Need help with Malware - Computer Technical Help

Two Plus Two Forums Other Topics Computer and Technical Help

Need help with Malware

Post Reply Subscribe

...

11-07-2014 , 10:53 PM

Dochrohan

Pooh-Bah

Join Date: Jan 2013 Posts: 4,215

I've read the sticky and it did not help me.

I have the gosave and potentially other malware virus happening.

I read websites on how to remove and when I clicked uninstall the program "it was having trouble but could have been deleted" which I knew it was not but it kept saying it on 5-6 extension download similar programs of it. One guide said to click ok if so.

So I did that.

Ran virus scanner. It removed xx amount of malware.

Restarted computer.

GoSave was again still in my extensions. Possibly other popups were still active.

One kept re-routing me to a fake Java site and telling me I needed to upgrade/downlad xxxxxxxxxxxxxx.

I need some assistance guys.

Quote

150% up to $2,000 Welcome Bonus on CoinPoker

Join the action now

Daily Rewards • Splash Pots • CoinRaces

11-08-2014 , 12:18 AM

Anais

Carpal \'Tunnel

Join Date: Mar 2006 Posts: 6,663

you run malware bytes? what virus program? where did you read removal instructions?

Quote

11-08-2014 , 04:50 AM

Gabethebabe

Malware Jedi

Join Date: Oct 2007 Posts: 27,725

You read the malware sticky and it did not help you?

Quote

11-08-2014 , 06:55 AM

thunderbolts

Pooh-Bah

Join Date: Aug 2008 Posts: 3,596

OP, this is the sticky you need to read. Post the OTL logs here!

Quote

11-08-2014 , 08:25 AM

Dochrohan

Pooh-Bah

Join Date: Jan 2013 Posts: 4,215

OTL logfile created on: 11/8/2014 12:46:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dustin\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17054)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 74.79% Memory free
14.14 Gb Paging File | 11.96 Gb Available in Paging File | 84.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 95.83 Gb Free Space | 51.44% Space Free | Partition Type: NTFS
Drive D: | 258.34 Gb Total Space | 258.22 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: DUSTIN | User Name: Dustin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/08 12:45:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Downloads\OTL.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/08/08 09:34:04 | 022,734,160 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/07/23 07:44:16 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/09/23 13:29:48 | 000,019,256 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013/09/07 02:27:46 | 000,323,584 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2013/08/29 17:11:08 | 019,646,544 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2013/08/29 17:01:56 | 000,602,936 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnWMI.exe
PRC - [2013/08/29 17:01:56 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnSrv.exe
PRC - [2013/08/28 14:23:22 | 003,202,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2013/08/19 18:35:26 | 000,055,368 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2013/08/16 16:20:30 | 002,278,168 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe
PRC - [2013/08/16 15:29:08 | 000,183,408 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2013/07/08 10:56:12 | 000,383,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/06/23 21:06:06 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/06/23 21:05:26 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/06/23 21:05:26 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/05/30 15:17:48 | 000,205,624 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2013/05/29 18:11:48 | 000,303,928 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2013/05/21 10:50:34 | 000,406,328 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2013/05/16 13:08:38 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/04/02 06:20:59 | 000,081,920 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe
PRC - [2013/04/02 06:19:15 | 004,558,848 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe
PRC - [2013/01/15 17:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2014/11/08 03:36:33 | 001,160,704 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\_ssl. pyd
MOD - [2014/11/08 03:36:33 | 000,811,008 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\wx._w indows_.pyd
MOD - [2014/11/08 03:36:33 | 000,805,888 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\wx._g di_.pyd
MOD - [2014/11/08 03:36:33 | 000,713,216 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\_hash lib.pyd
MOD - [2014/11/08 03:36:33 | 000,110,080 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\pywin types27.dll
MOD - [2014/11/08 03:36:33 | 000,027,136 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\_mult iprocessing.pyd
MOD - [2014/11/08 03:36:33 | 000,007,168 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\hasho bjs_ext.pyd
MOD - [2014/11/08 03:36:32 | 001,062,400 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\wx._c ontrols_.pyd
MOD - [2014/11/08 03:36:32 | 000,686,080 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\unico dedata.pyd
MOD - [2014/11/08 03:36:32 | 000,070,656 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\wx._h tml2.pyd
MOD - [2014/11/08 03:36:32 | 000,025,600 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 pdh.pyd
MOD - [2014/11/08 03:36:32 | 000,024,064 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 pipe.pyd
MOD - [2014/11/08 03:36:32 | 000,010,240 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\selec t.pyd
MOD - [2014/11/08 03:36:31 | 001,175,040 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\wx._c ore_.pyd
MOD - [2014/11/08 03:36:31 | 000,557,056 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\pysql ite2._sqlite.pyd
MOD - [2014/11/08 03:36:31 | 000,525,640 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\windo ws._lib_cacheinvalidation.pyd
MOD - [2014/11/08 03:36:31 | 000,364,544 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\pytho ncom27.dll
MOD - [2014/11/08 03:36:31 | 000,320,512 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 com.shell.shell.pyd
MOD - [2014/11/08 03:36:31 | 000,167,936 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 gui.pyd
MOD - [2014/11/08 03:36:31 | 000,128,512 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\_elem enttree.pyd
MOD - [2014/11/08 03:36:31 | 000,127,488 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\pyexp at.pyd
MOD - [2014/11/08 03:36:31 | 000,119,808 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 file.pyd
MOD - [2014/11/08 03:36:31 | 000,108,544 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 security.pyd
MOD - [2014/11/08 03:36:31 | 000,098,816 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 api.pyd
MOD - [2014/11/08 03:36:31 | 000,087,552 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\_ctyp es.pyd
MOD - [2014/11/08 03:36:31 | 000,078,336 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\wx._a nimate.pyd
MOD - [2014/11/08 03:36:31 | 000,045,568 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\_sock et.pyd
MOD - [2014/11/08 03:36:31 | 000,038,912 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 inet.pyd
MOD - [2014/11/08 03:36:31 | 000,022,528 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 ts.pyd
MOD - [2014/11/08 03:36:31 | 000,018,432 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 event.pyd
MOD - [2014/11/08 03:36:31 | 000,017,408 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 profile.pyd
MOD - [2014/11/08 03:36:30 | 000,735,232 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\wx._m isc_.pyd
MOD - [2014/11/08 03:36:30 | 000,122,368 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\wx._w izard.pyd
MOD - [2014/11/08 03:36:30 | 000,011,264 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 crypt.pyd
MOD - [2014/11/08 03:36:29 | 000,035,840 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\_MEI60042\win32 process.pyd
MOD - [2014/02/18 20:52:02 | 012,877,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\11b4af16e791a6b0ada4a97d3e64e27a \System.Windows.Forms.ni.dll
MOD - [2014/02/18 20:51:42 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentatioaec034ca#\d3abe72a65b16c5ca129dd4509450190 \PresentationFramework.Aero2.ni.dll
MOD - [2014/02/18 20:51:41 | 018,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentatio5ae0f00f#\952cc4d9a277dc4b0abc0de4a64b11a6 \PresentationFramework.ni.dll
MOD - [2014/02/16 12:35:12 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIA utomationTypes\30caed6dd3390553adf0d78426beb375\UI AutomationTypes.ni.dll
MOD - [2014/02/16 01:04:21 | 007,660,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\d7aaae3b1c95a1a658446d302b9a7f88\System.Xm l.ni.dll
MOD - [2014/02/16 01:04:18 | 001,900,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xaml\0e9817b12da250f8d4c680e1cb26e1c0\System.X aml.ni.dll
MOD - [2014/02/16 01:03:59 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\61be23d6a688188e3419a1eb46fc9d9d\Syste m.Drawing.ni.dll
MOD - [2014/02/16 01:03:54 | 000,975,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\ffb7bbc6548ff34bc125a8fec79315dc \System.Configuration.ni.dll
MOD - [2014/02/16 01:03:46 | 011,021,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\d860b38580f4403397d67fa84d624447\Pre sentationCore.ni.dll
MOD - [2014/02/16 01:03:41 | 003,941,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\e2fb4aca9e25e4eaac703466d36b17ed\WindowsB ase.ni.dll
MOD - [2014/02/16 01:03:35 | 010,051,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem\f0602360211041a6be208f0b4138dddd\System.ni.dll
MOD - [2014/02/16 01:03:31 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni .dll
MOD - [2013/08/19 18:16:48 | 000,015,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
MOD - [2013/08/16 11:03:12 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
MOD - [2013/04/27 11:24:12 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/09/25 02:10:24 | 002,436,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/05/30 00:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/29 09:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/01/30 17:37:30 | 000,249,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Smart Menu\WinStartMenuLauncher.exe -- (WinStartMenuLauncher)
SRV:64bit: - [2013/08/29 17:01:56 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\P4G\InsOnSrv.exe -- (ASUS InstantOn)
SRV:64bit: - [2013/08/16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/11 18:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/05/11 18:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/05/04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/26 08:54:44 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/04/26 08:13:52 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConf ig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/07/23 07:44:16 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe -- (Garmin Core Update Service)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/09/07 02:52:20 | 000,312,448 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/09/07 02:27:46 | 000,323,584 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2013/09/03 04:36:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/07/08 10:56:12 | 000,383,776 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/06/23 21:06:06 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/06/23 21:05:26 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/06/23 21:05:26 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2013/05/16 13:08:38 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/04/02 06:20:59 | 000,081,920 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2013/01/15 17:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/12/19 07:10:38 | 000,072,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe -- (Asus WebStorage Windows Service)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfi g.dll -- (PrintNotify)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/11/08 12:41:09 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/01 11:11:30 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/28 20:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/23 23:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/23 13:30:02 | 000,070,416 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2013/09/07 02:29:16 | 000,594,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/09/07 02:29:16 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/09/07 02:29:16 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/09/07 02:29:14 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/09/07 02:29:14 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/09/07 02:29:14 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/09/07 02:29:14 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/09/07 02:29:14 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/09/05 10:18:42 | 000,449,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/09/03 04:35:50 | 004,166,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/29 17:01:54 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Program Files\ASUS\P4G\PLCTRL.sys -- (plctrl)
DRV:64bit: - [2013/08/16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/09 03:31:50 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/06 10:29:56 | 000,019,256 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2013/07/09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/08 15:05:34 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/07/02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/23 21:05:26 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/06/21 04:50:54 | 003,873,792 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/06/01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/26 08:54:44 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/04/26 08:49:58 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/04/26 08:46:00 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/04/26 08:43:00 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/04/26 08:21:13 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/04/26 08:19:03 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/04/26 08:19:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/04/26 08:13:22 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/04/26 08:13:22 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/04/17 17:53:10 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/01 09:48:04 | 000,772,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/08/02 04:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/15 06:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/06/02 15:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 15:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE1 0TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE1 0TR&pc=ASU2JS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\[email protected]: C:\Program Files\McAfee\MSK

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhonngpmcfcpjbpdidnfljmdoh efgjck\2.0\
CHR - Extension: Chrome Web Store Launcher = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneame kgbaej\145\
CHR - Extension: Google Wallet = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.6.1_0\

O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIKE. EXE /EPT "EPLTarget\P0000000000000000" /M "XP-302 303 305 306 Series" File not found
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{56BC42EB-C513-4508-B4B9-120B75AC3E66}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootMin:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootMin:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootMin:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: mcpltsvc -
SafeBootMin:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TBS - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: mcpltsvc -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootNet:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootNet:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootNet:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: mcpltsvc -
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootNet:64bit: netprofm - C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdpencdd.sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SmartcardSimulator - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TBS - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: VaultSvc - C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: VirtualSmartcardReader - Driver
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: Wcmsvc - C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: mcpltsvc -
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Inst aller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/11/08 03:02:38 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/08 03:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/08 03:02:11 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/08 03:02:11 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/08 03:02:11 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/08 03:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/08 03:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/02 20:14:49 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\FB photo Upload
[2014/11/02 13:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusted Publisher
[2014/11/02 13:48:22 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Chromatic Browser
[2014/11/02 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\71b842e80ccd339
[2014/11/02 13:48:21 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Torch
[2014/11/02 13:48:20 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Comodo
[2014/11/02 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\How to Draw a Fox (with Illustrations)_files
[2014/10/30 13:50:23 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Start Menu
[2014/10/30 13:45:46 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Documents\888poker
[2014/10/30 13:45:45 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\888poker
[2014/10/30 13:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2014/10/30 13:45:09 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\PacificPoker
[2014/10/30 13:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker
[2014/10/28 03:44:58 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\ElevatedDiagnostics
[2014/10/26 01:22:19 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Music
[2014/10/26 01:18:44 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Documents\Streaming Audio Recorder
[2014/10/26 01:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
[2014/10/26 01:18:14 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Apowersoft
[2014/10/26 01:18:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apowersoft
[2014/10/26 01:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2014/10/26 00:58:52 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Audacity
[2014/10/26 00:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2014/10/22 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Documents\Mikogo
[2014/10/22 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Mikogo
[2014/10/19 13:06:44 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\nord guitar fest
[2014/10/19 00:29:06 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Orin

========== Files - Modified Within 30 Days ==========

[2014/11/08 12:41:09 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/08 12:40:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/08 04:29:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/08 03:41:13 | 000,001,142 | ---- | M] () -- C:\Users\Dustin\Desktop\Welcome to ASUS Product Registration.lnk
[2014/11/08 03:37:05 | 000,000,074 | ---- | M] () -- C:\Users\Dustin\AppData\Roaming\sp_data.sys
[2014/11/08 03:35:34 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/08 03:34:53 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/08 03:34:48 | 2478,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/08 03:02:21 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/07 22:39:28 | 001,781,840 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/07 22:39:28 | 000,790,150 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2014/11/07 22:39:28 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/07 22:39:28 | 000,152,742 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2014/11/07 22:39:28 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/07 15:38:01 | 000,039,103 | ---- | M] () -- C:\Users\Dustin\Desktop\border3.jpg
[2014/11/07 15:32:59 | 000,048,314 | ---- | M] () -- C:\Users\Dustin\Desktop\border2.jpg
[2014/11/07 15:29:08 | 000,030,985 | ---- | M] () -- C:\Users\Dustin\Desktop\mr1.png
[2014/11/07 15:27:09 | 000,057,720 | ---- | M] () -- C:\Users\Dustin\Desktop\border.jpg
[2014/11/07 15:14:57 | 000,008,075 | ---- | M] () -- C:\Users\Dustin\Desktop\mr3.png
[2014/11/07 15:14:27 | 000,009,166 | ---- | M] () -- C:\Users\Dustin\Desktop\mr2.png
[2014/11/05 20:07:29 | 001,118,378 | ---- | M] () -- C:\Users\Dustin\Desktop\heyder.png
[2014/11/05 20:05:44 | 000,073,670 | ---- | M] () -- C:\Users\Dustin\Desktop\maxresdefault.jpg
[2014/11/03 18:26:50 | 000,199,291 | ---- | M] () -- C:\Users\Dustin\Desktop\guestbook.jpg
[2014/11/02 13:48:23 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/11/02 12:45:03 | 000,145,838 | ---- | M] () -- C:\Users\Dustin\Desktop\How to Draw a Fox (with Illustrations).html
[2014/11/02 12:43:30 | 000,064,231 | ---- | M] () -- C:\Users\Dustin\Desktop\670px-Draw-a-Fairy-Step-9.jpg
[2014/10/30 13:50:23 | 000,002,007 | ---- | M] () -- C:\Users\Dustin\Desktop\888poker.lnk
[2014/10/28 12:02:51 | 000,003,223 | ---- | M] () -- C:\Users\Dustin\Desktop\002.jpg - Shortcut.lnk
[2014/10/28 12:02:31 | 000,003,223 | ---- | M] () -- C:\Users\Dustin\Desktop\001.jpg - Shortcut.lnk
[2014/10/27 22:32:18 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/26 02:22:10 | 000,825,222 | ---- | M] () -- C:\Users\Dustin\Desktop\lucy-disappointed.gif
[2014/10/26 01:34:32 | 003,686,942 | ---- | M] () -- C:\Users\Dustin\Desktop\Track2.wma
[2014/10/26 01:28:44 | 000,622,762 | ---- | M] () -- C:\Users\Dustin\Desktop\Beautiful Mountains 133.jpg
[2014/10/26 01:23:02 | 003,421,446 | ---- | M] () -- C:\Users\Dustin\Desktop\Track2.mp3
[2014/10/26 01:18:23 | 000,001,346 | ---- | M] () -- C:\Users\Public\Desktop\Streaming Audio Recorder.lnk
[2014/10/26 00:58:46 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/10/18 20:35:16 | 000,069,738 | ---- | M] () -- C:\Users\Dustin\Desktop\IMAG0041_zps334c2ee5.jpg
[2014/10/12 11:42:40 | 000,292,790 | ---- | M] () -- C:\Users\Dustin\Desktop\daniel.png
[2014/10/12 11:42:32 | 000,138,314 | ---- | M] () -- C:\Users\Dustin\Desktop\Daniel-Negreanu.jpg

========== Files Created - No Company Name ==========

[2014/11/08 03:41:13 | 000,001,142 | ---- | C] () -- C:\Users\Dustin\Desktop\Welcome to ASUS Product Registration.lnk
[2014/11/08 03:02:21 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/07 15:35:49 | 000,039,103 | ---- | C] () -- C:\Users\Dustin\Desktop\border3.jpg
[2014/11/07 15:31:43 | 000,048,314 | ---- | C] () -- C:\Users\Dustin\Desktop\border2.jpg
[2014/11/07 15:23:21 | 000,057,720 | ---- | C] () -- C:\Users\Dustin\Desktop\border.jpg
[2014/11/07 15:14:57 | 000,008,075 | ---- | C] () -- C:\Users\Dustin\Desktop\mr3.png
[2014/11/07 15:14:27 | 000,009,166 | ---- | C] () -- C:\Users\Dustin\Desktop\mr2.png
[2014/11/07 15:14:12 | 000,030,985 | ---- | C] () -- C:\Users\Dustin\Desktop\mr1.png
[2014/11/05 20:07:29 | 001,118,378 | ---- | C] () -- C:\Users\Dustin\Desktop\heyder.png
[2014/11/05 20:05:44 | 000,073,670 | ---- | C] () -- C:\Users\Dustin\Desktop\maxresdefault.jpg
[2014/11/03 18:26:44 | 000,199,291 | ---- | C] () -- C:\Users\Dustin\Desktop\guestbook.jpg
[2014/11/02 13:48:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/02 12:44:57 | 000,145,838 | ---- | C] () -- C:\Users\Dustin\Desktop\How to Draw a Fox (with Illustrations).html
[2014/11/02 12:43:20 | 000,064,231 | ---- | C] () -- C:\Users\Dustin\Desktop\670px-Draw-a-Fairy-Step-9.jpg
[2014/10/30 13:45:45 | 000,002,007 | ---- | C] () -- C:\Users\Dustin\Desktop\888poker.lnk
[2014/10/28 12:02:51 | 000,003,223 | ---- | C] () -- C:\Users\Dustin\Desktop\002.jpg - Shortcut.lnk
[2014/10/28 12:02:31 | 000,003,223 | ---- | C] () -- C:\Users\Dustin\Desktop\001.jpg - Shortcut.lnk
[2014/10/26 02:22:09 | 000,825,222 | ---- | C] () -- C:\Users\Dustin\Desktop\lucy-disappointed.gif
[2014/10/26 01:34:23 | 003,686,942 | ---- | C] () -- C:\Users\Dustin\Desktop\Track2.wma
[2014/10/26 01:28:42 | 000,622,762 | ---- | C] () -- C:\Users\Dustin\Desktop\Beautiful Mountains 133.jpg
[2014/10/26 01:22:53 | 003,421,446 | ---- | C] () -- C:\Users\Dustin\Desktop\Track2.mp3
[2014/10/26 01:18:23 | 000,001,346 | ---- | C] () -- C:\Users\Public\Desktop\Streaming Audio Recorder.lnk
[2014/10/26 00:58:46 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/10/26 00:58:46 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/10/19 00:21:55 | 002,696,953 | ---- | C] () -- C:\Users\Dustin\Desktop\SDC10891.JPG
[2014/10/19 00:20:53 | 000,190,977 | ---- | C] () -- C:\Users\Dustin\Desktop\Orin2011.jpg
[2014/10/18 20:35:15 | 000,069,738 | ---- | C] () -- C:\Users\Dustin\Desktop\IMAG0041_zps334c2ee5.jpg
[2014/10/12 11:34:32 | 000,292,790 | ---- | C] () -- C:\Users\Dustin\Desktop\daniel.png
[2014/10/12 11:33:57 | 000,138,314 | ---- | C] () -- C:\Users\Dustin\Desktop\Daniel-Negreanu.jpg
[2014/04/11 11:52:38 | 000,005,058 | ---- | C] () -- C:\ProgramData\kmytnfun.aqy
[2014/02/15 16:37:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/02/14 23:10:24 | 000,000,074 | ---- | C] () -- C:\Users\Dustin\AppData\Roaming\sp_data.sys
[2013/10/27 21:07:17 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/09/27 08:25:51 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/09/27 08:25:47 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/09/27 08:25:46 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/05/11 18:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2013/04/26 00:15:21 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013/04/26 00:15:21 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013/04/26 00:15:21 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS

========== ZeroAccess Check ==========

[2014/04/27 18:14:03 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 09:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 07:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2012/07/26 04:21:04 | 000,087,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msscript.ocx
[2012/07/26 03:44:43 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2****b

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2014/02/15 23:21:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
[2014/07/20 20:47:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2013/10/27 21:02:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2014/10/26 01:18:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apowersoft
[2013/10/27 21:21:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
[2014/10/26 00:58:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity
[2013/10/27 21:10:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bluetooth Suite
[2014/08/01 19:44:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combonator
[2014/10/06 23:45:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2013/10/27 21:21:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2014/04/11 11:51:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Flopzilla
[2014/02/17 00:54:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Documents Viewer
[2014/08/05 10:31:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Garmin
[2014/11/02 13:48:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2014/10/14 02:08:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Holdem Manager 2
[2014/03/26 16:53:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Infogrames
[2014/04/05 14:29:27 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/10/27 20:58:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2014/08/16 15:05:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2014/10/26 01:15:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lame For Audacity
[2014/11/08 03:02:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/20 19:02:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2013/04/26 00:13:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2014/07/27 13:30:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/04/26 00:16:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/04/26 00:17:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2014/02/17 00:49:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/02 14:34:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2013/10/27 21:02:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/11/07 22:25:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PacificPoker
[2014/09/02 13:23:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.EU
[2014/09/18 21:25:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStrategy
[2014/02/15 00:04:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PSQLINSTALL
[2013/10/27 21:09:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Qualcomm Atheros
[2013/10/27 21:06:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2012/08/02 14:34:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2014/05/12 18:14:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sharkystrator
[2014/10/06 23:45:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2013/10/27 21:07:22 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2013/04/26 00:20:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildGames
[2013/04/26 00:20:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
[2014/05/24 20:16:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2013/04/26 00:17:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2014/02/15 18:52:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail

Quote

11-08-2014 , 08:29 AM

Dochrohan

Pooh-Bah

Join Date: Jan 2013 Posts: 4,215

[2014/02/15 18:52:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2012/07/26 09:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2012/07/26 09:12:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2014/02/18 17:41:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012/07/26 09:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/07/26 09:12:59 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar

< MD5 for: EXPLORER.EXE >
[2013/06/01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac3 34d9034c59e1\explorer.exe
[2014/02/24 14:23:42 | 000,193,351 | ---- | M] () MD5=4CD0CA55A1087FAE64F8048BBAAE169D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2 f8c937e166b1\explorer.exe
[2014/02/23 17:02:04 | 000,217,360 | ---- | M] () MD5=641CF263A66166D4937A13D0C54EE85E -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d 00461c7696e9\explorer.exe
[2014/02/23 17:01:58 | 000,221,955 | ---- | M] () MD5=7A16C2A58C4AE38D0C07BA0A44281AB8 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e 4e770380a4b6\explorer.exe
[2014/02/23 17:02:02 | 000,220,321 | ---- | M] () MD5=7AAE58725CC3FA2540B32EECE49A1AC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3d fcc41c75b5f2\explorer.exe
[2014/02/23 17:02:00 | 000,220,310 | ---- | M] () MD5=8FCEA41A3980E356D95D5B0A4FA9729E -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab3 5faf0358fcd1\explorer.exe
[2014/02/24 14:23:48 | 000,191,929 | ---- | M] () MD5=97B22BB82728AE0621B1E507F8B3F7E2 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592 a71650d677ed\explorer.exe
[2014/02/24 14:23:51 | 000,190,101 | ---- | M] () MD5=9B158D299B5C002D6ECCE2C7BA147E40 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591 aa9850d758e4\explorer.exe
[2013/06/01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517 df2b37ad1bdc\explorer.exe
[2014/02/24 14:23:45 | 000,191,911 | ---- | M] () MD5=FA1C2C0363C4D34B5591155E5A9379DA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b508 0a0137b9becc\explorer.exe

< MD5 for: NETLOGON.DLL >
[2012/07/26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll
[2012/07/26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d6 08f9f61ee049\netlogon.dll
[2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll
[2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_5681 5ea7c1be1e4e\netlogon.dll

< MD5 for: SERVICES.EXE >
[2014/02/23 17:26:04 | 000,001,252 | ---- | M] () MD5=01AE323C40FB90976BEE63DEF7FA793B -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea 2e9f571eb2\services.exe
[2013/04/26 08:13:22 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2013/04/26 08:13:22 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d 19863a6591\services.exe
[2014/02/23 17:26:03 | 000,038,189 | ---- | M] () MD5=A8C50CABA1D522023A8ADB7A9D0F6176 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26c d38667756c\services.exe

< MD5 for: SVCHOST.EXE >
[2014/02/23 17:28:04 | 000,002,873 | ---- | M] () MD5=32EB71EEAB075D0F8ED071978C4682EF -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e850 1058f11f3dc\svchost.exe
[2014/02/25 13:33:21 | 000,003,208 | ---- | M] () MD5=651B94D8C345039E8F8843275063BBB3 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666 581d6b482a6\svchost.exe
[2014/02/23 17:28:04 | 000,000,609 | ---- | M] () MD5=80108B40AB64056B62C33C1310A02D5D -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7 e60a8019d22\svchost.exe
[2013/04/26 08:13:34 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2013/04/26 08:13:34 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a34 5c7d68772cb\svchost.exe
[2014/10/01 11:09:16 | 000,761,656 | ---- | M] (MalwareBytes) MD5=C0AFB3C7E6C7CA3F6E42FF242BBBCB1F -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2013/04/26 08:13:22 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2013/04/26 08:13:22 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e 14b8ee4e401\svchost.exe
[2014/02/25 13:33:21 | 000,000,583 | ---- | M] () MD5=FFF2A6E89735CE9E58794123C53FBCF3 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de 2dcefa42bec\svchost.exe

< MD5 for: USERINIT.EXE >
[2012/07/26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2 617a5b742e02\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3 c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014/02/24 13:33:31 | 000,053,876 | ---- | M] () MD5=19E54D861689F6CE17BD4B20301AE1F0 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c9 88c15e88a211\winlogon.exe
[2014/02/24 13:33:32 | 000,053,884 | ---- | M] () MD5=2E9EC3A89AA79B112B092AFAE03DF3C1 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c954 25d677a55b32\winlogon.exe
[2014/05/30 12:41:36 | 000,082,423 | ---- | M] () MD5=6EAFEC177DB6479B2CCC42454EAAD953 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1 b9b35e8e0a07\winlogon.exe
[2014/04/12 10:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\SysNative\winlogon.exe
[2014/04/12 10:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16891_none_c87e e12f5ec0739b\winlogon.exe
[2014/04/12 10:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17014_none_c8d8 3b755e7d1081\winlogon.exe
[2014/07/15 11:50:13 | 000,072,808 | ---- | M] () MD5=7C134B8EED9488AE64896C814E75B847 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21133_none_c94b 381e77abced6\winlogon.exe
[2014/10/01 11:09:16 | 000,761,656 | ---- | M] (MalwareBytes) MD5=C0AFB3C7E6C7CA3F6E42FF242BBBCB1F -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2014/05/30 12:41:38 | 000,072,808 | ---- | M] () MD5=C9F87F298E6BDA16C5495507E13206AD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21012_none_c95f d5c6779c8076\winlogon.exe
[2014/02/24 13:33:32 | 000,001,620 | ---- | M] () MD5=DAAD6B6A91B54D9952137011859E4644 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c 56c877aac328\winlogon.exe
[2014/02/24 13:33:31 | 000,053,889 | ---- | M] () MD5=DF6EDD19E7A4B89F081582B37F6BB878 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88c a87b5eb5b1ec\winlogon.exe

< hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/07/24 14:48:04 | 000,775,312 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/07/24 14:48:04 | 000,775,312 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/07/24 13:11:15 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/07/24 13:11:15 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/07/24 13:11:15 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/07/24 14:48:04 | 000,775,312 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014/07/24 14:48:04 | 000,775,312 | ---- | M] (Microsoft Corporation)

< hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

< End of report >

Quote

11-08-2014 , 08:32 AM

Dochrohan

Pooh-Bah

Join Date: Jan 2013 Posts: 4,215

OTL Extras logfile created on: 11/8/2014 12:46:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dustin\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17054)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 74.79% Memory free
14.14 Gb Paging File | 11.96 Gb Available in Paging File | 84.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 95.83 Gb Free Space | 51.44% Space Free | Partition Type: NTFS
Drive D: | 258.34 Gb Total Space | 258.22 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: DUSTIN | User Name: Dustin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{01137FC7-E4EC-4265-A689-25CD3F9CD84A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08DF9207-336B-4D4F-B1FD-122BC45D324B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{15924104-7AD5-4BB2-B9F5-2A5C0F2D8B9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1976C21C-A02B-4396-8ABD-047842C3B010}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{4701E308-012C-438F-A034-FCF3A61BF412}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{476BD159-52D6-4187-A51B-93A5677A0CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C282D3C-A8BC-4970-B3B2-9BBA13BB1D75}" = lport=138 | protocol=17 | dir=in | app=system |
"{5407F648-BAC2-434B-95AC-6EE44580E03C}" = rport=139 | protocol=6 | dir=out | app=system |
"{67F830DB-4971-415F-A328-9EB3C823AE5D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{811A648A-8E2A-4C04-B967-1F960EED86C2}" = rport=137 | protocol=17 | dir=out | app=system |
"{8940F8EB-38CF-449E-BDBD-769AD8F259F4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{96B1D678-0095-4737-8359-ED98D0EB3B3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{99D9D334-F626-4D93-8380-16D6CD6A9032}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9FEF17B9-A9F2-44A4-A2A6-69F9B897852A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AAA28CA6-ADBD-483B-9A86-24343E1579EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC1DC839-451E-419B-83D5-6C622C71ABE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADCA4ED5-07F9-44B4-B5A6-41DB4828C43E}" = lport=137 | protocol=17 | dir=in | app=system |
"{C6A7260E-C00E-44B5-8346-1E4B9BB9C26A}" = lport=139 | protocol=6 | dir=in | app=system |
"{C6C87FD6-67B4-4E78-9E60-C8DCC5B3D396}" = rport=138 | protocol=17 | dir=out | app=system |
"{CACDB418-5466-44CB-97EB-234638B11E8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CDE412C2-E72D-4EAF-8C12-40E38505C2B5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{D7C31494-CD0B-4C92-BA4A-D5C51C1B2E45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0CB38E4-E82D-4526-94CE-72AF4D3BD230}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EA663B39-9B44-4D0D-93D5-51B463DB3260}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F719F02C-F1F9-4F8F-80EE-2661DCD0A4B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F746B44F-BC2F-4544-9F10-5C411031533F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0060C193-8C3D-4901-AE3C-FB514AFBAE94}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe ?ms-resource://microsoft.bing/resources/app_name} |
"{010DD732-4B49-48A9-9472-240B408531BB}" = dir=out | name=windows_ie_ac_001 |
"{0235893F-B4EC-4C16-9FBF-FA12B0A3FE03}" = protocol=58 | dir=out | [email protected],-28546 |
"{0A451D79-67AD-4183-B556-3C4881DB462E}" = protocol=6 | dir=in | app=c:\program files (x86)\psqlinstall\postgres84.exe |
"{12725AB8-1F49-4B60-8ECC-DA26160E55BB}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3 d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{14888741-2380-4738-A68A-0961C572DF51}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1495C88F-1765-43AC-9604-04A42CE8BCBF}" = dir=out | name=pinball fx2 |
"{1AE2DD9B-89A3-418F-B7FA-FDCD0BB3F9CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1AF34FC6-C509-4242-B77C-E969E2A45D26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F5F6A26-BB9A-4BEC-9E78-F9D809E50CA3}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__ 8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{20C5D745-0057-4F83-A31B-8328282469A7}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3 d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{29E3DAF7-C9FA-405F-8D3F-DDEBB9CCBE00}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__ 8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3225F489-34D8-47F5-BA3E-CACF3385ABC8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{32598F2E-60B3-4848-BE9F-3F5D9E31D82A}" = protocol=6 | dir=in | app=c:\postgresql\bin\pg_ctl.exe |
"{3CB6FB6A-7E93-4B91-A290-827EC6F6465D}" = dir=out | name=music maker jam |
"{41617B83-5BFD-492D-A621-EAEE6882CBB7}" = protocol=6 | dir=in | app=c:\program files (x86)\holdem manager 2\hudfuncsapp.exe |
"{46DA6407-FA93-4194-972A-746708CF3F67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C0C41A6-AEC5-431D-8446-8D2E55FE1419}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x 64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{4F6CDF38-F515-4697-BE02-4E6A5F800ADF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F734C30-06C5-4DF4-A8C5-06D9A3997287}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51D97202-BF1B-41C3-B5DB-5C62F684A0F8}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d 8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{528D166E-DB0D-47E1-8F76-E5E4E96217EA}" = dir=in | name=music maker jam |
"{56482656-DA40-43A3-AE64-1020DB5D2B50}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59D47475-FAC2-42C6-84DD-A36BFB10484C}" = dir=in | app=c:\program files (x86)\apowersoft\streaming audio recorder\streaming audio recorder.exe |
"{5A27931A-792F-401C-8B23-39FD82AE1394}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B642567-2BDE-47BE-9CEE-5B12A8049768}" = dir=out | name=- games app - |
"{5E75816A-F528-40A1-85DF-78BA847F55CC}" = protocol=17 | dir=in | app=c:\postgresql\bin\pg_ctl.exe |
"{5F365238-F05F-4550-AA10-49F02A38B965}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"{6C031511-1CDF-4418-A184-2C61F845BD42}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"{6F48EA1B-34FA-4874-832A-D9B72496D74C}" = protocol=17 | dir=in | app=c:\postgresql\bin\postgres.exe |
"{747A7807-8AA4-451E-939E-FCD7330D8540}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{79A7156E-6D9E-4102-A3AA-340CE8CBE482}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79AABF8A-A746-4EE6-AFE1-F6AD420345E6}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8b bwe?ms-resource://microsoft.bingnews/resources/news} |
"{7A973F5A-D1CF-46E3-AC3D-DB3FF7BBB4F7}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8 bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{7F50432F-421F-4A67-A4BA-0AAA976D59E8}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{8018E68B-B269-4909-A8F9-A2D328612C0F}" = protocol=1 | dir=in | [email protected],-28543 |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{84BE4900-8D34-4736-827F-793EE7552262}" = protocol=17 | dir=in | app=c:\program files (x86)\holdem manager 2\hudfuncsapp.exe |
"{867CAC48-394B-4907-B362-47296CA6C207}" = dir=in | name=pinball fx2 |
"{880A965D-F35A-4A2E-816B-8F5F3532CDDA}" = protocol=17 | dir=in | app=c:\program files (x86)\psqlinstall\postgres84.exe |
"{895C5129-DC18-46C5-9FE8-71676F7A8EB2}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb 3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8F742722-EB63-4B60-8280-435B83C49A8F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{90487ECB-5C15-4F8B-AD65-A1F02DD4E74C}" = protocol=17 | dir=in | app=c:\program files (x86)\holdem manager 2\holdemmanager.exe |
"{93D0C7FC-E800-45F9-A204-F73E1A31F8EC}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38 zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{966E4D8D-0F59-48E4-84DF-D96B775AE6C5}" = protocol=6 | dir=out | app=system |
"{989AC55D-DB56-496D-9E57-A710BBEFEAB1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{99460262-7EA1-4C70-9D0D-230BFE7BE566}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{99AB5382-1059-45AC-AAEB-E32736E99DF9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{99B95F99-D4D6-4C40-96BE-1FA44AD5722E}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1 h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{9AC181E0-C228-4293-9F12-97792F73CEC8}" = dir=out | name=fresh paint |
"{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{AAC9FA90-1247-4E0D-A7FE-CB8BCE0CFA8D}" = protocol=1 | dir=out | [email protected],-28544 |
"{AD1E1E41-2EAD-4D10-8CB5-46E2CE406486}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{ADEDE14E-88E4-4AE4-A961-2940CB3539F5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{B2D2A137-5D02-4D96-8D24-0F08B46E7EC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B56106C4-E040-4EE8-9D02-CBC761B414FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C248A81B-6B88-473B-86D0-86A252FCE46C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC0338CC-5436-4230-A51F-02225F8F1248}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb 3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{CF0B1CC4-98D9-4B92-B40D-7FAA5605CD30}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.11 19.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CF206F6A-569A-4019-9642-EF503114BBC9}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{D57E7C59-83CC-4CFB-9F4F-21967360230B}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{DDBE4954-BCF3-4365-90FF-9EEB1FC0BF08}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d 8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{E050D1AD-FF96-4D9C-9BD0-B2098BFA2290}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1 h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E5BF39C2-D975-4D55-BDD2-CBC97E739736}" = protocol=6 | dir=in | app=c:\postgresql\bin\postgres.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EC16D9A6-0D9E-41BE-8A69-1F9CDE526DFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE22A172-2759-47D8-BBD9-46275E37636D}" = protocol=6 | dir=in | app=c:\program files (x86)\holdem manager 2\holdemmanager.exe |
"{F2FDCCCC-29DE-4A73-8E18-185FE8151B7F}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wek yb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{F586E22D-0403-4D7A-9193-FEEB88843F11}" = dir=out | app=c:\program files (x86)\apowersoft\streaming audio recorder\streaming audio recorder.exe |
"{F84E0D2A-532D-42A2-A315-3D45AD0D2E4C}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.11 19.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FB86C98E-ABCA-47FF-B9EF-229DC9834B1E}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38 zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{FDD243F3-5DED-45FB-B5DB-37F2290D50F5}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{269E3139-B45A-452E-A2EA-1AEC60739FE6}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |
"UDP Query User{9E8A5C5E-E863-4D6A-88C8-CBD0FDAD7C4D}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}" = ASUS Screen Saver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{6D989E08-8143-4AB8-B0A8-5B836235CAA4}" = ASUS Console
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A02609EB-395E-4638-8DD7-30CE043014E5}" = ANT Drivers Installer x64
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_ x64__8wekyb3d8bbwe (x64)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
"D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A" = Windows Driver Package - ASUS (ATP) Mouse (09/17/2013 1.0.0.186)
"EPSON XP-302 303 305 306 Series" = EPSON XP-302 303 305 306 Series Printer Uninstall
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"O365HomePremRetail - nl-nl" = Microsoft Office 365 - nl-nl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1E8A5FB7-0573-4083-823B-B4E31962F0BC}_is1" = Combonator version 1.75
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{2583E07B-8E75-4EF6-A377-8F2B62A7E216}" = Flopzilla
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4B102035-6549-4BC4-BA49-D3A5A4B98181}_is1" = Sharkystrator version 2.0.67a
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{560D64A9-BDFD-44B7-90D1-8FBBED7F4A19}" = Garmin Express
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6D181996-F404-4639-9B95-15012541CB7C}" = Garmin Express Tray
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}" = Garmin Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0413-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1" = Streaming Audio Recorder version 3.4.1
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D968FBF3-E4A6-4D82-981D-D7FF9B7BFC30}" = Elevated Installer
"{D97A1B80-131F-4692-9543-E652956D8B99}" = ASUS Instant Key
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.22beta
"888poker" = 888poker
"Adobe Digital Editions 3.0" = Adobe Digital Editions 3.0
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Audacity_is1" = Audacity 2.0.6
"Google Chrome" = Google Chrome
"HoldemManager2" = Holdem Manager 2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"InterActual Player" = InterActual Player
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"MyBitCast" = MyBitCast 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars.eu" = PokerStars.eu
"PostgreSQL 8.4" = PostgreSQL 8.4
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0eda17f7-fdf1-44cd-87c0-caf591ca3a2e" = Penguins!
"WTA-4ac01422-47f4-450d-be29-dd2c93505f68" = Peggle
"WTA-874d1d57-0527-4e80-adaa-bce83e1a070b" = Azteca
"WTA-cf23f5a3-be59-42a3-91d4-7147cb84c427" = Bejeweled 3
"WTA-d927468d-46de-4206-b527-35d00680ffb7" = Tales of Lagoona
"WTA-f9eaaca9-82be-44ea-8a23-da50b5803b42" = Cut the Rope
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"3202946526.www.icmpoker.com" = ICMIZER
"Free Documents Viewer" = Free Documents Viewer
"JoinMe" = join.me
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Smart Menu" = Smart Menu

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2014 5:33:16 PM | Computer Name = Dustin | Source = SmartMenuLogger | ID = 2
Description =

Error - 11/7/2014 5:33:16 PM | Computer Name = Dustin | Source = SmartMenuLogger | ID = 2
Description =

Error - 11/7/2014 10:35:30 PM | Computer Name = Dustin | Source = PostgreSQL | ID = 0
Description = 2014-11-08 03:35:30 CETFATAL: the database system is starting up

Error - 11/7/2014 10:35:31 PM | Computer Name = Dustin | Source = PostgreSQL | ID = 0
Description = 2014-11-08 03:35:31 CETFATAL: the database system is starting up

Error - 11/7/2014 10:35:34 PM | Computer Name = Dustin | Source = PostgreSQL | ID = 0
Description = 2014-11-08 03:35:34 CETFATAL: the database system is starting up

Error - 11/7/2014 10:35:36 PM | Computer Name = Dustin | Source = SmartMenuLogger | ID = 2
Description =

Error - 11/7/2014 10:35:37 PM | Computer Name = Dustin | Source = SmartMenuLogger | ID = 2
Description =

Error - 11/7/2014 10:35:37 PM | Computer Name = Dustin | Source = SmartMenuLogger | ID = 2
Description =

Error - 11/7/2014 10:35:37 PM | Computer Name = Dustin | Source = SmartMenuLogger | ID = 2
Description =

Error - 11/7/2014 10:47:46 PM | Computer Name = Dustin | Source = Office 2013 Licensing Service | ID = 0
Description =

[ System Events ]
Error - 10/29/2014 7:45:39 AM | Computer Name = Dustin | Source = bowser | ID = 8016
Description =

Error - 10/29/2014 9:14:41 AM | Computer Name = Dustin | Source = bowser | ID = 8003
Description =

Error - 10/29/2014 10:52:19 AM | Computer Name = Dustin | Source = bowser | ID = 8003
Description =

Error - 10/29/2014 1:54:23 PM | Computer Name = Dustin | Source = bowser | ID = 8003
Description =

Error - 10/29/2014 2:42:20 PM | Computer Name = Dustin | Source = bowser | ID = 8003
Description =

Error - 10/29/2014 3:18:18 PM | Computer Name = Dustin | Source = bowser | ID = 8003
Description =

Error - 10/29/2014 4:16:23 PM | Computer Name = Dustin | Source = bowser | ID = 8003
Description =

Error - 10/29/2014 5:00:57 PM | Computer Name = Dustin | Source = bowser | ID = 8003
Description =

Error - 10/29/2014 6:42:24 PM | Computer Name = Dustin | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:38:08 PM on ?10/?29/?2014 was unexpected.

Error - 10/29/2014 8:36:16 PM | Computer Name = Dustin | Source = bowser | ID = 8003
Description =

< End of report >

Quote

11-08-2014 , 08:35 AM

Dochrohan

Pooh-Bah

Join Date: Jan 2013 Posts: 4,215

Quote:

Originally Posted by Anais

you run malware bytes? what virus program? where did you read removal instructions?

Yeah I have malware bytes.

It was one of the first 10 links from google.

Quote

11-08-2014 , 02:45 PM

Gabethebabe

Malware Jedi

Join Date: Oct 2007 Posts: 27,725

Please download AdwCleaner from HERE.

Run it and run a scan, after that delete all that was found. It will reboot your computer and present a log, post that log back here.

Quote

11-09-2014 , 05:03 AM

#10

Anais

Carpal \'Tunnel

Join Date: Mar 2006 Posts: 6,663

Would[ code ] tags make this thread more or less readable?

Quote

11-09-2014 , 08:24 AM

#11

thunderbolts

Pooh-Bah

Join Date: Aug 2008 Posts: 3,596

The OTL logs are formatted as well as they can be. Code tags tend to make things harder to read.

Quote

11-09-2014 , 05:39 PM

#12

Gabethebabe

Malware Jedi

Join Date: Oct 2007 Posts: 27,725

Quote:

Originally Posted by Anais

Would[ code ] tags make this thread more or less readable?

Please no. The more text fits on one line, the better.

Quote

11-10-2014 , 12:10 PM

#13

FrankyRizzo

adept

Join Date: Sep 2011 Posts: 971

boot you pc in safe mode with networking. run the adwcleaner, then mbytes again, then reboot. if still there, run combofix and then reboot again.

Quote

11-11-2014 , 05:20 AM

#14

Gabethebabe

Malware Jedi

Join Date: Oct 2007 Posts: 27,725

Quote:

Originally Posted by FrankyRizzo

boot you pc in safe mode with networking. run the adwcleaner, then mbytes again, then reboot. if still there, run combofix and then reboot again.

GTFO

Seriously

You cannot request people to run Combofix without supervision. It is a powerful tool that can make or break your computer and requires someone who can read the logs (like yours truly).

Quote

11-11-2014 , 09:37 AM

#15

thunderbolts

Pooh-Bah

Join Date: Aug 2008 Posts: 3,596

Quote:

Originally Posted by Gabethebabe

As in the other thread, +1 to this.

Let's assume FrankyRizzo has good intentions but a poor understanding of ComboFix - but that's plain bad advice.

Quote

150% up to $2,000 Welcome Bonus on CoinPoker

Join the action now

Daily Rewards • Splash Pots • CoinRaces

Post Reply Subscribe

...