Inactive 579 Locked/Infected files on my pc

Broni · Dec 24, 2013

My fault. It won't run on Windows 8.1. Sorry about it

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Chris Corson · Dec 24, 2013

Its fine,lol.....I just "really" appreciate the help!

Chris Corson · Dec 24, 2013

# AdwCleaner v3.016 - Report created 24/12/2013 at 16:56:24
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Brown - FAMILY
# Running from : C:\Users\Brown\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
[!] Folder Deleted : C:\Program Files (x86)\iSafe
Folder Deleted : C:\Users\Brown\AppData\Roaming\iSafe
***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16384

-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Brown\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [611 octets] - [23/12/2013 02:00:45]
AdwCleaner[R1].txt - [947 octets] - [24/12/2013 16:55:58]
AdwCleaner[S0].txt - [671 octets] - [23/12/2013 02:02:09]
AdwCleaner[S1].txt - [881 octets] - [24/12/2013 16:56:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [940 octets] ##########

Chris Corson · Dec 24, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 x64
Ran by Brown on Tue 12/24/2013 at 17:00:36.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
Successfully stopped: [Service] isafekrnl
Successfully deleted: [Service] isafekrnl
Successfully stopped: [Service] isafeservice
Successfully deleted: [Service] isafeservice
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Brown\AppData\Roaming\isafe"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/24/2013 at 17:02:46.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Chris Corson · Dec 24, 2013

OTL logfile created on: 12/24/2013 5:06:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brown\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 75.43% Memory free
5.28 Gb Paging File | 4.28 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 903.59 Gb Free Space | 97.00% Space Free | Partition Type: NTFS
Drive D: | 143.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FAMILY | User Name: Brown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/24 17:05:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brown\Downloads\OTL.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/07/17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2013/12/22 22:27:09 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/11/14 02:29:02 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/11/14 02:29:02 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/14 02:29:01 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/14 02:28:59 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/14 02:25:27 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/11/14 02:25:27 | 000,365,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/11/14 02:25:26 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/11/14 02:25:26 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/22 07:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 06:07:52 | 001,566,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 04:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 04:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013/12/02 10:58:48 | 002,151,232 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/26 00:06:38 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/11/14 02:25:25 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/10/03 23:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/22 22:27:09 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/12/22 22:27:09 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/12/22 22:27:09 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/12/22 22:27:09 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/12/22 22:27:09 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/14 02:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/14 02:25:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/11/14 02:25:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/11/14 02:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 02:23:24 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/11/14 02:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/11/14 02:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/10/03 23:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/26 04:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/09/26 04:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 07:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 07:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 07:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 07:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/31 13:25:43 | 001,936,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/04/29 08:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/23 10:22:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/09/24 18:32:02 | 000,232,576 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmc412.sys -- (VMC412)
DRV:64bit: - [2012/07/10 09:19:28 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2012/07/03 14:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/07/02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/02 16:03:52 | 000,013,696 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuacflt.sys -- (vmuacflt)
DRV - [2012/07/10 09:19:28 | 000,015,160 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-19\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-20\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Brown\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: about:blank
CHR - Extension: No name found = C:\Users\Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/23 14:16:55 | 000,450,664 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2172578277-3556371044-303664867-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15183217-9769-4AD7-A274-E2444DA25760}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29314581-1E58-49E5-B722-8E85072F712C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Bleeping Computer, LLC)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Bleeping Computer, LLC)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Bleeping Computer, LLC)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (PCloudBroom64.exe \systemroot\system32\BroomData.bit)
O34 - HKLM BootExecute: (PCloudBroom64.exe \systemroot\system32\BroomData.bit)
O34 - HKLM BootExecute: (PCloudBroom64.exe \systemroot\system32\BroomData.bit)
O34 - HKLM BootExecute: (PCloudBroom64.exe \systemroot\system32\BroomData.bit)
O34 - HKLM BootExecute: (PCloudBroom64.exe \systemroot\system32\BroomData.bit)
O34 - HKLM BootExecute: (Rmvirus.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Chris Corson · Dec 24, 2013

========== Files/Folders - Created Within 30 Days ==========

[2013/12/24 15:54:40 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\ElevatedDiagnostics
[2013/12/24 14:07:34 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2013/12/24 14:07:09 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2013/12/24 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Brown\Desktop\mbar
[2013/12/24 14:00:39 | 000,000,000 | ---D | C] -- C:\Users\Brown\Desktop\RK_Quarantine
[2013/12/24 12:54:49 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/24 12:34:22 | 000,688,992 | ---- | C] (Swearware) -- C:\WINDOWS\SysNative\dds.com
[2013/12/24 12:33:05 | 000,688,992 | ---- | C] (Swearware) -- C:\dds.com
[2013/12/23 17:30:10 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\ClassicShell
[2013/12/23 15:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/12/23 15:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/12/23 15:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/12/23 15:04:24 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\Apple
[2013/12/23 15:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/12/23 15:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/23 15:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/23 15:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/12/23 15:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/12/23 15:01:57 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/12/23 15:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/23 15:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/12/23 15:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/12/23 14:05:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\%LOCALAPPDATA%
[2013/12/23 14:00:14 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\CrashDumps
[2013/12/23 13:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/23 13:59:46 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\SysNative\sdnclean64.exe
[2013/12/23 13:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/12/23 13:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/23 13:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/23 13:54:33 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Spotify
[2013/12/23 13:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/12/23 13:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/12/23 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\vlc
[2013/12/23 13:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/12/23 13:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/12/23 13:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/12/23 13:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/12/23 13:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2013/12/23 13:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/12/23 13:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/12/23 13:49:40 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\HuluDesktop
[2013/12/23 13:49:40 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop
[2013/12/23 13:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013/12/23 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/12/23 13:48:36 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Winamp
[2013/12/23 13:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013/12/23 13:48:20 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\MediaMonkey
[2013/12/23 13:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2013/12/23 13:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2013/12/23 13:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2013/12/23 13:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2013/12/23 13:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/12/23 13:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2013/12/23 13:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013/12/23 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/12/23 13:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/12/23 13:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/12/23 13:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/12/23 13:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/12/23 13:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/12/23 13:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/12/23 13:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/12/23 13:47:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Adobe
[2013/12/23 13:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/12/23 13:46:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/23 13:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/23 13:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/12/23 13:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/23 13:44:31 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\Google
[2013/12/23 13:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/23 13:26:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/12/23 13:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/12/23 13:20:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\catroot2
[2013/12/23 12:19:49 | 000,096,856 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SMR410.SYS.bak
[2013/12/23 05:13:19 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Comodo
[2013/12/23 05:05:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\tasks\ImCleanDisabled
[2013/12/23 03:50:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/12/23 02:16:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys.bak
[2013/12/23 02:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/12/23 01:59:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/23 01:55:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/12/23 01:13:50 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Malwarebytes
[2013/12/23 01:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/23 01:13:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2013/12/23 01:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/23 00:58:15 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys.bak
[2013/12/23 00:55:55 | 000,252,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgwfpa.sys.bak
[2013/12/23 00:55:54 | 000,123,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgmfx64.sys.bak
[2013/12/23 00:55:54 | 000,031,544 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgrkx64.sys.bak
[2013/12/23 00:55:52 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgloga.sys.bak
[2013/12/23 00:55:51 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgldx64.sys.bak
[2013/12/23 00:55:49 | 000,194,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsha.sys.bak
[2013/12/23 00:55:48 | 000,240,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys.bak
[2013/12/23 00:55:46 | 000,150,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgdiska.sys.bak
[2013/12/23 00:55:46 | 000,020,496 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgboota.sys.bak
[2013/12/23 00:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/12/23 00:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/23 00:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/23 00:42:38 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Apple Computer
[2013/12/23 00:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013/12/23 00:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2013/12/23 00:42:31 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\IObit
[2013/12/23 00:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/12/23 00:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
[2013/12/23 00:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/12/22 22:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/12/22 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/12/22 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/12/22 22:33:43 | 000,000,000 | --SD | C] -- C:\$RECYCLE.BIN
[2013/12/22 21:41:51 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\TuneUp Software
[2013/12/22 21:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/12/22 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\MFAData
[2013/12/22 21:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/12/22 21:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/12/22 21:29:10 | 000,000,000 | --SD | C] -- C:\Users\Brown\Documents\Passwords Database
[2013/12/22 21:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/12/22 21:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DRVSTORE
[2013/12/22 20:06:02 | 000,013,696 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\SysNative\drivers\vmuacflt.sys.bak
[2013/12/22 20:06:01 | 000,232,576 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\SysNative\drivers\vmc412.sys.bak
[2013/12/22 20:05:28 | 000,081,760 | ---- | C] (LSI Corporation) -- C:\WINDOWS\SysNative\drivers\lsi_sas3.sys.bak
[2013/12/22 20:05:13 | 000,025,296 | ---- | C] (ENE TECHNOLOGY INC.) -- C:\WINDOWS\SysNative\drivers\enecirhid.sys.bak
[2013/12/22 20:05:12 | 000,072,688 | ---- | C] (ENE TECHNOLOGY INC.) -- C:\WINDOWS\SysNative\drivers\enecir.sys.bak
[2013/12/22 20:05:03 | 000,017,624 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\SysNative\drivers\bcmfn2.sys.bak
[2013/12/22 20:04:59 | 000,782,176 | ---- | C] (PMC-Sierra) -- C:\WINDOWS\SysNative\drivers\adp80xx.sys.bak
[2013/12/22 19:41:10 | 000,000,000 | R--D | C] -- C:\Users\Brown\SkyDrive
[2013/12/22 19:39:36 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Identities
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\AppData\Local\Temporary Internet Files
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\Templates
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\Start Menu
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\SendTo
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\Recent
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\PrintHood
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\NetHood
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\Documents\My Videos
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\Documents\My Pictures
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\Documents\My Music
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\My Documents
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\Local Settings
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\AppData\Local\History
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\Cookies
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\Application Data
[2013/12/22 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Brown\AppData\Local\Application Data
[2013/12/22 19:32:48 | 000,000,000 | --SD | C] -- C:\Users\Brown\AppData\Roaming\Microsoft
[2013/12/22 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/12/22 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\Brown\Favorites
[2013/12/22 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\Brown\Documents
[2013/12/22 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\Brown\Desktop
[2013/12/22 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/12/22 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/12/22 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\Temp
[2013/12/22 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\Microsoft
[2013/12/22 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/12/22 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData
[2013/12/22 19:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/12/22 19:30:15 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.DLL
[2013/12/22 19:30:15 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.DLL
[2013/12/22 19:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/12/22 19:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\VMC412
[2013/12/22 19:29:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/12/22 16:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2013/12/22 15:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/12/22 15:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/12/22 15:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/12/22 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\Adobe
[2013/12/22 15:31:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
[2013/12/22 15:31:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013/12/22 15:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo USB2.0 UVC Camera
[2013/12/22 15:28:35 | 000,232,576 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\SysNative\drivers\vmc412.sys
[2013/12/22 15:28:35 | 000,178,688 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\SysNative\vmctrl.ax
[2013/12/22 15:28:35 | 000,131,072 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\SysWow64\vmctrl.ax
[2013/12/22 15:28:35 | 000,117,760 | ---- | C] (Vimicro Corp) -- C:\WINDOWS\SysNative\VimicroApoPgExtX64.dll
[2013/12/22 15:28:35 | 000,106,496 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\SysNative\VimicroAPOX64.dll
[2013/12/22 15:28:35 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\SysWow64\exvmuvc.ax
[2013/12/22 15:28:35 | 000,013,696 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\SysNative\drivers\vmuacflt.sys
[2013/12/22 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vimicro Corporation
[2013/12/22 15:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\lenovo Cam_Win8 V93
[2013/12/22 15:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\H339 ATSC TVtunner Driver
[2013/12/22 15:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\H339 DVBT TVtunner Driver
[2013/12/22 15:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Win864
[2013/12/22 15:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Win832
[2013/12/22 15:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\XP32
[2013/12/22 15:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Win764
[2013/12/22 15:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Win732
[2013/12/22 15:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista64
[2013/12/22 15:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista32
[2013/12/22 15:26:29 | 000,000,000 | ---D | C] -- C:\Compal Embedded System Control
[2013/12/22 15:25:04 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\InstallShield
[2013/12/22 15:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVerMedia
[2013/12/22 15:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/12/22 15:23:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sda
[2013/12/22 15:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/12/22 15:22:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\jmesoft
[2013/12/22 15:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/12/22 15:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/12/22 15:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/12/22 15:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013/12/22 15:21:03 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\SysWow64\CSVer.dll
[2013/12/22 15:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/12/22 15:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2013/12/22 15:18:10 | 000,000,000 | ---D | C] -- C:\drivers
[2013/12/22 14:38:17 | 000,000,000 | ---D | C] -- C:\Users\Brown\Desktop\Essentials
[2013/12/22 14:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/12/22 14:25:12 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/22 14:22:31 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/12/22 14:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/12/22 14:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/12/22 14:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/12/22 14:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Regenerator
[2013/12/22 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\Downloaded Installations
[2013/12/22 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\uTorrent
[2013/12/22 00:18:44 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/12/22 00:16:00 | 000,000,000 | -HSD | C] -- C:\Boot
[2013/12/21 21:57:55 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\NPE
[2013/12/21 21:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/12/21 21:54:50 | 000,305,504 | ---- | C] (VIA Corporation) -- C:\WINDOWS\SysNative\drivers\VSTXRAID.SYS.bak
[2013/12/21 21:54:38 | 000,591,360 | ---- | C] (Realtek ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys.bak
[2013/12/21 21:54:35 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\SysNative\drivers\PSKMAD.sys.bak
[2013/12/21 21:54:29 | 000,063,840 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\SysNative\drivers\mvumis.sys.bak
[2013/12/21 21:54:24 | 000,093,536 | ---- | C] (LSI Corporation) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys.bak
[2013/12/21 21:54:24 | 000,082,784 | ---- | C] (LSI Corporation) -- C:\WINDOWS\SysNative\drivers\lsi_sss.sys.bak
[2013/12/21 21:54:05 | 000,259,424 | ---- | C] (AMD Technologies Inc.) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys.bak
[2013/12/21 21:54:02 | 000,108,896 | ---- | C] (LSI) -- C:\WINDOWS\SysNative\drivers\3ware.sys.bak
[2013/12/21 21:53:00 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\SysNative\drivers\PSKMAD.sys
[2013/12/21 21:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/12/21 21:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2013/12/21 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\Programs
[2013/12/21 21:52:33 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/12/21 21:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/12/21 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\eCyber
[2013/12/21 21:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
[2013/12/21 21:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\log
[2013/12/21 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Macromedia
[2013/12/21 21:34:20 | 000,000,000 | ---D | C] -- C:\Intel
[2013/12/21 21:27:52 | 000,000,000 | R--D | C] -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/12/21 21:27:52 | 000,000,000 | R--D | C] -- C:\Users\Brown\Searches
[2013/12/21 21:27:52 | 000,000,000 | R--D | C] -- C:\Users\Brown\Contacts
[2013/12/21 21:27:52 | 000,000,000 | R--D | C] -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/12/21 21:27:52 | 000,000,000 | ---D | C] -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/12/21 21:27:49 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Roaming\Adobe
[2013/12/21 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\VirtualStore
[2013/12/21 21:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2013/12/21 21:27:19 | 000,000,000 | ---D | C] -- C:\Users\Brown\AppData\Local\Packages
[2013/12/21 21:27:03 | 000,000,000 | R--D | C] -- C:\Users\Brown\Videos
[2013/12/21 21:27:03 | 000,000,000 | R--D | C] -- C:\Users\Brown\Saved Games
[2013/12/21 21:27:03 | 000,000,000 | R--D | C] -- C:\Users\Brown\Pictures
[2013/12/21 21:27:03 | 000,000,000 | R--D | C] -- C:\Users\Brown\Music
[2013/12/21 21:27:03 | 000,000,000 | R--D | C] -- C:\Users\Brown\Links
[2013/12/21 21:27:03 | 000,000,000 | R--D | C] -- C:\Users\Brown\Downloads
[2013/12/21 18:03:23 | 000,000,000 | --SD | C] -- C:\System Volume Information
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/24 17:01:35 | 000,818,732 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/12/24 17:01:35 | 000,683,524 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/12/24 17:01:35 | 000,124,052 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/12/24 16:59:05 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/24 16:57:37 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/24 16:57:36 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/24 16:57:03 | 3354,058,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/24 16:57:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/24 16:54:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/24 14:07:34 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2013/12/24 14:07:09 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2013/12/24 14:02:57 | 000,305,504 | ---- | M] (VIA Corporation) -- C:\WINDOWS\SysNative\drivers\VSTXRAID.SYS.bak
[2013/12/24 14:02:55 | 000,013,696 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\SysNative\drivers\vmuacflt.sys.bak
[2013/12/24 14:02:54 | 000,232,576 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\SysNative\drivers\vmc412.sys.bak
[2013/12/24 14:02:37 | 000,591,360 | ---- | M] (Realtek ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys.bak
[2013/12/24 14:02:33 | 000,047,632 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\SysNative\drivers\PSKMAD.sys.bak
[2013/12/24 14:02:23 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\SysNative\drivers\mvumis.sys.bak
[2013/12/24 14:02:15 | 000,082,784 | ---- | M] (LSI Corporation) -- C:\WINDOWS\SysNative\drivers\lsi_sss.sys.bak
[2013/12/24 14:02:15 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys.bak
[2013/12/24 14:02:14 | 000,093,536 | ---- | M] (LSI Corporation) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys.bak
[2013/12/24 14:02:14 | 000,081,760 | ---- | M] (LSI Corporation) -- C:\WINDOWS\SysNative\drivers\lsi_sas3.sys.bak
[2013/12/24 14:02:00 | 000,017,720 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\EMSC.sys.bak
[2013/12/24 14:01:51 | 000,252,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgwfpa.sys.bak
[2013/12/24 14:01:51 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgrkx64.sys.bak
[2013/12/24 14:01:51 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\SysNative\drivers\bcmfn2.sys.bak
[2013/12/24 14:01:50 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgloga.sys.bak
[2013/12/24 14:01:50 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys.bak
[2013/12/24 14:01:50 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgldx64.sys.bak
[2013/12/24 14:01:50 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsha.sys.bak
[2013/12/24 14:01:50 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgdiska.sys.bak
[2013/12/24 14:01:50 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgmfx64.sys.bak
[2013/12/24 14:01:49 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgboota.sys.bak
[2013/12/24 14:01:48 | 000,259,424 | ---- | M] (AMD Technologies Inc.) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys.bak
[2013/12/24 14:01:47 | 000,782,176 | ---- | M] (PMC-Sierra) -- C:\WINDOWS\SysNative\drivers\adp80xx.sys.bak
[2013/12/24 14:01:46 | 000,108,896 | ---- | M] (LSI) -- C:\WINDOWS\SysNative\drivers\3ware.sys.bak
[2013/12/24 12:19:09 | 000,688,992 | ---- | M] (Swearware) -- C:\WINDOWS\SysNative\dds.com
[2013/12/24 12:19:09 | 000,688,992 | ---- | M] (Swearware) -- C:\dds.com
[2013/12/23 15:16:14 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\YAC.lnk
[2013/12/23 14:39:15 | 000,000,911 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/12/23 14:16:55 | 000,450,664 | R--- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2013/12/23 14:16:43 | 000,450,664 | R--- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts.20131223-141655.backup
[2013/12/23 14:16:30 | 000,450,664 | R--- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts.20131223-141643.backup
[2013/12/23 13:50:46 | 000,001,200 | ---- | M] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/23 13:48:54 | 000,001,016 | ---- | M] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2013/12/23 13:26:33 | 000,335,784 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/12/23 13:22:30 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/23 13:19:09 | 000,000,855 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts.20131223-141630.backup
[2013/12/23 13:12:30 | 000,818,732 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/12/23 12:20:36 | 000,000,741 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts_bak_609
[2013/12/23 12:19:50 | 000,096,856 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SMR410.SYS.bak
[2013/12/23 12:19:29 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys.bak
[2013/12/23 02:31:08 | 000,000,630 | ---- | M] () -- C:\WINDOWS\SysWow64\BroomData.bit
[2013/12/22 20:33:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/12/22 20:06:52 | 000,072,688 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\WINDOWS\SysNative\drivers\enecir.sys.bak
[2013/12/22 20:06:52 | 000,025,296 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\WINDOWS\SysNative\drivers\enecirhid.sys.bak
[2013/12/22 19:37:16 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/12/22 19:37:16 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/12/22 19:37:07 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/12/22 19:18:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2013/12/22 16:44:07 | 000,015,772 | ---- | M] () -- C:\WINDOWS\SysNative\results.xml
[2013/12/22 14:54:28 | 000,033,512 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\DasPtct.SYS.bak
[2013/12/22 14:24:20 | 000,000,207 | ---- | M] () -- C:\WINDOWS\tweaking.com-regbackup-FAMILY-Microsoft-Windows-8-(64-bit).dat
[2013/12/22 14:11:30 | 000,000,829 | ---- | M] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/12/21 21:55:02 | 000,000,741 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts_bak_893
[2013/12/21 21:34:32 | 000,001,425 | ---- | M] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/21 21:34:32 | 000,000,223 | -HS- | M] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/12/01 08:10:54 | 000,257,624 | ---- | M] () -- C:\WINDOWS\SysNative\unrar64.dll
[2013/12/01 08:10:54 | 000,218,200 | ---- | M] () -- C:\WINDOWS\SysWow64\unrar.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/23 15:16:14 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\YAC.lnk
[2013/12/23 15:04:23 | 000,002,535 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/12/23 14:39:15 | 000,000,911 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/12/23 13:59:49 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/23 13:54:34 | 000,001,835 | ---- | C] () -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/12/23 13:53:58 | 000,257,624 | ---- | C] () -- C:\WINDOWS\SysNative\unrar64.dll
[2013/12/23 13:53:58 | 000,218,200 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2013/12/23 13:51:12 | 000,001,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/12/23 13:50:46 | 000,001,200 | ---- | C] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/23 13:48:54 | 000,001,016 | ---- | C] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2013/12/23 13:47:50 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013/12/23 13:44:48 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/23 13:44:36 | 000,000,920 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/23 13:44:35 | 000,000,916 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/22 20:33:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/12/22 20:17:59 | 000,000,630 | ---- | C] () -- C:\WINDOWS\SysWow64\BroomData.bit
[2013/12/22 20:05:12 | 000,017,720 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\EMSC.sys.bak
[2013/12/22 19:39:39 | 000,001,443 | ---- | C] () -- C:\Users\Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/22 19:37:07 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/12/22 19:33:58 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/12/22 19:32:49 | 000,000,352 | ---- | C] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/12/22 19:32:49 | 000,000,334 | ---- | C] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/12/22 19:32:43 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/12/22 19:32:43 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/12/22 16:44:07 | 000,015,772 | ---- | C] () -- C:\WINDOWS\SysNative\results.xml
[2013/12/22 14:54:28 | 000,033,512 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\DasPtct.SYS.bak
[2013/12/22 14:31:58 | 000,818,732 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/12/22 14:24:20 | 000,000,207 | ---- | C] () -- C:\WINDOWS\tweaking.com-regbackup-FAMILY-Microsoft-Windows-8-(64-bit).dat
[2013/12/22 14:11:30 | 000,000,829 | ---- | C] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/12/22 00:18:29 | 3354,058,752 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/22 00:16:31 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/12/22 00:16:01 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2013/12/21 21:57:45 | 000,022,752 | ---- | C] () -- C:\WINDOWS\SysNative\PCloudBroom64.exe
[2013/12/21 21:34:32 | 000,001,425 | ---- | C] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/21 21:27:03 | 000,000,223 | -HS- | C] () -- C:\Users\Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/10/03 23:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/03 23:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/03 23:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 22:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/07/10 09:19:28 | 000,577,536 | ---- | C] () -- C:\WINDOWS\SysWow64\EMSC.DLL
[2012/07/10 09:19:28 | 000,015,160 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\EMSC.sys
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/14 02:38:19 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/14 02:38:19 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\SysWow64\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/24 12:33:29 | 000,000,000 | ---D | M] -- C:\Users\Brown\AppData\Roaming\ClassicShell
[2013/12/21 21:40:14 | 000,000,000 | ---D | M] -- C:\Users\Brown\AppData\Roaming\eCyber
[2013/12/23 00:42:37 | 000,000,000 | ---D | M] -- C:\Users\Brown\AppData\Roaming\IObit
[2013/12/23 13:48:20 | 000,000,000 | ---D | M] -- C:\Users\Brown\AppData\Roaming\MediaMonkey
[2013/12/23 13:54:34 | 000,000,000 | ---D | M] -- C:\Users\Brown\AppData\Roaming\Spotify
[2013/12/22 21:41:51 | 000,000,000 | ---D | M] -- C:\Users\Brown\AppData\Roaming\TuneUp Software
[2013/12/22 22:53:07 | 000,000,000 | ---D | M] -- C:\Users\Brown\AppData\Roaming\uTorrent
[2013/12/23 04:23:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2013/12/23 04:23:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\Users\Brown\SkyDrive:ms-properties
< End of report >

Chris Corson · Dec 24, 2013

OTL Extras logfile created on: 12/24/2013 5:06:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brown\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 75.43% Memory free
5.28 Gb Paging File | 4.28 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 903.59 Gb Free Space | 97.00% Space Free | Partition Type: NTFS
Drive D: | 143.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FAMILY | User Name: Brown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C16A150-2A85-4A75-A07E-0F40AB3FF1C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{1B68648E-DEF5-4253-827B-75E600E2C561}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{204A6AA5-9247-4962-B215-AE31E13E695F}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
"{22FF0810-804D-4CEE-A6A1-61B64B158CF4}" = rport=137 | protocol=17 | dir=out | app=system |
"{237740A5-487E-4654-BD6F-AC26A27631DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F19089D-BDA4-4436-A618-51358FC90DA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F417902-30FF-49AB-AB45-160B157DA5A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46E45D54-FF05-4D64-9238-3520F045F90E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DD0AE74-3B60-43EA-8C03-4837D83085A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{57BDE062-6AA0-402F-A42D-F85EBB642BC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{61BF9E70-49CB-4931-9FCB-5D41CAB797BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6441A857-2BE2-4F80-9CD3-D4938E6718C9}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A6029CF-6A90-4DB0-98BC-CED3081D0D37}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D59CBDB-2B46-4FEC-B78F-EA79758325F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system |
"{78853095-E2BF-49BA-A2ED-36805B858326}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system |
"{86B8CA50-B459-4E0F-9C97-3CE2E4D7242F}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94CC00C2-03E3-46D4-834E-CA95C9EDEEE6}" = lport=445 | protocol=6 | dir=in | app=system |
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A0012EF-F83D-4BA2-84C5-52553771C48F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FF876A7-E40A-47E5-BFBA-68F4057138AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system |
"{B8A4E0C7-3F97-4176-B457-EB17B6C4254E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC3B2ABA-6B9F-4778-B4A8-F95CD0328DE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEAF93E4-9DD9-43E4-8A7E-37A1EA96206C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2D1A823-95FC-4BE3-846A-37ABE0DB6E09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CD417129-40AB-4539-9A24-8DCE1B7C43E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D100A445-0CA3-40BA-B3A2-043CD48C88C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{D45F9354-D5BA-48FD-B109-6F9491D41D89}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3ED17A5-10E2-42D1-BE63-B6EC4C06A570}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6F28E8D-EAAC-42C9-9F3E-AFA70969C183}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4CA97EA-40DB-4C53-B8F1-5C0A4C1382ED}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F7D1193F-71F1-4FB4-90FD-DCBC1E86F633}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F85938EE-89BF-465F-8994-50CBC6D4C0C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128D248-3CA6-4196-AD20-2884D1A1DEC9}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{057D623B-552D-4581-B6D2-47524BF382F2}" = dir=in | name=f5 vpn |
"{0622F4C4-D8D3-4606-9C88-94D0C28BC875}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{0725483C-4D95-4CC3-9B83-63F53FDCD41F}" = dir=out | name=@{microsoft.bingmaps_2.0.2009.2356_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{075C9B78-1793-4568-9404-5F7808B3F289}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09F845D0-2886-4DA8-9640-BA6B4F2F8C09}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{0C9EDE9A-2C1D-40A2-B183-62FD9BDF9D58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0D6A41E4-CEFC-47EE-9E6C-CA1C3CF306E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D7ACA47-DAA3-49B8-9DE7-07B0702D92A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{137E8B30-2159-4DAF-A74C-F89904DAD30E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1638942D-5A48-40A6-B874-67421E77F7E2}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{186437BE-8DD3-48C6-B180-D55A8235AC24}" = dir=out | name=@{microsoft.zunemusic_2.2.339.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{1912C3E4-2315-4DFE-A3AE-C29389573725}" = protocol=6 | dir=out | app=system |
"{1EB7FA84-BA69-4CBE-994E-A1F6988387C6}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{1F577BC1-B319-4AE9-B5A4-78AEDCB20BB4}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{20CAB3D6-E797-4EAA-BCDE-A01A306C59C8}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{217E75FF-4D10-40A6-BB6C-BBE08A63C10A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{243979DB-56C0-424E-89C9-B93214E5F652}" = dir=out | name=windows_ie_ac_001 |
"{26AFBB2A-A2B5-41FB-BF10-9CA27020AA07}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2947272A-4F67-4A0F-A825-E1B7D81B7F12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B4E4C73-0041-4F29-BB42-7C040BF7697A}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2C1D8AB5-B567-44B6-9591-4564108FDC46}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33FA78CF-D105-4576-8216-DFE34C56542C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3409F376-1EC3-4E9E-951D-883BEDB2E4E2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{383EA6B7-B9C9-42C8-88DE-5CDFAE2CC35A}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{3ACE5822-1254-44D4-85DB-262C07F80886}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4573DF2D-3746-456B-B55C-90B4B7EAE9CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AE21511-D8F6-4292-BECA-946DC250C6C4}" = dir=out | name=sonicwall mobile connect |
"{4C41881C-59F3-4D10-814E-ADEC8D76A40C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DA3135C-FE3A-4327-9163-37CEA0209ED3}" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{4F03D703-76AB-404D-BD66-B233BD92E7D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4FF1D99A-2049-4B2E-982D-301632A432D9}" = dir=in | name=skype |
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5158FFA2-3057-4AE7-8DAA-7D7DAE2DFB94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51DB1F65-D140-4464-A535-2E7E44E03C55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{53A24E6D-D0BD-4667-93A1-8F0CC081AF2C}" = dir=in | name=check point vpn |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{57334B3C-6013-4B21-B13D-023BF7F5B184}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5992F6C6-E1C3-4AC8-8A14-334BABCAD024}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5CED0507-C643-418C-9F3C-B78FBEBD6FB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DBA0FC3-B48A-49C0-8150-92F5A5DCB69B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5F469EE9-888B-4C55-9418-8CADE9CB2AE3}" = dir=out | name=@{microsoft.bingfinance_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{60D1B2BB-C021-4910-9945-4F9AC140ECD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62C0D405-6F55-4B32-A37E-41106B2995BD}" = dir=out | name=@{microsoft.xboxlivegames_2.0.20.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{63559DDB-2772-4B80-829B-B7E4FEE40ECE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63D8004B-A68C-46C4-8C16-7E273B0EBE5B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{6406905F-3DA7-4C2A-9CE2-9B6AE6FEBDBC}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{6421BBE9-11B8-4EC8-A1EB-F810DA72F37B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6604ACBE-0CE6-4814-AAB3-9CDB4526FFD0}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{664F0FB3-6567-4103-99FB-E0F6A88AD046}" = dir=out | name=check point vpn |
"{66BE11F1-510F-4C1D-AA61-D7B97206CFEE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{676C940D-A76E-48D0-A9EB-44AAE81FA618}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{677316DA-51F7-49CC-8AF0-D74B23C7A722}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{690C847B-B7EB-4531-977A-D63CEE53488D}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{6B6B9971-92E3-466F-A84D-F190184EE7D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E4197CF-DE2C-4547-9293-AD90375D40AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E6A7CB3-FB02-4607-B8B6-7CBDB5AD2FD4}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{72065031-1BF3-4F91-B949-0DE7443A32EA}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{765121A1-9431-4E6A-92DD-D958537A1DAF}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{76F48871-05FF-4977-AFF6-21A5B5A0ED2A}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{775CA523-FDE1-411D-BC63-CAF2958F7C15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78704972-0222-4386-B3F9-721BDEB9D7BC}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{7B0CA09B-E132-4AA1-8B28-59AA97CB5C57}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{7CAEC4AE-F903-473B-9F79-63C399B93DEC}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{%systemroot%\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81745F76-7945-4980-A56F-89ED4C243964}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{850FB24E-DFBA-489C-B8DA-B50B2CD2261E}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E340628-A9D0-4E77-AC9A-31DDBC94B31C}" = dir=in | name=skype |
"{8EBDD8A8-B44B-4EEA-9F9A-BB4CF7EC2A11}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
"{8F5B20FB-D06F-4A66-9AE6-C1D10CC30587}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F83C62F-1FC9-402D-93A0-A0582238E0B6}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{932031F5-FE98-4D54-9237-23D1C55276A0}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{9350E4BC-2298-482C-B9F3-3F67D6A4C332}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{9677F85B-46DF-4BAB-853F-F0A61CB71357}" = dir=out | name=skype |
"{995C41D1-1C9B-4642-B5AE-263576CB30E8}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{999D34C0-EB13-4354-A7F6-6453768EE77A}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{9B15F693-7BE6-4C83-ACC0-C481A95321E0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9B446C7A-662D-4D47-8248-AEF6710F125F}" = protocol=6 | dir=in | app=c:\users\brown\appdata\roaming\utorrent\utorrent.exe |
"{9C30A716-7A08-442F-AB9A-ED41B7C6E960}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{9CB98EB1-76BA-45FA-9391-B9A04A88E8F7}" = protocol=17 | dir=in | app=c:\users\brown\appdata\roaming\utorrent\utorrent.exe |
"{9CD09840-B549-4F75-9EEB-6BE3B543DAE8}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{9D8589F9-ED79-475F-A601-D0F66BE76BA9}" = dir=out | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{9DB01B8E-F91A-44CB-A9E2-A10EE600F0C0}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9F182844-26CD-4947-91EE-B40307AD6E62}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{A05CC6EE-E547-407F-9EBC-FFAD32EFB060}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A1E6D025-F1EC-4EEF-B328-26F9D7A1974E}" = dir=in | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{A84ED02A-92A2-46C9-89F4-19A67539B113}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system |
"{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AE797B07-373F-48D2-B963-7946426436FE}" = dir=in | name=juniper networks junos pulse |
"{AE92D491-5468-489E-96EB-7522D0BDF9CB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AFFD7719-258D-4210-B263-9552EE218700}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B1476847-1BD3-4309-9917-615C1B001B81}" = dir=out | name=@{microsoft.bingweather_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4CAD245-DD01-4A1A-8F18-5A31ADD13659}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6632CFB-E953-40DA-B2C1-842A414E060D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B7E17F99-E727-430E-9373-46F56A15B586}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8B4E785-9232-4B9A-8B01-74C63AC2AA26}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{C0A6FE5E-06E4-4EFE-9449-6FEF41052543}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C166BAB6-C94C-4B0C-9F1D-FEB738A997AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C362C2A4-3C16-4AAD-A1C1-DDF9BEC3ACDA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{C50E56BF-5F6B-4A77-A552-23D8B2C77C17}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB11A757-4993-4056-8E79-52CC8DB749D1}" = dir=out | name=juniper networks junos pulse |
"{CB1DEBAC-520A-44F2-AEB9-2551139BB1D8}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{CB57CE6F-6BFC-4157-89E3-0A8891A1EB1D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD8F8CB7-9718-4040-B179-C821F15A0F23}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{CE0C4D17-30B6-4717-A1FE-53B1AA107C5D}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{D1E06268-CBDE-4B10-9329-14451FE719D1}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DA1BBC98-EB79-4A3F-BF69-C1CC476E7C33}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DC53D336-FB5F-428B-B947-4B3AACAE29A4}" = dir=out | name=f5 vpn |
"{DC909DEF-D812-4E4D-BC4A-FC085D65C942}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{DEC1F62D-9BDD-4648-B9A6-D376CA404D1A}" = dir=out | name=@{microsoft.bingsports_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{DF9FD56C-4CE2-4676-BECD-ED6C5BAF575A}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{DFA53B76-5BEB-4CB0-8F93-55034A9398D2}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E0870012-E622-4168-919E-4A5C21DE26AC}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{E16975CB-FCCA-44FD-B75D-DA6610274F73}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E38AD9C5-E8A6-4076-A4CB-0A1ADF416DE0}" = dir=in | name=sonicwall mobile connect |
"{E4D08561-A2A9-458F-B206-9BD74CE07FAF}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{E77E2F84-3A96-4698-A0E0-53AC75B5AA06}" = dir=out | name=@{microsoft.bingnews_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{%systemroot%\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E893794C-B5AF-461C-8C0F-59522869C54A}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{EBAB2809-DA2D-44EE-A939-02EA3FF33197}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EBAD5059-D3C1-4A4E-A3CF-69FDAAA20EDA}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ED0A56D2-D2DC-43D9-98B5-6FE0473B302C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED807402-BF6D-4888-ACEE-089BD71E5765}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F04FF152-7AF7-4E3E-985E-3660A356021F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F460A4C3-06A0-4302-8FCC-DC0EF126D025}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F55FE2E3-9C5B-432E-9DD3-32AE7B7B9DC5}" = dir=out | name=skype |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6B6819F-CDC3-4B0A-901C-60BA6CB48883}" = dir=out | name=windows_ie_ac_001 |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F8709567-33D0-46E9-AA4F-AC18CFB54595}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F9FBD52E-7F09-4DF5-83C0-40586FEB998E}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{FC1759E7-36E8-46F4-82F1-D402E08C41B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FCABA2E6-4506-4090-B6A7-D05361E58593}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{FCEE676A-D169-4B8B-BAFC-87362249E619}" = protocol=6 | dir=out | app=system |
"{FDBF22E2-B6B1-4194-A4EB-10F4FDD5563A}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{FEA98A47-CB80-4A50-A70B-BA0B09AA17F6}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{FEEEC84E-AEE4-4880-8576-353DE414DA63}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"TCP Query User{2E95FB51-9DFF-480F-ABA2-4609A96CA48A}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |
"TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"TCP Query User{877BF242-F2A6-46DE-A75F-F3DBF8967A8E}C:\users\brown\appdata\local\temp\nst7901.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\brown\appdata\local\temp\nst7901.tmp\setup.exe |
"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"TCP Query User{E4714ADC-D31E-483B-BED7-EE134571BD0A}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{E6AB7401-C135-4241-AF25-1CA6C1318116}C:\users\brown\appdata\local\temp\nskd03a.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\brown\appdata\local\temp\nskd03a.tmp\setup.exe |
"UDP Query User{04870D66-C8F2-469A-BBEE-DB139BBAEF25}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{278968E5-ACC5-4E65-81F4-BF8B008A25A8}C:\users\brown\appdata\local\temp\nst7901.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\brown\appdata\local\temp\nst7901.tmp\setup.exe |
"UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"UDP Query User{89AC2C92-026D-4372-AE29-8BF41050C115}C:\users\brown\appdata\local\temp\nskd03a.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\brown\appdata\local\temp\nskd03a.tmp\setup.exe |
"UDP Query User{FEB8EECD-498F-412B-B5E5-14E3A05D8ED8}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{98BB5224-BC5D-4028-9D20-536C1C263AA9}" = Classic Shell
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"418374E8BD1F08FCA12E6AEC5F8FD985D836DC4B" = ENE CIR Receiver Driver
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.11
"{1B729E3D-B16D-3A41-A9AE-6AEC20C6580D}" = Google Chrome
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}" = Lenovo USB2.0 UVC Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Blacksilk USB Keyboard Driver
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B88AD4F5-58A6-425D-9282-92228FEB7067}" = Lenovo Silver Silk Wireless Keyboard
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"{FF1194C3-E958-442E-A074-D532608A9370}" = Lenovo_Wireless_Driver
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.5
"AVerMedia H334 MiniCard Hybrid TV Tuner" = AVerMedia H334 MiniCard Hybrid TV Tuner 10.2.64.70
"AVerMedia H339 Hybrid Analog/ATSC/QAM" = AVerMedia H339 Hybrid Analog/ATSC/QAM 2.2.64.82
"AVerMedia H339 Hybrid Analog/DVBT" = AVerMedia H339 Hybrid Analog/DVBT 2.2.64.82
"ImgBurn" = ImgBurn
"InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067}" = Lenovo Silver Silk Wireless Keyboard
"iSafe" = YAC
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.2.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"Picasa 3" = Picasa 3
"Steam" = Steam
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"VLC media player" = VLC media player 2.1.2
"Winamp" = Winamp
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2172578277-3556371044-303664867-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"Spotify" = Spotify
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 12/24/2013 6:06:09 PM | Computer Name = Family | Source = DCOM | ID = 10010
Description =

Error - 12/24/2013 6:06:39 PM | Computer Name = Family | Source = DCOM | ID = 10010
Description =

Error - 12/24/2013 6:07:09 PM | Computer Name = Family | Source = DCOM | ID = 10010
Description =

< End of report >

Broni · Dec 24, 2013

Reinstall AVG as soon as possible.

OTL logs are clean.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Chris Corson · Dec 24, 2013

This is the log Security Check gave me,not supported I am assuming:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Chris Corson · Dec 24, 2013

Farbar Service Scanner Version: 05-12-2013
Ran by Brown (administrator) on 24-12-2013 at 18:20:39
Running from "C:\Users\Brown\Downloads"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: "%SystemRoot%\System32\svchost.exe -k secsvcs".

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-22 08:25] - [2013-08-22 08:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-14 02:28] - [2013-11-14 02:28] - 2551640 ____A (Microsoft Corporation) 6617F44D2432C529B2249A0498B6B40A
C:\Windows\System32\dnsrslvr.dll
[2013-11-14 02:28] - [2013-11-14 02:28] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-14 02:23] - [2013-11-14 02:23] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-11-14 02:28] - [2013-11-14 02:28] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll
[2013-11-14 02:29] - [2013-11-14 02:29] - 0433664 ____A (Microsoft Corporation) F4414F57DF2CECB8FC969AA43A6B0D50
C:\Windows\System32\iphlpsvc.dll
[2013-11-14 02:29] - [2013-11-14 02:29] - 0903168 ____A (Microsoft Corporation) DFC4050D58565ADBEE793A8D4AEBDAE6
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Chris Corson · Dec 24, 2013

ESET found no threats.

Chris Corson · Dec 24, 2013

Not gonna touch anything till I hear from you again,everything has been in a very sad state.

Broni · Dec 24, 2013

everything has been in a very sad state.

Explain please.

Chris Corson · Dec 24, 2013

Windows services are constantly hijacked and/or unusable (can't update,use the app store,update windows defender,etc..),computer is very sluggish,can't install or operate certain programs properly(ITunes,etc...),Internet Explorer is glitchy and constantly freezes and hangs up,task manager is constantly showing high memory usage despite the fact essentially nothing is running besides core services and antivirus,etc........It just has been running like absolute garbage for awhile now.I have literally tried everything I can think of,just don't know what to do.When I run Regrun Warrior it always finds that services.exe,explorer.exe,and the Volume Boot Record are infected with a rootkit,but once I attempt to repair them I am forced to resort to doing a clean install and it all just returns again.

Broni · Dec 24, 2013

None of our tools indicates any MBR issue nor I don't see any rootkit presence.
In fact there was not much wrong with your computer (malware-wise) to start with.

I suspect you may have some hardware issue. But...

In this forum, we make sure, your computer is free of malware and your computer is clean

Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Chris Corson · Dec 24, 2013

Also: Windows automatic repair and system restore have not worked on my computer in a very long time.

Chris Corson · Dec 24, 2013

Ok,thanks for everything

Broni · Dec 25, 2013

Chris Corson · Jan 4, 2014

I ran some MBR scans and have a couple logs....could you help me interpret them?

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version:
Windows Information: (build 9200), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 10110
Logical Drives Mask: 0x00000014
Kernel Drivers (total 141):
0xE1002000 \SystemRoot\system32\ntoskrnl.exe
0xE1785000 \SystemRoot\system32\hal.dll
0xE06AB000 \SystemRoot\system32\kd.dll
0x000AB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00111000 \SystemRoot\System32\drivers\werkernel.sys
0x0011F000 \SystemRoot\System32\drivers\CLFS.SYS
0x00181000 \SystemRoot\System32\drivers\tm.sys
0x001A3000 \SystemRoot\system32\PSHED.dll
0x001B8000 \SystemRoot\system32\BOOTVID.dll
0x00000000 \SystemRoot\system32\CI.dll
0x002C7000 \SystemRoot\System32\drivers\msrpc.sys
0x00324000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00200000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00211000 \SystemRoot\System32\Drivers\acpiex.sys
0x00229000 \SystemRoot\System32\Drivers\WppRecorder.sys
0x00234000 \SystemRoot\System32\drivers\ACPI.sys
0x002B9000 \SystemRoot\System32\drivers\WMILIB.SYS
0x00459000 \SystemRoot\System32\Drivers\cng.sys
0x004EF000 \SystemRoot\System32\drivers\msisadrv.sys
0x004F9000 \SystemRoot\System32\drivers\pci.sys
0x00542000 \SystemRoot\System32\drivers\vdrvroot.sys
0x0054F000 \SystemRoot\system32\drivers\pdc.sys
0x0056B000 \SystemRoot\System32\drivers\partmgr.sys
0x00583000 \SystemRoot\System32\drivers\spaceport.sys
0x005E0000 \SystemRoot\System32\drivers\volmgr.sys
0x00684000 \SystemRoot\System32\drivers\volmgrx.sys
0x006E3000 \SystemRoot\System32\drivers\pciide.sys
0x006EB000 \SystemRoot\System32\drivers\PCIIDEX.SYS
0x006FA000 \SystemRoot\System32\drivers\mountmgr.sys
0x00715000 \SystemRoot\System32\drivers\atapi.sys
0x0071F000 \SystemRoot\System32\drivers\ataport.SYS
0x00754000 \SystemRoot\System32\drivers\EhStorClass.sys
0x0076E000 \SystemRoot\system32\drivers\fltmgr.sys
0x007CA000 \SystemRoot\System32\drivers\fileinfo.sys
0x00600000 \SystemRoot\system32\drivers\WdFilter.sys
0x00828000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00A1E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00A39000 \SystemRoot\System32\drivers\pcw.sys
0x00A49000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x00A54000 \SystemRoot\system32\drivers\ndis.sys
0x00B6C000 \SystemRoot\system32\drivers\NETIO.SYS
0x00644000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x00C30000 \SystemRoot\System32\drivers\tcpip.sys
0x00EAE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x00F1A000 \SystemRoot\system32\DRIVERS\wfplwfs.sys
0x00F3F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00400000 \SystemRoot\System32\drivers\volsnap.sys
0x010C9000 \SystemRoot\System32\drivers\rdyboost.sys
0x0110E000 \SystemRoot\System32\Drivers\mup.sys
0x01125000 \SystemRoot\System32\drivers\intelpep.sys
0x01140000 \SystemRoot\System32\drivers\disk.sys
0x0115C000 \SystemRoot\System32\drivers\CLASSPNP.SYS
0x011B2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x01000000 \SystemRoot\System32\drivers\cdrom.sys
0x0102E000 \SystemRoot\System32\Drivers\Null.SYS
0x01037000 \SystemRoot\System32\Drivers\Beep.SYS
0x0103F000 \SystemRoot\System32\drivers\BasicRender.sys
0x01477000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x01400000 \SystemRoot\System32\drivers\watchdog.sys
0x01412000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0104D000 \SystemRoot\System32\drivers\BasicDisplay.sys
0x0105F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x015F2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01073000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01093000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0168E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x016DA000 \SystemRoot\system32\drivers\afd.sys
0x0176D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01797000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x017AF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01600000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01670000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0167E000 \SystemRoot\System32\drivers\npsvctrig.sys
0x017C0000 \SystemRoot\System32\drivers\mssmbios.sys
0x017CC000 \SystemRoot\System32\Drivers\dfsc.sys
0x010B1000 \SystemRoot\system32\DRIVERS\ahcache.sys
0x010A1000 \SystemRoot\System32\drivers\CompositeBus.sys
0x017F2000 \SystemRoot\system32\DRIVERS\kdnic.sys
0x00FD2000 \SystemRoot\System32\drivers\umbus.sys
0x018A5000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x01CC7000 \SystemRoot\System32\Drivers\fastfat.SYS
0x01D00000 \SystemRoot\System32\drivers\HECIx64.sys
0x01D11000 \SystemRoot\System32\drivers\usbehci.sys
0x01D29000 \SystemRoot\System32\drivers\USBPORT.SYS
0x01D98000 \SystemRoot\System32\drivers\HDAudBus.sys
0x01E84000 \SystemRoot\system32\DRIVERS\rtwlane.sys
0x02074000 \SystemRoot\System32\drivers\vwifibus.sys
0x02081000 \SystemRoot\system32\DRIVERS\Rt630x64.sys
0x02115000 \SystemRoot\System32\drivers\i8042prt.sys
0x02134000 \SystemRoot\System32\drivers\kbdclass.sys
0x02144000 \SystemRoot\System32\drivers\intelppm.sys
0x02162000 \SystemRoot\System32\drivers\NdisVirtualBus.sys
0x0216D000 \SystemRoot\System32\drivers\swenum.sys
0x0216F000 \SystemRoot\System32\drivers\ks.sys
0x021BB000 \SystemRoot\System32\drivers\iwdbus.sys
0x021C7000 \SystemRoot\System32\drivers\rdpbus.sys
0x01E00000 \SystemRoot\System32\drivers\usbhub.sys
0x01E6B000 \SystemRoot\System32\drivers\USBD.SYS
0x01800000 \SystemRoot\system32\drivers\HdAudio.sys
0x01DB1000 \SystemRoot\system32\drivers\portcls.sys
0x021D2000 \SystemRoot\system32\drivers\drmk.sys
0x021EE000 \SystemRoot\system32\drivers\ksthunk.sys
0x01E77000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x021F4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x01866000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00109000 \SystemRoot\System32\win32k.sys
0x0187C000 \SystemRoot\System32\drivers\HIDPARSE.SYS
0x011C7000 \SystemRoot\System32\drivers\usbccgp.sys
0x01884000 \SystemRoot\System32\drivers\hidusb.sys
0x00C00000 \SystemRoot\System32\drivers\HIDCLASS.SYS
0x01892000 \SystemRoot\System32\drivers\kbdhid.sys
0x011F1000 \SystemRoot\System32\drivers\mouhid.sys
0x00C1F000 \SystemRoot\System32\drivers\mouclass.sys
0x00FE3000 \SystemRoot\System32\drivers\monitor.sys
0x00722000 \SystemRoot\System32\TSDDD.dll
0x008BA000 \SystemRoot\System32\cdd.dll
0x001C2000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00800000 \SystemRoot\system32\drivers\usbaudio.sys
0x01134000 \SystemRoot\System32\drivers\MTConfig.sys
0x022EB000 \SystemRoot\system32\drivers\luafv.sys
0x0230F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02323000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02395000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x023A9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x023C1000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02481000 \SystemRoot\system32\drivers\HTTP.sys
0x0257B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0259B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x025B2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0224B000 \SystemRoot\system32\drivers\Ndu.sys
0x02671000 \SystemRoot\system32\drivers\peauth.sys
0x0271A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02725000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02768000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02A6F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x02B1C000 \SystemRoot\System32\DRIVERS\srv.sys
0x02BB4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02BE1000 \SystemRoot\System32\drivers\condrv.sys
0x02A00000 \SystemRoot\system32\Drivers\WdNisDrv.sys
Processes (total 37):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
372 csrss.exe
436 C:\Windows\System32\wininit.exe
444 csrss.exe
512 C:\Windows\System32\winlogon.exe
520 C:\Windows\System32\services.exe
544 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\svchost.exe
656 C:\Windows\System32\svchost.exe
744 dwm.exe
760 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\spoolsv.exe
1032 C:\Windows\System32\svchost.exe
1272 dasHost.exe
1348 C:\Program Files\Windows Defender\MsMpEng.exe
1652 C:\Windows\System32\svchost.exe
1984 C:\Windows\System32\taskhostex.exe
2140 C:\Windows\explorer.exe
2240 C:\Program Files\Windows Defender\NisSrv.exe
2316 C:\Windows\System32\SearchIndexer.exe
2660 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2772 C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
2984 C:\Windows\System32\svchost.exe
3048 C:\Windows\System32\igfxtray.exe
3068 C:\Windows\System32\igfxsrvc.exe
2080 C:\Windows\System32\hkcmd.exe
2312 C:\Windows\System32\igfxpers.exe
1448 C:\Windows\System32\audiodg.exe
492 C:\Users\Family-PC\Downloads\MBRCheck.exe
1884 C:\Windows\System32\conhost.exe
2972 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`21100000 (NTFS)
PhysicalDrive0 Model Number: ST1000DM003-1CH162, Rev: CC56
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Code:

MBRScan v1.1.1
OS  : Windows 8  (64 bit)
PROCESSOR  : Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
BOOT  : Normal Boot
DATE  : 2014/01/04 (ISO 8601) at 21:37:07
________________________________________________________________________________
DISK  : Device\Harddisk0\DR0 __ST1000DM003-1CH162 (CC56)
BUS_TYPE  : (0x03)  P-ATA
USE_PIO  : NO
MAX_TRANSFER  : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 931.5 Go  [Fixed] ==> 7 MBR Code
MBR_MD5  : BED68CE91C2E053FD69123AA25624B63
MBR_SHA1  : 4D2072E7DB9739F83700EE892AB6CE936568B0D9
Device\Harddisk0\Partition1 2.00 To   0xEE EFI GPT[1] 
________________________________________________________________________________
############################### Additional scan ################################
DRIVER  : C:\WINDOWS\system32\ntoskrnl.exe => Invisible on the disk
ADDRESS : 0xE1002000
SIZE  : 7.51 Mo
DRIVER  : C:\WINDOWS\system32\hal.dll => Invisible on the disk
ADDRESS : 0xE1785000
SIZE  : 444.0 Ko
DRIVER  : C:\WINDOWS\system32\kd.dll => Invisible on the disk
ADDRESS : 0xE06AB000
SIZE  : 36.0 Ko
DRIVER  : C:\WINDOWS\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x000AB000
SIZE  : 408.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\werkernel.sys => Invisible on the disk
ADDRESS : 0x00111000
SIZE  : 56.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\CLFS.SYS => Invisible on the disk
ADDRESS : 0x0011F000
SIZE  : 392.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\tm.sys => Invisible on the disk
ADDRESS : 0x00181000
SIZE  : 136.0 Ko
DRIVER  : C:\WINDOWS\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00000000
SIZE  : 544.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x002C7000
SIZE  : 372.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00324000
SIZE  : 828.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00200000
SIZE  : 68.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\acpiex.sys => Invisible on the disk
ADDRESS : 0x00211000
SIZE  : 96.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\WppRecorder.sys => Invisible on the disk
ADDRESS : 0x00229000
SIZE  : 44.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00234000
SIZE  : 532.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x002B9000
SIZE  : 40.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x00459000
SIZE  : 556.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x004EF000
SIZE  : 40.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x004F9000
SIZE  : 292.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00542000
SIZE  : 52.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\pdc.sys => Invisible on the disk
ADDRESS : 0x0054F000
SIZE  : 112.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x0056B000
SIZE  : 96.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\spaceport.sys => Invisible on the disk
ADDRESS : 0x00583000
SIZE  : 372.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x005E0000
SIZE  : 84.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00684000
SIZE  : 380.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\pciide.sys => Invisible on the disk
ADDRESS : 0x006E3000
SIZE  : 32.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x006EB000
SIZE  : 60.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x006FA000
SIZE  : 108.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x00715000
SIZE  : 40.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x0071F000
SIZE  : 212.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\EhStorClass.sys => Invisible on the disk
ADDRESS : 0x00754000
SIZE  : 104.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x0076E000
SIZE  : 368.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x007CA000
SIZE  : 88.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\WdFilter.sys => Invisible on the disk
ADDRESS : 0x00600000
SIZE  : 272.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x00828000
SIZE  : 1.96 Mo
DRIVER  : C:\WINDOWS\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x00A1E000
SIZE  : 108.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x00A39000
SIZE  : 64.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x00A49000
SIZE  : 44.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x00A54000
SIZE  : 1.09 Mo
DRIVER  : C:\WINDOWS\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x00B6C000
SIZE  : 484.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x00644000
SIZE  : 208.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x00C30000
SIZE  : 2.49 Mo
DRIVER  : C:\WINDOWS\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x00EAE000
SIZE  : 432.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\wfplwfs.sys => Invisible on the disk
ADDRESS : 0x00F1A000
SIZE  : 148.0 Ko
DRIVER  : C:\WINDOWS\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x00F3F000
SIZE  : 588.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x00400000
SIZE  : 320.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x010C9000
SIZE  : 276.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x0110E000
SIZE  : 92.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\intelpep.sys => Invisible on the disk
ADDRESS : 0x01125000
SIZE  : 60.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01140000
SIZE  : 112.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x0115C000
SIZE  : 344.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x011B2000
SIZE  : 84.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE  : 184.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0102E000
SIZE  : 36.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x01037000
SIZE  : 32.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\BasicRender.sys => Invisible on the disk
ADDRESS : 0x0103F000
SIZE  : 56.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x01477000
SIZE  : 1.48 Mo
DRIVER  : C:\WINDOWS\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE  : 72.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x01412000
SIZE  : 388.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\BasicDisplay.sys => Invisible on the disk
ADDRESS : 0x0104D000
SIZE  : 72.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x0105F000
SIZE  : 80.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x015F2000
SIZE  : 48.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01073000
SIZE  : 128.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01093000
SIZE  : 56.0 Ko
DRIVER  : C:\WINDOWS\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x0168E000
SIZE  : 304.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x016DA000
SIZE  : 588.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x0176D000
SIZE  : 168.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x01797000
SIZE  : 96.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x017AF000
SIZE  : 68.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE  : 448.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x01670000
SIZE  : 56.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\npsvctrig.sys => Invisible on the disk
ADDRESS : 0x0167E000
SIZE  : 48.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x017C0000
SIZE  : 48.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x017CC000
SIZE  : 152.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\ahcache.sys => Invisible on the disk
ADDRESS : 0x010B1000
SIZE  : 92.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x010A1000
SIZE  : 60.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\kdnic.sys => Invisible on the disk
ADDRESS : 0x017F2000
SIZE  : 44.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x00FD2000
SIZE  : 68.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x018A5000
SIZE  : 4.13 Mo
DRIVER  : C:\WINDOWS\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x01CC7000
SIZE  : 228.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\HECIx64.sys => Invisible on the disk
ADDRESS : 0x01D00000
SIZE  : 68.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x01D11000
SIZE  : 96.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x01D29000
SIZE  : 444.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x01D98000
SIZE  : 100.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\rtwlane.sys => Invisible on the disk
ADDRESS : 0x01E84000
SIZE  : 1.94 Mo
DRIVER  : C:\WINDOWS\System32\drivers\vwifibus.sys => Invisible on the disk
ADDRESS : 0x02074000
SIZE  : 52.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\Rt630x64.sys => Invisible on the disk
ADDRESS : 0x02081000
SIZE  : 592.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x02115000
SIZE  : 124.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x02134000
SIZE  : 64.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\intelppm.sys => Invisible on the disk
ADDRESS : 0x02144000
SIZE  : 120.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\NdisVirtualBus.sys => Invisible on the disk
ADDRESS : 0x02162000
SIZE  : 44.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x0216D000
SIZE  : 8.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x0216F000
SIZE  : 304.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\iwdbus.sys => Invisible on the disk
ADDRESS : 0x021BB000
SIZE  : 48.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\rdpbus.sys => Invisible on the disk
ADDRESS : 0x021C7000
SIZE  : 44.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\usbhub.sys => Invisible on the disk
ADDRESS : 0x01E00000
SIZE  : 428.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\USBD.SYS => Invisible on the disk
ADDRESS : 0x01E6B000
SIZE  : 48.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\HdAudio.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE  : 408.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x01DB1000
SIZE  : 284.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x021D2000
SIZE  : 112.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x021EE000
SIZE  : 24.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x01E77000
SIZE  : 52.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x021F4000
SIZE  : 40.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x01866000
SIZE  : 88.0 Ko
DRIVER  : C:\WINDOWS\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00109000
SIZE  : 4.10 Mo
DRIVER  : C:\WINDOWS\System32\drivers\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x0187C000
SIZE  : 32.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\usbccgp.sys => Invisible on the disk
ADDRESS : 0x011C7000
SIZE  : 168.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\hidusb.sys => Invisible on the disk
ADDRESS : 0x01884000
SIZE  : 56.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x00C00000
SIZE  : 124.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\kbdhid.sys => Invisible on the disk
ADDRESS : 0x01892000
SIZE  : 56.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\mouhid.sys => Invisible on the disk
ADDRESS : 0x011F1000
SIZE  : 52.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\mouclass.sys => Invisible on the disk
ADDRESS : 0x00C1F000
SIZE  : 64.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\monitor.sys => Invisible on the disk
ADDRESS : 0x00FE3000
SIZE  : 56.0 Ko
DRIVER  : C:\WINDOWS\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00722000
SIZE  : 36.0 Ko
DRIVER  : C:\WINDOWS\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x008BA000
SIZE  : 236.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x001C2000
SIZE  : 208.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\usbaudio.sys => Invisible on the disk
ADDRESS : 0x00800000
SIZE  : 120.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\MTConfig.sys => Invisible on the disk
ADDRESS : 0x01134000
SIZE  : 40.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x022EB000
SIZE  : 144.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x0230F000
SIZE  : 80.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x02323000
SIZE  : 456.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x02395000
SIZE  : 80.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x023A9000
SIZE  : 96.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x023C1000
SIZE  : 56.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x02481000
SIZE  : 1000.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x0257B000
SIZE  : 128.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x0259B000
SIZE  : 92.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x02400000
SIZE  : 432.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x025B2000
SIZE  : 228.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x02200000
SIZE  : 300.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\Ndu.sys => Invisible on the disk
ADDRESS : 0x0224B000
SIZE  : 116.0 Ko
DRIVER  : C:\WINDOWS\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x02671000
SIZE  : 676.0 Ko
DRIVER  : C:\WINDOWS\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0271A000
SIZE  : 44.0 Ko
DRIVER  : C:\WINDOWS\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x02725000
SIZE  : 268.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x02768000
SIZE  : 72.0 Ko
DRIVER  : C:\WINDOWS\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x02A6F000
SIZE  : 692.0 Ko
DRIVER  : C:\WINDOWS\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x02B1C000
SIZE  : 608.0 Ko
DRIVER  : C:\WINDOWS\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x02BB4000
SIZE  : 180.0 Ko
DRIVER  : C:\WINDOWS\System32\drivers\condrv.sys => Invisible on the disk
ADDRESS : 0x02BE1000
SIZE  : 64.0 Ko
DRIVER  : C:\WINDOWS\system32\Drivers\WdNisDrv.sys => Invisible on the disk
ADDRESS : 0x02A00000
SIZE  : 132.0 Ko
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
SystemStartOptions :  NOEXECUTE=OPTIN  NOVGA
________________________________________________________________________________
_______MBR  \Device\Harddisk0\DR0 
0x00000000  33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00  3À.Ð¼.|.À.Ø¾.|¿.
0x00000010  06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00  .¹..üó¤Ph..Ëû¹..
0x00000020  BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10  ½¾..~..|......Å.
0x00000030  E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00  âñÍ..V.UÆF..ÆF..
0x00000040  B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09  ´A»ªUÍ.]r..ûUªu.
0x00000050  F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74  ÷Á..t.þF.f`.~..t
0x00000060  26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00  &fh....f.v.h..h.
0x00000070  7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13  |h..h..´B.V..ôÍ.
0x00000080  9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00  ..Ä..ë.¸..».|.V.
0x00000090  8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE  .v..N..n.Í.fas.þ
0x000000A0  4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84  N.u..~......².ë.
0x000000B0  55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55  U2ä.V.Í.]ë..>þ}U
0x000000C0  AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64  ªun.v.è..u.ú°Ñæd
0x000000D0  E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75  è..°ßæ`è|.°.ædèu
0x000000E0  00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54  .û¸.»Í.f#Àu;f.ûT
0x000000F0  43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00  CPAu2.ù..r,fh.».
0x00000100  00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66  .fh....fh....fSf
0x00000110  53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66  SfUfh....fh.|..f
0x00000120  61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD  ah...Í.Z2öê.|..Í
0x00000130  18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4  ..·.ë..¶.ë..µ.2ä
0x00000140  05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD  ....ð¬<.t.»..´.Í
0x00000150  10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8  .ëòôëý+Éädë.$.àø
0x00000160  24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69  $.ÃInvalid parti
0x00000170  74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72  tion table.Error
0x00000180  20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69  loading operati
0x00000190  6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E  ng system.Missin
0x000001A0  67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74  g operating syst
0x000001B0  65 6D 00 00 00 63 7B 9A F1 D6 F3 E5 00 00 00 00  em...c{.ñÖóå....
0x000001C0  02 00 EE FF FF FF 01 00 00 00 FF FF FF FF 00 00  ..î.............
0x000001D0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0x000001E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0x000001F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA  ..............Uª
__________________________16_BIT_ASM_CODE
  
0x0000  33c0  XOR AX, AX  
0x0002  8ed0  MOV SS, AX  
0x0004  bc 007c  MOV SP, 0x7c00  
0x0007  8ec0  MOV ES, AX  
0x0009  8ed8  MOV DS, AX  
0x000B  be 007c  MOV SI, 0x7c00  
0x000E  bf 0006  MOV DI, 0x600  
0x0011  b9 0002  MOV CX, 0x200  
0x0014  fc  CLD  
0x0015  f3 a4  REP MOVSB  
0x0017  50  PUSH AX  
0x0018  68 1c06  PUSH 0x61c  
0x001B  cb  RETF  
0x001C  fb  STI  
0x001D  b9 0400  MOV CX, 0x4  
0x0020  bd be07  MOV BP, 0x7be  
0x0023  807e 00 00  CMP BYTE [BP+0x0], 0x0  
0x0027  7c 0b  JL 0x34  
0x0029  0f85 0e01  JNZ 0x13b  
0x002D  83c5 10  ADD BP, 0x10  
0x0030  e2 f1  LOOP 0x23  
0x0032  cd 18  INT 0x18  
0x0034  8856 00  MOV [BP+0x0], DL  
0x0037  55  PUSH BP  
0x0038  c646 11 05  MOV BYTE [BP+0x11], 0x5  
0x003C  c646 10 00  MOV BYTE [BP+0x10], 0x0  
0x0040  b4 41  MOV AH, 0x41  
0x0042  bb aa55  MOV BX, 0x55aa  
0x0045  cd 13  INT 0x13  
0x0047  5d  POP BP  
0x0048  72 0f  JB 0x59  
0x004A  81fb 55aa  CMP BX, 0xaa55  
0x004E  75 09  JNZ 0x59  
0x0050  f7c1 0100  TEST CX, 0x1  
0x0054  74 03  JZ 0x59  
0x0056  fe46 10  INC BYTE [BP+0x10]  
0x0059  66 60  PUSHAD  
0x005B  807e 10 00  CMP BYTE [BP+0x10], 0x0  
0x005F  74 26  JZ 0x87  
0x0061  66 68 00000000  PUSH 0x0  
0x0067  66 ff76 08  PUSH DWORD [BP+0x8]  
0x006B  68 0000  PUSH 0x0  
0x006E  68 007c  PUSH 0x7c00  
0x0071  68 0100  PUSH 0x1  
0x0074  68 1000  PUSH 0x10  
0x0077  b4 42  MOV AH, 0x42  
0x0079  8a56 00  MOV DL, [BP+0x0]  
0x007C  8bf4  MOV SI, SP  
0x007E  cd 13  INT 0x13  
0x0080  9f  LAHF  
0x0081  83c4 10  ADD SP, 0x10  
0x0084  9e  SAHF  
0x0085  eb 14  JMP 0x9b  
0x0087  b8 0102  MOV AX, 0x201  
0x008A  bb 007c  MOV BX, 0x7c00  
0x008D  8a56 00  MOV DL, [BP+0x0]  
0x0090  8a76 01  MOV DH, [BP+0x1]  
0x0093  8a4e 02  MOV CL, [BP+0x2]  
0x0096  8a6e 03  MOV CH, [BP+0x3]  
0x0099  cd 13  INT 0x13  
0x009B  66 61  POPAD  
0x009D  73 1c  JAE 0xbb  
0x009F  fe4e 11  DEC BYTE [BP+0x11]  
0x00A2  75 0c  JNZ 0xb0  
0x00A4  807e 00 80  CMP BYTE [BP+0x0], 0x80  
0x00A8  0f84 8a00  JZ 0x136  
0x00AC  b2 80  MOV DL, 0x80  
0x00AE  eb 84  JMP 0x34  
0x00B0  55  PUSH BP  
0x00B1  32e4  XOR AH, AH  
0x00B3  8a56 00  MOV DL, [BP+0x0]  
0x00B6  cd 13  INT 0x13  
0x00B8  5d  POP BP  
0x00B9  eb 9e  JMP 0x59  
0x00BB  813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55  
0x00C1  75 6e  JNZ 0x131  
0x00C3  ff76 00  PUSH WORD [BP+0x0]  
0x00C6  e8 8d00  CALL 0x156  
0x00C9  75 17  JNZ 0xe2  
0x00CB  fa  CLI  
0x00CC  b0 d1  MOV AL, 0xd1  
0x00CE  e6 64  OUT 0x64, AL  
0x00D0  e8 8300  CALL 0x156  
0x00D3  b0 df  MOV AL, 0xdf  
0x00D5  e6 60  OUT 0x60, AL  
0x00D7  e8 7c00  CALL 0x156  
0x00DA  b0 ff  MOV AL, 0xff  
0x00DC  e6 64  OUT 0x64, AL  
0x00DE  e8 7500  CALL 0x156  
0x00E1  fb  STI  
0x00E2  b8 00bb  MOV AX, 0xbb00  
0x00E5  cd 1a  INT 0x1a  
0x00E7  66 23c0  AND EAX, EAX  
0x00EA  75 3b  JNZ 0x127  
0x00EC  66 81fb 54435041CMP EBX, 0x41504354  
0x00F3  75 32  JNZ 0x127  
0x00F5  81f9 0201  CMP CX, 0x102  
0x00F9  72 2c  JB 0x127  
0x00FB  66 68 07bb0000  PUSH 0xbb07  
0x0101  66 68 00020000  PUSH 0x200  
0x0107  66 68 08000000  PUSH 0x8  
0x010D  66 53  PUSH EBX  
0x010F  66 53  PUSH EBX  
0x0111  66 55  PUSH EBP  
0x0113  66 68 00000000  PUSH 0x0  
0x0119  66 68 007c0000  PUSH 0x7c00  
0x011F  66 61  POPAD  
0x0121  68 0000  PUSH 0x0  
0x0124  07  POP ES  
0x0125  cd 1a  INT 0x1a  
0x0127  5a  POP DX  
0x0128  32f6  XOR DH, DH  
0x012A  ea 007c 0000  JMP FAR 0x0:0x7c00  
0x012F  cd 18  INT 0x18  
0x0131  a0 b707  MOV AL, [0x7b7]  
0x0134  eb 08  JMP 0x13e  
0x0136  a0 b607  MOV AL, [0x7b6]  
0x0139  eb 03  JMP 0x13e  
0x013B  a0 b507  MOV AL, [0x7b5]  
0x013E  32e4  XOR AH, AH  
0x0140  05 0007  ADD AX, 0x700  
0x0143  8bf0  MOV SI, AX  
0x0145  ac  LODSB  
0x0146  3c 00  CMP AL, 0x0  
0x0148  74 09  JZ 0x153  
0x014A  bb 0700  MOV BX, 0x7  
0x014D  b4 0e  MOV AH, 0xe  
0x014F  cd 10  INT 0x10  
0x0151  eb f2  JMP 0x145  
0x0153  f4  HLT  
0x0154  eb fd  JMP 0x153  
0x0156  2bc9  SUB CX, CX  
0x0158  e4 64  IN AL, 0x64  
0x015A  eb 00  JMP 0x15c  
0x015C  24 02  AND AL, 0x2  
0x015E  e0 f8  LOOPNZ 0x158  
0x0160  24 02  AND AL, 0x2  
0x0162  c3  RET  
0x0163  49  DEC CX  
0x0164  6e  OUTSB  
0x0165  76 61  JBE 0x1c8  
0x0167  6c  INSB  
0x0168  6964 20 7061  IMUL SP, [SI+0x20], 0x6170  
0x016D  72 74  JB 0x1e3  
0x016F  6974 69 6f6e  IMUL SI, [SI+0x69], 0x6e6f  
0x0174  2074 61  AND [SI+0x61], DH  
0x0177  626c 65  BOUND BP, [SI+0x65]  
0x017A  0045 72  ADD [DI+0x72], AL  
0x017D  72 6f  JB 0x1ee  
0x017F  72 20  JB 0x1a1  
0x0181  6c  INSB  
0x0182  6f  OUTSW  
0x0183  61  POPA  
0x0184  64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20  
0x018A  70 65  JO 0x1f1  
0x018C  72 61  JB 0x1ef  
0x018E  74 69  JZ 0x1f9  
0x0190  6e  OUTSB  
0x0191  67 2073 79  AND [EBX+0x79], DH  
0x0195  73 74  JAE 0x20b  
0x0197  65 6d  INS WORD GS:[DI], DX  
0x0199  004d 69  ADD [DI+0x69], CL  
0x019C  73 73  JAE 0x211  
0x019E  696e 67 206f  IMUL BP, [BP+0x67], 0x6f20  
0x01A3  70 65  JO 0x20a  
0x01A5  72 61  JB 0x208  
0x01A7  74 69  JZ 0x212  
0x01A9  6e  OUTSB  
0x01AA  67 2073 79  AND [EBX+0x79], DH  
0x01AE  73 74  JAE 0x224  
0x01B0  65 6d  INS WORD GS:[DI], DX  
0x01B2  0000  ADD [BX+SI], AL  
0x01B4  0063 7b  ADD [BP+DI+0x7b], AH  
0x01B7  9a f1d6 f3e5  CALL FAR 0xe5f3:0xd6f1  
0x01BC  0000  ADD [BX+SI], AL  
0x01BE  0000  ADD [BX+SI], AL  
0x01C0  0200  ADD AL, [BX+SI]  
0x01C2  ee  OUT DX, AL  
0x01C3  ff  DB 0xff  
0x01C4  ff  DB 0xff  
0x01C5  ff01  INC WORD [BX+DI]  
0x01C7  0000  ADD [BX+SI], AL  
0x01C9  00ff  ADD BH, BH  
0x01CB  ff  DB 0xff  
0x01CC  ff  DB 0xff  
0x01CD  ff00  INC WORD [BX+SI]  
0x01CF  0000  ADD [BX+SI], AL  
0x01D1  0000  ADD [BX+SI], AL  
0x01D3  0000  ADD [BX+SI], AL  
0x01D5  0000  ADD [BX+SI], AL  
0x01D7  0000  ADD [BX+SI], AL  
0x01D9  0000  ADD [BX+SI], AL  
0x01DB  0000  ADD [BX+SI], AL  
0x01DD  0000  ADD [BX+SI], AL  
0x01DF  0000  ADD [BX+SI], AL  
0x01E1  0000  ADD [BX+SI], AL  
0x01E3  0000  ADD [BX+SI], AL  
0x01E5  0000  ADD [BX+SI], AL  
0x01E7  0000  ADD [BX+SI], AL  
0x01E9  0000  ADD [BX+SI], AL  
0x01EB  0000  ADD [BX+SI], AL  
0x01ED  0000  ADD [BX+SI], AL  
0x01EF  0000  ADD [BX+SI], AL  
0x01F1  0000  ADD [BX+SI], AL  
0x01F3  0000  ADD [BX+SI], AL  
0x01F5  0000  ADD [BX+SI], AL  
0x01F7  0000  ADD [BX+SI], AL  
0x01F9  0000  ADD [BX+SI], AL  
0x01FB  0000  ADD [BX+SI], AL  
0x01FD  0055 aa  ADD [DI-0x56], DL

Broni · Jan 4, 2014

As I said before there is nothing malicious on your computer.

Chris Corson · Jan 4, 2014

Ok,thanks

Broni · Jan 4, 2014

Inactive 579 Locked/Infected files on my pc

Posts: 56,041 +516

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 56,041 +516

Similar threads