:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/09/17 16:24:18 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
    [2012/09/17 16:23:54 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/09/17 16:23:50 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
    [2012/06/19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
    [2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/05/02 20:16:51 | 000,000,000 | ---D | M] -- C:\Users\Petry\AppData\Roaming\.mono
    [2013/08/29 19:54:15 | 000,000,000 | ---D | M] -- C:\Users\Petry\AppData\Roaming\Dropbox
    [2013/05/06 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Petry\AppData\Roaming\Epson
    [2013/06/28 22:05:47 | 000,000,000 | ---D | M] -- C:\Users\Petry\AppData\Roaming\HandBrake
    [2013/04/28 20:47:06 | 000,000,000 | ---D | M] -- C:\Users\Petry\AppData\Roaming\Leadertech
    [2013/09/15 12:42:53 | 000,000,000 | ---D | M] -- C:\Users\Petry\AppData\Roaming\Spotify
    [2013/04/20 20:37:05 | 000,000,000 | ---D | M] -- C:\Users\Petry\AppData\Roaming\Thunderbird
    [2013/08/29 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\Petry\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    < MD5 for: EXPLORER.ADML >
    [2010/11/21 03:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
    [2010/11/21 03:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

    < MD5 for: EXPLORER.ADMX >
    [2009/06/10 16:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
    [2009/06/10 16:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: EXPLORER.EXE.1404.DMP >
    [2013/05/28 21:10:39 | 003,788,138 | ---- | M] () MD5=49A32FA9B8C4959EFB41F8DC60BE9230 -- C:\Users\Petry\AppData\Local\CrashDumps\explorer.exe.1404.dmp

    < MD5 for: EXPLORER.EXE.1508.DMP >
    [2013/05/30 21:51:42 | 003,598,633 | ---- | M] () MD5=EB25FE1B9CA966C03E64AACE3AE626C5 -- C:\Users\Petry\AppData\Local\CrashDumps\explorer.exe.1508.dmp

    < MD5 for: EXPLORER.EXE.29704.DMP >
    [2013/06/27 22:25:35 | 004,107,525 | ---- | M] () MD5=0D110C3616082563C6793E1ADF16E2BC -- C:\Users\Petry\AppData\Local\CrashDumps\explorer.exe.29704.dmp

    < MD5 for: EXPLORER.EXE.MUI >
    [2010/11/21 03:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
    [2010/11/21 03:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
    [2010/11/21 03:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
    [2010/11/21 03:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

    < MD5 for: EXPLORER.EXE-319FC3CE.PF >
    [2013/09/22 11:16:08 | 000,133,540 | ---- | M] () MD5=27B8BEF2580642E13EC3CDB9F1771227 -- C:\Windows\Prefetch\EXPLORER.EXE-319FC3CE.pf

    < MD5 for: IEXPLORE.EXE >
    [2013/05/16 22:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
    [2013/07/26 02:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
    [2013/08/10 02:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
    [2013/04/22 03:17:05 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
    [2013/06/12 00:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
    [2013/04/05 01:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
    [2013/06/11 20:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
    [2013/04/22 03:17:05 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
    [2013/08/10 02:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Program Files\Internet Explorer\iexplore.exe
    [2013/08/10 02:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
    [2013/08/10 00:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    [2013/08/10 00:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
    [2013/05/16 21:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
    [2013/08/10 01:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
    [2013/05/12 03:05:32 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_16920d4a1e377ea4\iexplore.exe
    [2013/07/25 23:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
    [2010/11/20 23:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
    [2013/07/26 01:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
    [2013/05/16 23:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
    [2013/06/11 22:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
    [2013/04/05 02:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
    [2010/11/20 23:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
    [2013/06/12 03:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
    [2013/04/05 03:53:33 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
    [2013/04/05 03:23:03 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=DE751E18F8DBF7BCCE46989CBA4A9828 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_ffbd812237e37947\iexplore.exe
    [2013/05/12 03:05:32 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
    [2013/07/26 01:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
    [2013/05/16 23:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe

    < MD5 for: IEXPLORE.EXE.14332.DMP >
    [2013/07/02 22:37:42 | 005,615,525 | ---- | M] () MD5=2F34EB4CECD30634D18B2AACCFB1388D -- C:\Users\Amanda\AppData\Local\CrashDumps\iexplore.exe.14332.dmp

    < MD5 for: IEXPLORE.EXE.30400.DMP >
    [2013/06/09 16:27:56 | 005,473,107 | ---- | M] () MD5=E486B496C14217FB7A095878E2C55DA6 -- C:\Users\Amanda\AppData\Local\CrashDumps\iexplore.exe.30400.dmp

    < MD5 for: IEXPLORE.EXE.MUI >
    [2013/04/22 03:17:05 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
    [2013/04/22 03:17:05 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
    [2013/05/12 03:05:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
    [2013/05/12 03:05:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2013/05/12 03:05:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
    [2013/05/12 03:05:32 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
    [2009/07/13 22:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
    [2009/07/13 22:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-49C2C2BA.PF >
    [2013/09/21 09:05:46 | 000,272,428 | ---- | M] () MD5=0CC92480A169DAAC6D5636DF7B36A2F3 -- C:\Windows\Prefetch\IEXPLORE.EXE-49C2C2BA.pf

    < MD5 for: SERVICES >
    [2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

    < MD5 for: SERVICES.ASFX >
    [2012/01/03 09:10:54 | 000,003,312 | ---- | M] () MD5=635BB28624835AC3C03696B1C74E7B9A -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx
    [2012/01/03 09:10:54 | 000,003,252 | ---- | M] () MD5=B2F4D7E7D9563E1A6260039B2F26E61A -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx

    < MD5 for: SERVICES.CFG >
    [2012/01/03 09:10:56 | 000,585,874 | ---- | M] () MD5=0E19E0BEA7B159153258688CF8ED7716 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
    [2010/10/25 15:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg

    < MD5 for: SERVICES.DLL >
    [2013/03/05 18:20:42 | 000,740,584 | ---- | M] (Lucidlogix Inc.) MD5=26A870AC100D0D4019B4C3ED698F378B -- C:\Program Files\Lucidlogix Technologies\VIRTU MVP\Services.dll
    [2013/03/05 18:20:46 | 000,613,096 | ---- | M] (Lucidlogix Inc.) MD5=4818524D619835B823D6EAA0030FBB51 -- C:\Program Files\Lucidlogix Technologies\VIRTU MVP\x86\Services.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SERVICES.EXE.MUI >
    [2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
    [2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

    < MD5 for: SERVICES.LNK >
    [2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
    [2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

    < MD5 for: SERVICES.MOF >
    [2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
    [2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

    < MD5 for: SERVICES.MSC >
    [2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
    [2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
    [2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
    [2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
    [2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
    [2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
    [2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
    [2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

    < MD5 for: SERVICES.PTXML >
    [2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
    [2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

    < MD5 for: WINLOGON.ADML >
    [2010/11/21 03:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
    [2010/11/21 03:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

    < MD5 for: WINLOGON.ADMX >
    [2009/06/10 17:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
    [2009/06/10 17:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2010/11/21 03:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
    [2010/11/21 03:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

    < MD5 for: WINLOGON.EXE-3C57A4A0.PF >
    [2013/09/23 20:10:11 | 000,035,024 | ---- | M] () MD5=567D43D2074C7541E211ADB3AA28C95D -- C:\Windows\Prefetch\WINLOGON.EXE-3C57A4A0.pf

    < MD5 for: WINLOGON.MFL >
    [2010/11/21 03:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
    [2010/11/21 03:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

    < MD5 for: WINLOGON.MOF >
    [2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
    [2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

    < %SYSTEMDRIVE%\*.* >
    [2013/09/21 07:18:36 | 2056,761,343 | -HS- | M] () -- C:\hiberfil.sys
    [2013/04/20 17:31:55 | 000,005,310 | ---- | M] () -- C:\IFRToolLog.txt
    [2013/09/21 09:09:53 | 000,048,565 | ---- | M] () -- C:\M1319.log
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2013/09/21 07:18:39 | 4174,008,319 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2013/02/05 22:56:16 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

  6. #6
    Junior Member
    Join Date
    Sep 2013
    Posts
    11

    Default

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C has no label.
    Volume Serial Number is 2EC6-0DAD
    Directory of C:\
    07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
    07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
    07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users
    07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
    07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
    07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
    07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Amanda
    04/28/2013 08:08 PM <JUNCTION> Application Data [C:\Users\Amanda\AppData\Roaming]
    04/28/2013 08:08 PM <JUNCTION> Cookies [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Cookies]
    04/28/2013 08:08 PM <JUNCTION> Local Settings [C:\Users\Amanda\AppData\Local]
    04/28/2013 08:08 PM <JUNCTION> My Documents [C:\Users\Amanda\Documents]
    04/28/2013 08:08 PM <JUNCTION> NetHood [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    04/28/2013 08:08 PM <JUNCTION> PrintHood [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    04/28/2013 08:08 PM <JUNCTION> Recent [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Recent]
    04/28/2013 08:08 PM <JUNCTION> SendTo [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\SendTo]
    04/28/2013 08:08 PM <JUNCTION> Start Menu [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu]
    04/28/2013 08:08 PM <JUNCTION> Templates [C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Amanda\AppData\Local
    04/28/2013 08:08 PM <JUNCTION> Application Data [C:\Users\Amanda\AppData\Local]
    04/28/2013 08:08 PM <JUNCTION> History [C:\Users\Amanda\AppData\Local\Microsoft\Windows\History]
    04/28/2013 08:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Amanda\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Amanda\Documents
    04/28/2013 08:08 PM <JUNCTION> My Music [C:\Users\Amanda\Music]
    04/28/2013 08:08 PM <JUNCTION> My Pictures [C:\Users\Amanda\Pictures]
    04/28/2013 08:08 PM <JUNCTION> My Videos [C:\Users\Amanda\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
    07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
    07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
    07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Mcx1-ZIG-PC
    09/07/2013 09:30 PM <JUNCTION> Application Data [C:\Users\Mcx1-ZIG-PC\AppData\Roaming]
    09/07/2013 09:30 PM <JUNCTION> Cookies [C:\Users\Mcx1-ZIG-PC\AppData\Roaming\Microsoft\Windows\Cookies]
    09/07/2013 09:30 PM <JUNCTION> Local Settings [C:\Users\Mcx1-ZIG-PC\AppData\Local]
    09/07/2013 09:30 PM <JUNCTION> My Documents [C:\Users\Mcx1-ZIG-PC\Documents]
    09/07/2013 09:30 PM <JUNCTION> NetHood [C:\Users\Mcx1-ZIG-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    09/07/2013 09:30 PM <JUNCTION> PrintHood [C:\Users\Mcx1-ZIG-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    09/07/2013 09:30 PM <JUNCTION> Recent [C:\Users\Mcx1-ZIG-PC\AppData\Roaming\Microsoft\Windows\Recent]
    09/07/2013 09:30 PM <JUNCTION> SendTo [C:\Users\Mcx1-ZIG-PC\AppData\Roaming\Microsoft\Windows\SendTo]
    09/07/2013 09:30 PM <JUNCTION> Start Menu [C:\Users\Mcx1-ZIG-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
    09/07/2013 09:30 PM <JUNCTION> Templates [C:\Users\Mcx1-ZIG-PC\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Mcx1-ZIG-PC\AppData\Local
    09/07/2013 09:30 PM <JUNCTION> Application Data [C:\Users\Mcx1-ZIG-PC\AppData\Local]
    09/07/2013 09:30 PM <JUNCTION> History [C:\Users\Mcx1-ZIG-PC\AppData\Local\Microsoft\Windows\History]
    09/07/2013 09:30 PM <JUNCTION> Temporary Internet Files [C:\Users\Mcx1-ZIG-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Mcx1-ZIG-PC\Documents
    09/07/2013 09:30 PM <JUNCTION> My Music [C:\Users\Mcx1-ZIG-PC\Music]
    09/07/2013 09:30 PM <JUNCTION> My Pictures [C:\Users\Mcx1-ZIG-PC\Pictures]
    09/07/2013 09:30 PM <JUNCTION> My Videos [C:\Users\Mcx1-ZIG-PC\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Petry
    04/20/2013 04:12 PM <JUNCTION> Application Data [C:\Users\Petry\AppData\Roaming]
    04/20/2013 04:12 PM <JUNCTION> Cookies [C:\Users\Petry\AppData\Roaming\Microsoft\Windows\Cookies]
    04/20/2013 04:12 PM <JUNCTION> Local Settings [C:\Users\Petry\AppData\Local]
    04/20/2013 04:12 PM <JUNCTION> My Documents [C:\Users\Petry\Documents]
    04/20/2013 04:12 PM <JUNCTION> NetHood [C:\Users\Petry\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    04/20/2013 04:12 PM <JUNCTION> PrintHood [C:\Users\Petry\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    04/20/2013 04:12 PM <JUNCTION> Recent [C:\Users\Petry\AppData\Roaming\Microsoft\Windows\Recent]
    04/20/2013 04:12 PM <JUNCTION> SendTo [C:\Users\Petry\AppData\Roaming\Microsoft\Windows\SendTo]
    04/20/2013 04:12 PM <JUNCTION> Start Menu [C:\Users\Petry\AppData\Roaming\Microsoft\Windows\Start Menu]
    04/20/2013 04:12 PM <JUNCTION> Templates [C:\Users\Petry\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Petry\AppData\Local
    04/20/2013 04:12 PM <JUNCTION> Application Data [C:\Users\Petry\AppData\Local]
    04/20/2013 04:12 PM <JUNCTION> History [C:\Users\Petry\AppData\Local\Microsoft\Windows\History]
    04/20/2013 04:12 PM <JUNCTION> Temporary Internet Files [C:\Users\Petry\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Petry\Documents
    04/20/2013 04:12 PM <JUNCTION> My Music [C:\Users\Petry\Music]
    04/20/2013 04:12 PM <JUNCTION> My Pictures [C:\Users\Petry\Pictures]
    04/20/2013 04:12 PM <JUNCTION> My Videos [C:\Users\Petry\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
    07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    0 File(s) 0 bytes
    82 Dir(s) 489,876,525,056 bytes free

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2013/04/22 03:54:55 | 000,000,221 | -HS- | M] () -- C:\Users\Petry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2013/09/23 20:11:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petry\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Base Services ==========
    SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
    SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
    SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
    SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
    SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
    SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
    SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
    SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
    SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
    SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
    SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
    SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
    SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
    SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
    SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
    SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
    SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
    SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
    SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
    SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
    SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
    SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
    SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
    SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
    SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
    SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
    SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
    SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
    SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
    SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
    SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
    SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
    SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
    SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
    SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
    SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
    SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
    SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
    SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
    SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
    SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
    SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
    SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
    SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
    SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
    SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
    SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
    SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
    SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
    SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
    SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
    SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
    SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
    SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: SAMSUNG HD080HJ/P ATA Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: ATA TOSHIBA DT01ACA1 SCSI Disk Device
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 -
    Interface type: USB
    Media Type:
    Model: Generic Compact Flash USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE3 -
    Interface type: USB
    Media Type:
    Model: Generic SM/xD-Picture USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE4 -
    Interface type: USB
    Media Type:
    Model: Generic SDXC/MMC USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE5 -
    Interface type: USB
    Media Type:
    Model: Generic MS/MS-Pro/HG USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE6 -
    Interface type: USB
    Media Type:
    Model: Generic SD/MMC/MS/MSPRO USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 47.00MB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 70.00GB
    Starting Offset: 49351680
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 5.00GB
    Starting Offset: 75006328320
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 683.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    < End of report >




    Extras.txt


    OTL Extras logfile created on: 9/23/2013 8:12:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petry\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.89 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 76.55% Memory free
    15.77 Gb Paging File | 11.70 Gb Available in Paging File | 74.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 683.50 Gb Total Space | 455.73 Gb Free Space | 66.68% Space Free | Partition Type: NTFS
    Drive E: | 69.80 Gb Total Space | 9.69 Gb Free Space | 13.88% Space Free | Partition Type: NTFS

    Computer Name: ZIG-PC | User Name: Petry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00E718ED-CD8E-413E-B2E3-2585B232B1BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{0161BE91-C57D-4559-AFF5-BAF2756F121D}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{06AF7FA2-256E-4EAF-BD44-1B2328A9D0F2}" = rport=445 | protocol=6 | dir=out | app=system |
    "{09FB8CC6-D924-432E-9D73-E0370841D3F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
    "{0A112DFF-30C2-4933-B039-E540E5152801}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{11FCE424-885A-45A8-AF01-5AFEA787AACB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{16111A8A-6D7E-4747-B127-8BD9DF6C3C4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{29FCB340-FF8A-429C-BE1A-B4FBD855A122}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{41CE9038-629B-4F77-80E5-B0EB61C8EE25}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{49C31D13-5E8F-4B5C-A5C5-C4613A2B2C6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4D065DC6-65B4-4B5A-ABD2-D15F74CEC147}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{4DA79B58-4302-4218-BF89-54A221525A77}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{50ACBFD9-60C7-454A-9933-51E7F792B5A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{5289EB75-69F5-4591-966F-44717137F68F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5A04C8C1-627F-4B62-BCF2-728750F1E797}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{5ED392DF-6F3C-455F-82A8-85EB3558972B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{60E13D57-E787-49DB-8869-691294B45BF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{6179A8C9-B8F1-4850-90C1-93966F9BB8B6}" = rport=139 | protocol=6 | dir=out | app=system |
    "{627391F9-1155-4900-9E6C-5782864FABF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{69C8F175-5D7A-4BA3-A483-103B3F762218}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{7E6188E9-4F19-4C95-BBC9-47F5B2C37B9D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{7F42C4E6-A137-4708-BFAF-4B7EB1496A85}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{80D7C95D-BFE5-4E09-A74C-098CC7C4BD5C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{84936990-E413-4FC0-B6E2-CB2AB7B931C3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{859F2124-9553-4364-93C4-6FE117E08B95}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{88687C71-BF98-48D2-B87A-1470EA55357A}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{8B9F4567-31FB-47F0-92A2-1DA814C970FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9129B6B9-A3D3-4916-8B0C-55BA0F56D5A5}" = lport=137 | protocol=17 | dir=in | app=system |
    "{979D45B9-DA5F-4F08-BCCE-BCDFE6A6A6A3}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{98A40DEF-30B0-4943-91BF-B62B933D63F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9CD9BCD7-1F09-401C-BE69-3243523A9431}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{A2DB9C4E-8067-4FA8-B4AD-E5150016423B}" = lport=10245 | protocol=6 | dir=in | app=system |
    "{A493F3EA-9B2A-49A8-9F1C-A730D966EDAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A5D4300A-1C18-4A00-BAFB-9057A6629F8A}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{AC0031EC-BAD5-400B-83D9-C64B0E4EC38E}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{AC9C374F-3C78-4804-BEBA-E82ED07807FD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{AE7075DF-49D9-40A1-B566-9F48EC530E65}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{B40FC460-5124-4BA8-BAD5-0DE3C9E69D11}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BAAA4C46-B0CA-491A-9000-9944B96A004D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{C37A5C1B-0318-4A81-8837-96611496B720}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C69C77C1-9462-4360-894F-7D31369472DC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CA79328A-873F-4DA9-9899-05F8FC6C9737}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CB5BA03F-4B1C-4CB3-BF61-B361F1FAB7A9}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{D8BCD576-EE08-4757-AC36-CC8F94D87231}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{E09AEB66-9056-4F4B-8539-9562EA3C9859}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{E236673A-E0BF-4989-98CF-6D16A751021C}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{EAB2517D-70D4-43D2-A678-6B136761B6A2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EDCED1B1-D50E-4A61-82D3-7C321A869C92}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{EF2FEF26-BB97-40FD-AD3B-2FE2365D8046}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F5E47148-C252-41C2-9C62-2B492D58C006}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{FA74F5D3-AD38-4BBE-8AB9-497E6F74A184}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{FB4B41BF-F196-4B0E-B730-7456A1B0CD17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{FDF82F93-0019-492D-864C-52CA65CBC160}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FE113F19-84CE-4D89-A8D1-72BD5A0B69A2}" = lport=139 | protocol=6 | dir=in | app=system |
    "{FEBFC1D9-64FA-4BAA-971A-0B61E3F644A3}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01E787EF-1441-462B-92AA-426C8F023217}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{01F65ED0-F9F0-4354-9A2D-3E3EF3E1DDBD}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
    "{02C782A3-02E0-44B1-A824-EEEAF7A1E7A3}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{091D0616-D24B-493A-85B0-515D8774DB33}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{0CA266BF-94C1-4695-9E7C-DEA39264B9CE}" = protocol=6 | dir=in | app=c:\users\petry\appdata\local\temp\7zs33b7.tmp\symnrt.exe |
    "{0CE4FFE6-C17F-4D46-81B4-40861BDA7A4B}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
    "{1776899E-EC19-4EF0-8C60-B4307B69BFA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{1B52CDD6-56F2-42EA-8DE3-8EF78D68C629}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{1B831F71-8704-49F4-B99F-86BDD7F9287D}" = protocol=6 | dir=in | app=c:\users\petry\appdata\roaming\utorrent\utorrent.exe |
    "{1C8E7BD1-3B9D-44A3-BFE6-23E9C4FFBBA6}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
    "{1DA8B27B-4FD2-41C9-8F6E-A0EAD3BE745A}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
    "{1F5ACC3D-0622-40FD-935C-F3A714A36DF8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{2018C851-6C90-4C58-9804-3B440C20C87B}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
    "{265406F8-BFC6-4D7B-A92A-012BA974E564}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{2FC862EA-E894-4356-B60C-206CE3ADCCF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
    "{3820130C-1BC3-4BC1-8102-971154BF6FB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3A7C37A7-2D5A-49ED-9F23-E36C66005E63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3AF6ED01-E6CF-492E-B7F3-6B12DC15CE40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{3C25EA83-91F0-4E27-A584-4999CE2879C7}" = protocol=17 | dir=in | app=c:\users\petry\appdata\roaming\utorrent\utorrent.exe |
    "{3C370EEB-6B40-43E0-9673-E485B69AC8F4}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{41A54E91-AEE3-4CE6-9C56-73132D1C87F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{4FF4AE7E-0700-497F-B557-FF181A2A5502}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "{543F653E-079F-4E68-9E48-855EC8D570AE}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
    "{5A1E7035-17DA-4F2C-B46F-E8056598A153}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
    "{5BAE16F1-A1DD-43BD-B9CE-1293714239F9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{5BEE64BC-6ED7-4390-B803-CF06A2876BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5C48CEEB-FC52-465C-9F11-B94275323672}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
    "{63CF37AC-322B-499E-87F5-CB3E26702B41}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{64078EF2-7449-4D46-A617-9B44B4D8BC10}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{6AE217EB-4F15-4093-865C-1BB0EF182450}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
    "{6EFFBAFA-625F-45B3-AC6C-60E8874251D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{75570583-F826-4C7D-849A-89889DDFB173}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{75BA272A-9FE3-4FF0-96B3-19D4743B8C0F}" = protocol=6 | dir=in | app=c:\users\petry\appdata\local\temp\7zse6d5.tmp\symnrt.exe |
    "{77F0FEBA-4160-4150-9380-C9E6E3841687}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{78769B9B-FCCF-4FA2-86BF-1B3955574E87}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
    "{79A26813-CAF3-4FDB-A521-E14BA7E62EE4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7AD22559-F316-4BFC-9A6E-DF96F6F625B6}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{7CA2BD72-64AE-4404-9B7A-067D7F8AF1F4}" = protocol=6 | dir=out | app=system |
    "{807C93F8-4060-4664-92B6-D661F29E7380}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{8216089A-BDA3-4B74-98BA-B865005086F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
    "{84C3CB21-1C43-4B11-9D11-E375896A16AC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{898332C6-E282-45B3-BF98-86D79DD1235D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{89D9CE2F-1310-4580-868C-BBDB119AD445}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
    "{8DD1F8BE-4812-4C3B-A1D1-522A02DED2E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\surgeon simulator 2013\ss2013.exe |
    "{9062C79C-0524-4B55-A0CA-2382C5E36CE7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{9228D39E-F08B-43EE-B9D0-BFB13FFFD119}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{930CD973-E2BD-4582-B16F-D883F7A402A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{94316272-9C49-4A2D-9334-BD54EFBD18BB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
    "{954FAA27-28F7-451A-B0C2-509CB550C715}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "{9B3372F6-DB6B-46BB-9FA0-528D29F2EAD4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9D86F633-B361-48E3-9FAB-1446AF82FF34}" = protocol=17 | dir=in | app=c:\users\petry\appdata\local\temp\7zs33b7.tmp\symnrt.exe |
    "{9E8DEE92-2ABB-4610-9ADC-E68D3788AE17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
    "{A0E92F86-3652-4823-BFF4-2AF2BE83045E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{A1540269-77CD-4AA8-A898-AD974AB22D90}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A21CFD9D-2F6B-471E-9EA2-FB0E6BFBE821}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A5DED148-A0F1-4085-8713-6F7368D87A0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
    "{A699F9FE-CB4C-4AA4-99E2-F3C9E6F06FB9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AC5EAA54-1FFF-46E4-9177-5E8A5F64B409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{ACFE4D09-1D7F-4A3B-8966-600CD7711EF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AFB58F73-9E72-45CC-B41C-13FD7B099893}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\surgeon simulator 2013\ss2013.exe |
    "{B2DCC398-0132-45B1-89A4-FF5FE7FD8A84}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "{B3601858-F6E2-424E-84DA-B993CDCDD2BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{B7E6630F-EC4E-469D-B668-EC5E84581781}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{BCDC5A50-E216-4F84-AD3F-821B239FE456}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BD173915-AEFF-443C-87EA-BC14F4EA00DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BE276575-A452-4A28-80DB-FCBBC026D9CE}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{BFB46AA5-0F3D-4203-8A68-E5705709F769}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C117FDD0-E950-451A-A0B9-85337B4B3F3B}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
    "{C35912B4-BE93-4F1F-B663-BE05D23B862D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{C4B7222A-B288-4BF0-B0BA-919DAB0ACB21}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
    "{C704CDCD-7C65-40B9-880A-A22D0B6BDA70}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
    "{D5FA93E9-1383-4985-9E37-53D82C7F2851}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D897E6B5-B862-4E89-8F03-105F5EC29482}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "{DE06563A-749E-48D0-819A-73965E4AFEC7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
    "{DEC62C94-30F8-4152-ADD9-4AC2A125507F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E445D25F-A010-4180-A275-00DA846D087D}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{E55E9CCD-6886-48E7-BD91-2E5779427CC9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E90B384A-ED4A-46DC-B050-C7E5439520A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{EA0B4200-D9A2-46F4-BA2B-25F575B28E76}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
    "{EB4AEFE7-E9C9-4530-8964-97A7855D8A9C}" = protocol=17 | dir=in | app=c:\users\petry\appdata\local\temp\7zse6d5.tmp\symnrt.exe |
    "{F086DA22-3A29-48C8-99BC-D975D6D89F06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F1995755-9CE3-4BBC-90DB-721546719822}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
    "{F374F39B-EC63-43A2-B002-1F7C71961A3E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{F66172AA-74FC-46B1-8828-5A205226F80B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
    "{FCD94AB6-5D08-4DD9-AE3F-59467E93551C}" = protocol=6 | dir=in | app=c:\users\petry\appdata\roaming\dropbox\bin\dropbox.exe |
    "{FEC76F28-2164-4883-BFF0-8C4066802163}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
    "{FF02FCA2-8C46-4E6D-B41B-D34DB20A1110}" = protocol=17 | dir=in | app=c:\users\petry\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{11D2B478-E86F-4FB6-8D7D-CB660C3BE1FF}C:\users\petry\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\petry\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{4D15E041-DD22-4CD6-86FA-2A75406A89C1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{8EBFC04F-3E84-4468-8DC3-97D1C213B1A7}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{ACC13D07-DA26-4E98-9459-4E234E192CBB}C:\users\petry\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\petry\appdata\roaming\spotify\spotify.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64
    "{04573C2A-8756-E9F0-7878-C6029F6C7F25}" = AMD Drag and Drop Transcoding
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding
    "{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
    "{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
    "{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
    "{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
    "{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
    "{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
    "{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
    "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
    "{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
    "{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
    "{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
    "{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
    "{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
    "{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
    "{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
    "{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
    "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
    "{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
    "{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
    "{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
    "{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
    "{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
    "{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel(R) Smart Connect Technology 2.0 x64
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
    "ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.28
    "CCleaner" = CCleaner
    "EPSON NX620 Series" = EPSON NX620 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Office15.PROPLUS" = Microsoft Office Professional Plus 2013
    "VIRTU MVP_is1" = VIRTU MVP 2.1.224

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
    "{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
    "{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English
    "{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French
    "{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = Catalyst Control Center
    "{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish
    "{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.03.1
    "{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish
    "{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
    "{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese
    "{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch
    "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
    "{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
    "{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian
    "{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy
    "{A071F478-73E0-4143-AE55-4DD6BABD74F5}" = Far Cry 3 Blood Dragon
    "{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All
    "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German
    "{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek
    "{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian
    "{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
    "{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish
    "{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese
    "{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
    "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
    "{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish
    "{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
    "{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish
    "{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.328
    "BattlEye for A2" = BattlEye Uninstall
    "BattlEye for OA" = BattlEye for OA Uninstall
    "EPSON Scanner" = EPSON Scan
    "ERUNT_is1" = ERUNT 1.1j
    "Google Chrome" = Google Chrome
    "HandBrake" = HandBrake 0.9.9.1
    "KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.5 (Standard)
    "Mozilla Thunderbird 17.0.8 (x86 en-US)" = Mozilla Thunderbird 17.0.8 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSC" = McAfee AntiVirus Plus
    "Picasa 3" = Picasa 3
    "Steam App 200710" = Torchlight II
    "Steam App 203160" = Tomb Raider
    "Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
    "Steam App 224580" = Arma 2: DayZ Mod
    "Steam App 233720" = Surgeon Simulator 2013
    "Steam App 33900" = Arma 2
    "Steam App 33930" = Arma 2: Operation Arrowhead
    "Steam App 8930" = Sid Meier's Civilization V
    "Uplay" = Uplay
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.6
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/23/2013 7:09:07 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4025

    Error - 9/23/2013 7:09:08 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/23/2013 7:09:08 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5023

    Error - 9/23/2013 7:09:08 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5023

    Error - 9/23/2013 7:09:09 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/23/2013 7:09:09 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6022

    Error - 9/23/2013 7:09:09 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6022

    Error - 9/23/2013 7:09:10 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/23/2013 7:09:10 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7020

    Error - 9/23/2013 7:09:10 PM | Computer Name = Zig-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

    [ Media Center Events ]
    Error - 9/7/2013 8:26:30 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
    Description =

    Error - 9/7/2013 8:31:39 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
    Description =

  7. #7
    Junior Member
    Join Date
    Sep 2013
    Posts
    11

    Default

    Error - 9/7/2013 8:36:15 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
    Description =

    Error - 9/7/2013 8:50:16 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
    Description =

    Error - 9/7/2013 8:58:25 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
    Description =

    Error - 9/7/2013 9:00:53 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
    Description =

    Error - 9/7/2013 9:01:29 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
    Description =

    Error - 9/7/2013 9:17:01 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
    Description =

    Error - 9/7/2013 9:22:18 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
    Description =

    Error - 9/7/2013 9:28:48 PM | Computer Name = Zig-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
    Description =

    [ System Events ]
    Error - 9/16/2013 11:56:38 AM | Computer Name = Zig-PC | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 9/16/2013 4:29:16 PM | Computer Name = Zig-PC | Source = SNMP | ID = 16713180
    Description = The SNMP Service encountered an error while accessing the registry
    key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error - 9/16/2013 4:31:42 PM | Computer Name = Zig-PC | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) Rapid Storage Technology service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/16/2013 4:37:17 PM | Computer Name = Zig-PC | Source = DCOM | ID = 10010
    Description =

    Error - 9/18/2013 3:19:14 AM | Computer Name = Zig-PC | Source = SNMP | ID = 16713180
    Description = The SNMP Service encountered an error while accessing the registry
    key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error - 9/18/2013 3:21:42 AM | Computer Name = Zig-PC | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) Rapid Storage Technology service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/21/2013 7:18:50 AM | Computer Name = Zig-PC | Source = SNMP | ID = 16713180
    Description = The SNMP Service encountered an error while accessing the registry
    key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error - 9/21/2013 7:21:14 AM | Computer Name = Zig-PC | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) Rapid Storage Technology service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/22/2013 11:48:33 PM | Computer Name = Zig-PC | Source = DCOM | ID = 10016
    Description =

    Error - 9/22/2013 11:48:33 PM | Computer Name = Zig-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >




    Sorry for formatting, getting it under the right number of characters was tricky.

  8. #8
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi EveryZig,

    The way you did the scans and posted the logs is just fine. Sometimes the logs requested are larger than allowed per post so it is quite alright to break logs so they fit.

    =========================

    P2P - (Peer to Peer)

    I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall this now.

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
    • uTorrent
    If you choose to not remove this program please refrain from using it until we have finished cleaning your computer.

    =========================

    ComboFix

    Refer to the ComboFix User's Guide

    • Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:

    • Combofix log
    • Any symptoms?

    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #9
    Junior Member
    Join Date
    Sep 2013
    Posts
    11

    Default Combo Log

    ComboFix 13-09-24.02 - Petry 09/24/2013 20:02:54.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8077.5333 [GMT -4:00]
    Running from: c:\users\Petry\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\193847656
    c:\users\Public\sdelevURL.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-08-25 to 2013-09-25 )))))))))))))))))))))))))))))))
    .
    .
    2013-09-25 00:07 . 2013-09-25 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-09-21 13:08 . 2013-02-06 18:02 114688 ----a-w- c:\windows\system32\HPMCoSetup.dll
    2013-09-21 13:08 . 2013-02-06 17:41 166912 ----a-w- c:\windows\system32\ZLM1319.DLL
    2013-09-21 13:08 . 2013-02-06 17:13 9731 ----a-w- c:\windows\M1319BTN.js
    2013-09-21 13:08 . 2013-02-06 17:13 8085 ----a-w- c:\windows\M1319GLB.js
    2013-09-21 13:08 . 2013-02-06 17:09 195072 ----a-w- c:\windows\system32\hpsfs.dll
    2013-09-21 13:08 . 2013-09-21 13:08 -------- d-----w- c:\program files\HP
    2013-09-21 13:08 . 2013-02-06 05:42 89600 ----a-w- c:\windows\system32\m1319wia2.dll
    2013-09-21 13:08 . 2013-02-06 05:42 38912 ----a-w- c:\windows\system32\HPImgFlt.dll
    2013-09-21 13:08 . 2013-02-06 05:41 405504 ----a-w- c:\windows\ZSM1319.EXE
    2013-09-21 13:08 . 2013-02-06 05:41 405504 ----a-w- c:\windows\system32\ZSM1319.EXE
    2013-09-16 09:56 . 2013-09-21 11:18 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
    2013-09-15 02:21 . 2013-09-15 02:21 -------- d-----w- c:\program files (x86)\Common Files\McAfee
    2013-09-15 02:19 . 2013-09-15 02:21 -------- d-----w- c:\program files\McAfee
    2013-09-15 02:19 . 2013-09-16 09:56 -------- d-----w- c:\program files (x86)\McAfee
    2013-09-15 02:18 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE9E51A0-71A7-443F-891C-B0B2D84F58FF}\mpengine.dll
    2013-09-15 02:14 . 2013-09-15 02:16 -------- d-----w- c:\program files\stinger
    2013-09-15 02:14 . 2013-09-15 02:14 -------- d-----w- C:\Stinger_Quarantine
    2013-09-15 02:08 . 2013-08-07 16:40 182752 ----a-w- c:\windows\system32\mfevtps.exe
    2013-09-11 10:07 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
    2013-09-11 10:06 . 2013-08-02 02:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-09-08 01:30 . 2013-09-08 01:30 -------- d-----w- c:\users\Mcx1-ZIG-PC
    2013-09-07 02:12 . 2013-09-07 02:12 -------- d-----w- c:\program files (x86)\ERUNT
    2013-09-07 01:56 . 2013-09-15 02:21 -------- d-----w- c:\program files\Common Files\McAfee
    2013-09-06 18:36 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll
    2013-09-06 18:36 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll
    2013-09-06 18:36 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
    2013-09-06 18:36 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll
    2013-09-06 18:36 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll
    2013-09-06 18:36 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll
    2013-09-06 18:36 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe
    2013-09-06 18:36 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
    2013-09-06 18:36 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
    2013-09-06 18:36 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
    2013-09-06 18:36 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
    2013-09-06 18:36 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
    2013-09-06 00:54 . 2013-09-06 00:54 -------- d-----w- c:\users\Amanda\AppData\Local\My Games
    2013-09-06 00:42 . 2013-09-06 00:42 -------- d-----w- c:\program files\Microsoft Games
    2013-09-06 00:42 . 2013-09-06 00:42 -------- d-----w- c:\windows\SysWow64\BestPractices
    2013-09-06 00:42 . 2013-09-06 00:42 -------- d-----w- c:\windows\system32\BestPractices
    2013-09-06 00:41 . 2013-09-06 00:41 -------- d-----w- C:\inetpub
    2013-08-29 22:51 . 2013-08-29 22:51 -------- d-----w- c:\program files\iPod
    2013-08-29 22:51 . 2013-08-29 22:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-08-29 22:51 . 2013-08-29 22:52 -------- d-----w- c:\program files\iTunes
    2013-08-29 22:51 . 2013-08-29 22:52 -------- d-----w- c:\program files (x86)\iTunes
    2013-08-28 07:18 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-08-28 07:18 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-08-28 07:18 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-08-28 07:18 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-08-28 07:15 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-08-28 07:15 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-08-28 07:15 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-08-28 07:15 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-08-28 07:15 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2013-08-28 07:15 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-08-28 07:15 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-08-28 07:13 . 2013-08-28 07:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2013-08-27 18:48 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
    2013-08-27 18:48 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2013-08-27 18:48 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2013-08-27 18:48 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2013-08-27 18:48 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2013-08-27 18:48 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
    2013-08-27 18:48 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
    2013-08-27 18:46 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-08-27 18:45 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2013-08-27 18:45 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2013-08-27 18:45 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-08-27 18:45 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2013-08-27 18:45 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2013-08-27 18:45 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2013-08-27 18:45 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2013-08-27 18:45 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
    2013-08-27 18:45 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
    2013-08-27 18:45 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2013-08-27 18:45 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2013-08-27 04:51 . 2013-08-27 04:51 -------- d-----w- c:\windows\en
    2013-08-27 04:50 . 2013-08-27 04:50 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2013-08-27 04:49 . 2013-08-27 04:50 -------- d-----w- c:\program files (x86)\Windows Live
    2013-08-27 04:45 . 2013-08-27 04:45 -------- d-----w- c:\users\Petry\AppData\Local\Windows Live
    2013-08-27 04:42 . 2013-08-27 04:42 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-21 11:18 . 2013-04-20 21:58 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
    2013-09-20 09:32 . 2013-04-20 20:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-20 09:32 . 2013-04-20 20:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-09-12 07:06 . 2013-07-09 02:11 79143768 ----a-w- c:\windows\system32\MRT.exe
    2013-08-27 04:49 . 2012-07-17 18:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-08-07 16:43 . 2013-08-07 16:43 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2013-08-07 16:40 . 2013-08-07 16:40 343568 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2013-08-07 16:38 . 2013-08-07 16:38 776168 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2013-08-07 16:37 . 2013-08-07 16:37 519064 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2013-08-07 16:36 . 2013-08-07 16:36 310224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2013-08-07 16:35 . 2013-08-07 16:35 179664 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2013-08-07 08:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
    2013-08-02 01:48 . 2013-09-11 10:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-07-25 09:25 . 2013-08-13 22:54 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-07-25 08:57 . 2013-08-13 22:54 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58 . 2013-08-13 22:55 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-07-19 01:41 . 2013-08-13 22:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-07-13 18:57 . 2013-07-13 18:57 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-13 18:57 . 2013-05-02 21:21 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-07-13 18:57 . 2013-05-02 21:21 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-07-09 11:34 . 2013-07-09 11:34 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
    2013-07-09 11:34 . 2013-07-09 11:34 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys
    2013-07-09 11:34 . 2013-07-09 11:34 377040 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
    2013-07-09 05:52 . 2013-08-13 22:55 224256 ----a-w- c:\windows\system32\wintrust.dll
    2013-07-09 05:51 . 2013-08-13 22:54 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-07-09 05:46 . 2013-08-13 22:55 1472512 ----a-w- c:\windows\system32\crypt32.dll
    2013-07-09 05:46 . 2013-08-13 22:55 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-07-09 05:46 . 2013-08-13 22:55 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2013-07-09 04:52 . 2013-08-13 22:54 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52 . 2013-08-13 22:55 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46 . 2013-08-13 22:55 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-07-09 04:46 . 2013-08-13 22:55 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46 . 2013-08-13 22:55 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2013-07-06 06:03 . 2013-08-13 22:54 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2013-07-13 08:43 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2013-07-13 08:43 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2013-07-13 08:43 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-10 05:37 130736 ----a-w- c:\users\Petry\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-10 05:37 130736 ----a-w- c:\users\Petry\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-10 05:37 130736 ----a-w- c:\users\Petry\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
    "com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720]
    "Spotify Web Helper"="c:\users\Petry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-09 1104384]
    "1AD8D426D83A05779688F01D475E7FA4DED8C693._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-09-17 829392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-08-06 537512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
    S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
    S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 LucidSrv;LucidSrv;c:\program files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe;c:\program files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe [x]
    S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 HP1319EWS;HP1319EWS;c:\windows\system32\Drivers\HP1319EWS.sys;c:\windows\SYSNATIVE\Drivers\HP1319EWS.sys [x]
    S3 HP1319FAX;HP1319MFP FAX;c:\windows\system32\Drivers\HP1319FAX.sys;c:\windows\SYSNATIVE\Drivers\HP1319FAX.sys [x]
    S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
    S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
    S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]
    S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-09-18 21:15 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-20 09:32]
    .
    2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20 23:24]
    .
    2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20 23:24]
    .
    2013-09-24 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 15:54]
    .
    2013-09-24 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 15:54]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2013-07-13 08:37 2328776 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2013-07-13 08:37 2328776 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2013-07-13 08:37 2328776 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-10 05:37 164016 ----a-w- c:\users\Petry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-10 05:37 164016 ----a-w- c:\users\Petry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-10 05:37 164016 ----a-w- c:\users\Petry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-10 05:37 164016 ----a-w- c:\users\Petry\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-21 170304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-21 398656]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-21 441152]
    "VIRTU MVP"="c:\program files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe" [2013-03-05 3104488]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
    TCP: Interfaces\{3D5B7E30-A1D7-4B2D-8110-33A4C00E09A6}: NameServer = 71.242.0.12,71.250.0.12
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-ASRockXTU - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-09-24 20:08:24
    ComboFix-quarantined-files.txt 2013-09-25 00:08
    .
    Pre-Run: 489,328,541,696 bytes free
    Post-Run: 489,176,834,048 bytes free
    .
    - - End Of File - - 1D5F6C8EE18B1F99240E756C2F1B0E4F
    A36C5E4F47E84449FF07ED3517B43A31

  10. #10
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi EveryZig,

    Malwarebytes' Anti-Malware

    Download Malwarebytes' Anti-Malware. (save it to your desktop)

      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
    • Select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    =========================


    ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:

    • MBAM log
    • ESET's log.txt
    • How's the computer running, any symptoms?

    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •