Solved Trojan:DOS/Rovnix.D - MBR Issue Remains?

[Homercliez]

Hello Everyone. Last week, I had the TrojanOS/Rovnix.D on my PC and spent several hours on this forum reviewing information about this nasty Trojan. After some investigating, I am reasonably confident that I had the same exact variant of this virus that was addressed in the thread posted below.

https://www.techspot.com/community/topics/help-trojan-dos-rovnix-d.195116/

I had the same symptoms
I had the same BSOD Code
I had the exact same results when Trying to remove via MSE (blocked by group policy)
Etc...

SO, I decided to try to remove the virus following the instructions outlined in the thread above. I did every step (less posting the logs) and ended up removing WAY more threats than I thought I would (D'oh!) !! A lot of times, my results were similar to the poster's. Well, not the logs, but at least the processes (like BSOD's in the middle of the Malwarebytes Anti-Rootkit Runs).

The only thing I did not do was paste the custom fix in the OTL tool. I was worried that the custom fix was specifically for the poster's issues.

SO, on to my point. After rescanning with several of the tools requested, everything seems to indicate my system is clean. Except my MBR still seems to be hosed. A few things I've noticed.

1. RKreport still shows an issue (I think):
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

2. I have two identical 1TB Disks. Same make, model, everything.

C: has 1,000,097,181,696 bytes
I: has 1,000,202,039,296 bytes

I'm worried that there's a hidden partition or something on C: and that the Trojan could come back (Or that it's still there!).

I would appreciate any help and/or guidance in getting this resolved. I will happily start with the instructions you have provided in the UPDATED 4-Step Viruses/Spyware/Malware Removal Preliminary Instructions thread. I just wanted to be sure that would be what was needed as a first step.

 

[Homercliez]

Okay, sorry to reply to my own post, but I decided to send the first two sets of logs as per your instructions.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.10.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Chris :: CHRIS-PC-7 [administrator]
Protection: Enabled
10/10/2013 12:31:32 PM
mbam-log-2013-10-10 (12-31-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240090
Time elapsed: 6 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Chris\Downloads\7zip_installer_1650.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
(end)

 

[Homercliez]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.40.2
Run by Chris at 14:40:00 on 2013-10-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.3951 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\nlsInterface.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\BuildNotification.exe
C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\prevhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [BuildNotification] "C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\BuildNotification.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LD/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://site02.remoteoffice.citigroup.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.13.1
TCP: Interfaces\{A2872207-C8F0-4ABE-AF57-7FADAD3D23FF} : DHCPNameServer = 192.168.13.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sbghkeln.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Chris\AppData\Local\Citrix\Plugins\92\npappdetector.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-10 701512]
R2 nlscc;Nalpeiron X64 Service;C:\Windows\System32\nlsInterface.EXE [2012-8-22 72192]
R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-2-27 1900728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-2-13 411136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-10 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2012-12-19 348160]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-12 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-7-14 1708800]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-5-18 702976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\System32\drivers\NxDrv.sys [2009-10-21 24264]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-29 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-29 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2012-7-2 16384]
S3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-10-10 18:03:02 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5D29BE3-AF03-4FEB-A297-30F524E74895}\offreg.dll
2013-10-10 17:28:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2013-10-10 17:28:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-10 17:28:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-10 17:28:04 -------- d-----w- C:\Users\Chris\AppData\Local\Programs
2013-10-10 15:10:44 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5D29BE3-AF03-4FEB-A297-30F524E74895}\mpengine.dll
2013-10-10 14:50:48 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD894628-51B6-47CF-8A32-2AF22A2C5DC5}\mpengine.dll
2013-10-10 14:13:53 -------- d-sh--w- C:\$RECYCLE.BIN
2013-10-10 13:53:35 98816 ----a-w- C:\Windows\sed.exe
2013-10-10 13:53:35 256000 ----a-w- C:\Windows\PEV.exe
2013-10-10 13:53:35 208896 ----a-w- C:\Windows\MBR.exe
2013-10-10 08:12:59 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-10-10 08:12:59 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-09 17:15:09 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-09 09:03:20 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-08 15:26:45 -------- d-----w- C:\ProgramData\Oracle
2013-10-08 15:25:42 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-10-08 15:25:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 00:57:26 -------- d-----w- C:\_OTL
2013-10-08 00:30:27 -------- d-----w- C:\Windows\ERUNT
2013-10-08 00:16:00 -------- d-----w- C:\AdwCleaner
2013-10-07 23:41:02 208216 ----a-w- C:\Windows\System32\drivers\82246316.sys
2013-10-07 21:12:59 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-07 19:05:19 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-06 04:15:56 -------- d-----w- C:\Windows\Microsoft Antimalware
2013-10-05 15:57:37 -------- d-----w- C:\ProgramData\ccqxs
2013-10-03 06:04:59 -------- d-----w- C:\ProgramData\7sDVnn37
2013-09-23 14:51:40 -------- d-----w- C:\Users\Chris\AppData\Roaming\HandBrake
2013-09-23 14:50:37 -------- d-----w- C:\Program Files\Handbrake
2013-09-21 00:49:20 -------- d-----w- C:\Program Files\Serviio
2013-09-20 23:20:25 -------- d-----w- C:\Users\Chris\AppData\Local\Plex Media Server
2013-09-20 23:15:03 -------- d-----w- C:\Users\Chris\AppData\Local\Plex
2013-09-20 23:14:24 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-09-20 23:14:24 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2013-09-20 23:12:57 -------- d-----w- C:\Program Files (x86)\Plex
2013-09-18 03:22:52 13628208 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2013-09-15 23:31:48 -------- d-----w- C:\Program Files (x86)\WinMerge
2013-09-12 06:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2013-10-09 17:15:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 17:15:30 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-08 15:25:15 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-12 07:25:40 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-07 09:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 14:40:36.50 ===============

 

[Homercliez]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2012 11:27:09 PM
System Uptime: 10/10/2013 1:02:30 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU 1 | 1573/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 346.109 GiB free.
D: is CDROM ()
I: is FIXED (NTFS) - 932 GiB total, 684.465 GiB free.
J: is Removable
K: is Removable
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2280004A&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2280004A&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP260: 10/8/2013 7:33:43 AM - Windows Update
RP261: 10/8/2013 10:24:52 AM - Installed Java 7 Update 40
RP262: 10/10/2013 3:00:43 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-zip v9.20
Acrobat.com
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Asset Services CS3
Adobe Asset Services CS4
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS3
Adobe Contribute CS4
Adobe Creative Suite 3 Web Premium
Adobe Creative Suite 4 Web Premium
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Fireworks CS3
Adobe Fireworks CS4
Adobe Flash CS3
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Fonts All x64
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.2)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Version Cue CS4 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AHV content for Acrobat and Flash
Alt.Binz 0.25.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoHotkey 1.1.09.02
Bonjour
Cisco WebEx Meetings
Connect
D3DX10
DIRECTV2PC Playback Advisor
DIRECTV2PC(TM)
Dropbox
DVD Shrink 3.2
Entity Framework Designer for Visual Studio 2012 - enu
EPSON Printer Software
FileZilla Client 3.5.3
foobar2000 v1.1.15
Fraps
Free Video Converter V 2.8
Google Chrome
Google Talk Plugin
GoToMeeting 5.4.0.1082
HandBrake 0.9.9.1
Ipswitch WS_FTP Professional 2007
iTunes
Java 7 Update 40
Java Auto Updater
Juniper Networks, Inc. Setup Client
Junk Mail filter update
kuler
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft Corporation
Microsoft Help Viewer 2.0
Microsoft Mouse and Keyboard Center
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 365 Home Premium - en-us
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.52
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.2.0.700
NEF Codec
Nikon Message Center 2
Nikon Movie Editor
NVIDIA 3D Vision Driver 327.23
NVIDIA Control Panel 327.23
NVIDIA Graphics Driver 327.23
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.14.17
NVIDIA Update Components
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OpenOffice.org 3.4
PDF Settings CS4
Photoshop Camera Raw
Photoshop Camera Raw_x64
Picasa 3
Picture Control Utility x64
Pixel Bender Toolkit
Plug-in Suite 5
Prerequisites for SSDT
Realtek High Definition Audio Driver
Recover My Files
Recuva
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Serviio
Soft Data Fax Modem with SmartCP
Spotify
Suite Shared Configuration CS4
Unity Web Player
Update for (KB2504637)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2012 (KB2781514)
VideoReDo TVSuite Version 4.20.7.638
ViewNX 2
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows XP Mode
WindowsFormsApplication2
WinMerge 2.14.0
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/8/2013 7:34:17 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
10/8/2013 7:30:23 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/8/2013 7:30:23 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
10/8/2013 12:52:06 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1629.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
10/8/2013 12:52:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/8/2013 12:20:00 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{5a5ce48b-47ed-11e1-9324-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A6A484B7-D96B-4F5A-8AE5-D554A62DF44E}' was corrupted and it has been recovered. Some data might have been lost.
10/7/2013 8:59:18 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
10/7/2013 8:58:57 PM, Error: Service Control Manager [7000] - The mbamchameleon service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
10/7/2013 8:32:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2013 8:32:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/7/2013 8:32:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/7/2013 8:32:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/7/2013 8:32:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/7/2013 8:32:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/7/2013 8:32:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/7/2013 8:31:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2013 8:31:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2013 7:57:26 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2013 9:10:54 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/10/2013 10:25:11 AM, Error: mbamchameleon [61440] -
10/10/2013 1:03:21 PM, Error: Service Control Manager [7034] - The Serviio service terminated unexpectedly. It has done this 1 time(s).
10/10/2013 1:03:09 PM, Error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the file specified.
10/10/2013 1:01:41 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/10/2013 1:01:41 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
10/10/2013 1:01:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Homercliez]

RKreport[0]

RogueKiller V8.7.2 _x64_ [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Remove -- Date : 10/10/2013 17:06:45
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Standard disk drives) - MAXTOR STM31000340AS +++++
--- User ---
[MBR] 3beef52f9f9348a8f67c118dcb917435
[BSP] 1e38d3462ed2c61859ee083e034f9647 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) (Standard disk drives) - MAXTOR STM31000340AS +++++
--- User ---
[MBR] 835cb642214b0d66e164d8a67994c166
[BSP] 51f78d52c619eea0885bb5cfa1311b5c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_10102013_170645.txt >>
RKreport[0]_D_10072013_200558.txt;RKreport[0]_H_10072013_200610.txt;RKreport[0]_S_10072013_200509.txt
RKreport[0]_S_10082013_093815.txt;RKreport[0]_S_10102013_080137.txt;RKreport[0]_S_10102013_170553.txt

 

[Homercliez]

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.10.10.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Chris :: CHRIS-PC-7 [administrator]
10/10/2013 10:25:49 AM
mbar-log-2013-10-10 (10-25-49).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 324806
Time elapsed: 1 hour(s), 30 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

 

[Broni]

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Homercliez]

Thanks! I will start this process next. Did you still want to see the System.TXT from MBAR? I started to paste it, but did not hit post yet.

 

[Broni]

No, that's fine.

 

[Homercliez]

ComboFix 13-10-09.01 - Chris 10/10/2013 19:06:34.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.3733 [GMT -5:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-09-11 to 2013-10-11 )))))))))))))))))))))))))))))))
.
.
2013-10-11 00:17 . 2013-10-11 00:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-11 00:17 . 2013-10-11 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-10 19:51 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15584E41-3A1B-4A26-96B4-7298DB8282A4}\mpengine.dll
2013-10-10 17:28 . 2013-10-10 17:28 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2013-10-10 17:28 . 2013-10-10 17:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-10 17:28 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-10 17:28 . 2013-10-10 17:28 -------- d-----w- c:\users\Chris\AppData\Local\Programs
2013-10-10 14:50 . 2013-09-16 05:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD894628-51B6-47CF-8A32-2AF22A2C5DC5}\mpengine.dll
2013-10-10 08:12 . 2013-09-22 23:28 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-10 08:12 . 2013-09-22 22:55 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-10-10 08:12 . 2013-09-22 22:54 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-10-10 08:12 . 2013-09-22 22:54 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-10-09 17:15 . 2013-10-09 17:15 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-09 09:03 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-08 15:27 . 2013-10-08 15:27 -------- d-----w- c:\users\Chris\AppData\Roaming\Oracle
2013-10-08 15:26 . 2013-10-08 15:26 -------- d-----w- c:\programdata\Oracle
2013-10-08 15:26 . 2013-10-08 15:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-08 15:25 . 2013-10-08 15:25 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-10-08 15:25 . 2013-10-08 15:25 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 15:24 . 2013-10-08 15:24 -------- d-----w- c:\programdata\McAfee
2013-10-08 00:57 . 2013-10-08 00:57 -------- d-----w- C:\_OTL
2013-10-08 00:30 . 2013-10-08 00:30 -------- d-----w- c:\windows\ERUNT
2013-10-08 00:16 . 2013-10-08 01:01 -------- d-----w- C:\AdwCleaner
2013-10-07 23:41 . 2013-10-07 23:41 208216 ----a-w- c:\windows\system32\drivers\82246316.sys
2013-10-07 21:12 . 2013-10-11 00:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-07 19:05 . 2013-10-07 19:05 -------- d-----w- c:\programdata\Malwarebytes
2013-10-06 04:15 . 2013-10-06 03:50 -------- d-----w- c:\windows\Microsoft Antimalware
2013-10-05 15:57 . 2013-10-05 15:57 -------- d-----w- c:\programdata\ccqxs
2013-10-03 06:04 . 2013-10-05 19:52 -------- d-----w- c:\programdata\7sDVnn37
2013-09-23 14:51 . 2013-09-23 15:05 -------- d-----w- c:\users\Chris\AppData\Roaming\HandBrake
2013-09-23 14:50 . 2013-09-23 14:50 -------- d-----w- c:\program files\Handbrake
2013-09-21 00:49 . 2013-09-21 00:49 -------- d-----w- c:\program files\Serviio
2013-09-20 23:20 . 2013-09-20 23:23 -------- d-----w- c:\users\Chris\AppData\Local\Plex Media Server
2013-09-20 23:15 . 2013-09-20 23:16 -------- d-----w- c:\users\Chris\AppData\Local\Plex
2013-09-20 23:14 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-09-20 23:14 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2013-09-20 23:12 . 2013-09-21 16:38 -------- d-----w- c:\program files (x86)\Plex
2013-09-15 23:31 . 2013-09-15 23:32 -------- d-----w- c:\program files (x86)\WinMerge
2013-09-12 06:17 . 2013-09-12 06:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 08:04 . 2012-01-26 15:20 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 17:15 . 2012-04-04 02:02 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 17:15 . 2012-01-28 21:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 15:25 . 2012-03-02 22:50 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-10-06 00:59 . 2013-02-27 18:27 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-09-18 03:22 . 2009-07-13 21:59 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-18 03:22 . 2011-05-21 12:01 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-09-18 03:22 . 2011-05-21 12:01 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 07:25 . 2012-01-26 16:46 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2012-01-26 16:46 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2012-01-26 16:46 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2012-01-26 16:46 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2012-01-26 16:46 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2012-01-26 16:46 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-06 07:11 . 2013-09-06 07:12 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D810538-A64C-44F4-AA0E-2BBBEE6203AA}\gapaengine.dll
2013-08-29 01:48 . 2013-10-09 17:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-22 12:21 . 2012-02-11 02:24 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-07 09:22 . 2012-01-26 15:06 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 09:25 . 2013-08-14 04:04 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 04:04 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 04:04 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 04:04 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-15 23:15 . 2013-07-15 23:15 1075424 ----a-w- c:\programdata\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-19 22:46 222832 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-19 22:46 222832 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-19 22:46 222832 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BuildNotification"="c:\program files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\BuildNotification.exe" [2012-07-27 252912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2013-9-13 158896]
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2012-12-19 629760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe;c:\windows\SYSNATIVE\nlsInterface.exe [x]
S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:15]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1515895344-2271285631-4117087887-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 14:19]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1515895344-2271285631-4117087887-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 14:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-19 22:46 261744 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-19 22:46 261744 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-19 22:46 261744 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-10-06 01:01 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-10-06 01:01 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-10-06 01:01 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.13.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sbghkeln.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Free Video Converter_is1 - c:\program files (x86)\Free Video Converter\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1515895344-2271285631-4117087887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1515895344-2271285631-4117087887-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.15"
.
[HKEY_USERS\S-1-5-21-1515895344-2271285631-4117087887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1515895344-2271285631-4117087887-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-10 19:20:55
ComboFix-quarantined-files.txt 2013-10-11 00:20
ComboFix2.txt 2013-10-10 14:13
.
Pre-Run: 371,565,793,280 bytes free
Post-Run: 371,498,348,544 bytes free
.
- - End Of File - - 6918E777204D7E59D0FB4C08BCD81DCF
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Looks clean.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Homercliez]

# AdwCleaner v3.007 - Report created 10/10/2013 at 21:49:44
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Chris - CHRIS-PC-7
# Running from : C:\Users\Chris\Downloads\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sbghkeln.default\prefs.js ]

-\\ Google Chrome v
[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [1617 octets] - [07/10/2013 19:16:18]
AdwCleaner[R1].txt - [1393 octets] - [10/10/2013 21:48:16]
AdwCleaner[S0].txt - [1656 octets] - [07/10/2013 19:18:15]
AdwCleaner[S1].txt - [1207 octets] - [10/10/2013 21:49:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1267 octets] ##########

 

[Homercliez]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Chris on Thu 10/10/2013 at 21:58:47.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox
Emptied folder: C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\sbghkeln.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/10/2013 at 22:06:45.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Homercliez]

[FONT=Calibri]OTL logfile created on: 10/10/2013 10:11:42 PM - Run 1[/FONT]

[FONT=Calibri]OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads[/FONT]

[FONT=Calibri]64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation[/FONT]

[FONT=Calibri]Internet Explorer (Version = 9.10.9200.16721)[/FONT]

[FONT=Calibri]Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]6.00 Gb Total Physical Memory | 4.40 Gb Available Physical Memory | 73.37% Memory free[/FONT]

[FONT=Calibri]12.00 Gb Paging File | 10.34 Gb Available in Paging File | 86.16% Paging File free[/FONT]

[FONT=Calibri]Paging file location(s): ?:\pagefile.sys [binary data][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)[/FONT]

[FONT=Calibri]Drive C: | 931.41 Gb Total Space | 346.08 Gb Free Space | 37.16% Space Free | Partition Type: NTFS[/FONT]

[FONT=Calibri]Drive I: | 931.51 Gb Total Space | 684.46 Gb Free Space | 73.48% Space Free | Partition Type: NTFS[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Computer Name: CHRIS-PC-7 | User Name: Chris | Logged in as Administrator.[/FONT]

[FONT=Calibri]Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans[/FONT]

[FONT=Calibri]Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Processes (SafeList) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]PRC - [2013/10/10 22:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe[/FONT]

[FONT=Calibri]PRC - [2013/10/05 19:58:35 | 000,158,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE[/FONT]

[FONT=Calibri]PRC - [2013/09/17 22:22:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[/FONT]

[FONT=Calibri]PRC - [2013/09/12 01:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[/FONT]

[FONT=Calibri]PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe[/FONT]

[FONT=Calibri]PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[/FONT]

[FONT=Calibri]PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[/FONT]

[FONT=Calibri]PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[/FONT]

[FONT=Calibri]PRC - [2012/07/26 19:41:24 | 000,252,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\BuildNotification.exe[/FONT]

[FONT=Calibri]PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[/FONT]

[FONT=Calibri]PRC - [2009/11/20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE[/FONT]

[FONT=Calibri]PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Modules (No Company Name) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]MOD - [2013/10/10 03:18:42 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c5db04fde4893300ff28045ce4f7567d\System.Windows.Forms.ni.dll[/FONT]

[FONT=Calibri]MOD - [2013/10/10 03:18:39 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d913e7d0b1d32187e0c234f8a1a581fc\System.Core.ni.dll[/FONT]

[FONT=Calibri]MOD - [2013/10/10 03:18:33 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\edb27e2c25837f79902054965d6813cd\System.Configuration.ni.dll[/FONT]

[FONT=Calibri]MOD - [2013/10/05 19:57:39 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll[/FONT]

[FONT=Calibri]MOD - [2013/10/05 19:57:35 | 000,359,080 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll[/FONT]

[FONT=Calibri]MOD - [2013/08/14 03:11:54 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll[/FONT]

[FONT=Calibri]MOD - [2013/08/14 03:11:49 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dll[/FONT]

[FONT=Calibri]MOD - [2013/08/14 03:11:48 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll[/FONT]

[FONT=Calibri]MOD - [2013/07/16 03:23:26 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll[/FONT]

[FONT=Calibri]MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\libcef.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll[/FONT]

[FONT=Calibri]MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll[/FONT]

[FONT=Calibri]MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Services (SafeList) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)[/FONT]

[FONT=Calibri]SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)[/FONT]

[FONT=Calibri]SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)[/FONT]

[FONT=Calibri]SRV:64bit: - [2013/06/09 16:05:18 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)[/FONT]

[FONT=Calibri]SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)[/FONT]

[FONT=Calibri]SRV:64bit: - [2012/12/19 11:04:06 | 000,348,160 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)[/FONT]

[FONT=Calibri]SRV:64bit: - [2012/08/12 18:53:20 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)[/FONT]

[FONT=Calibri]SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)[/FONT]

[FONT=Calibri]SRV:64bit: - [2009/11/20 15:23:40 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc)[/FONT]

[FONT=Calibri]SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)[/FONT]

[FONT=Calibri]SRV - [2013/10/09 12:15:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)[/FONT]

[FONT=Calibri]SRV - [2013/09/19 12:55:38 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)[/FONT]

[FONT=Calibri]SRV - [2013/09/17 22:22:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)[/FONT]

[FONT=Calibri]SRV - [2013/09/12 01:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)[/FONT]

[FONT=Calibri]SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)[/FONT]

[FONT=Calibri]SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)[/FONT]

[FONT=Calibri]SRV - [2012/08/12 18:50:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)[/FONT]

[FONT=Calibri]SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)[/FONT]

[FONT=Calibri]SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)[/FONT]

[FONT=Calibri]SRV - [2009/11/20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)[/FONT]

[FONT=Calibri]SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)[/FONT]

[FONT=Calibri]SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)[/FONT]

[FONT=Calibri]SRV - [2009/04/29 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)[/FONT]

[FONT=Calibri]SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)[/FONT]

[FONT=Calibri]SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Driver Services (SafeList) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)[/FONT]

[FONT=Calibri]DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)[/FONT]

[FONT=Calibri]DRV:64bit: - [2013/03/25 14:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)[/FONT]

[FONT=Calibri]DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/11/02 16:38:36 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/12/02 22:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/20 06:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/10/21 12:24:28 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NxDrv.sys -- (NxDrv)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/14 21:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/05/18 23:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/04/29 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/02/13 07:21:20 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/02/13 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/02/13 07:18:30 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DP.sys -- (HSF_DP)[/FONT]

[FONT=Calibri]DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)[/FONT]

[FONT=Calibri]DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)[/FONT]

[FONT=Calibri]DRV:64bit: - [2006/06/17 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)[/FONT]

[FONT=Calibri]DRV - [2009/09/17 18:40:52 | 000,082,416 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys -- (ntk_dtv)[/FONT]

[FONT=Calibri]DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)[/FONT]

[FONT=Calibri]DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Standard Registry (SafeList) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Internet Explorer ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}[/FONT]

[FONT=Calibri]IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC[/FONT]

[FONT=Calibri]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm[/FONT]

[FONT=Calibri]IE - HKLM\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri]IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri]IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 07 FD 66 36 C0 CD 01 [binary data][/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\..\SearchScopes\{B5DFAF1E-479C-493C-B665-0F943BF5B6F0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-1515895344-2271285631-4117087887-1001\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== FireFox ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0[/FONT]

[FONT=Calibri]FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132...d=2875&Vendorid=6413&Offerid=6894&searchterm="[/FONT]

[FONT=Calibri]FF - user.js - File not found[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found[/FONT]

[FONT=Calibri]FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)[/FONT]

[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Chris\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)[/FONT]

[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)[/FONT]

[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)[/FONT]

[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()[/FONT]

[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)[/FONT]

[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)[/FONT]

[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components[/FONT]

[FONT=Calibri]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[/FONT]

[FONT=Calibri]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components[/FONT]

[FONT=Calibri]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/05/21 15:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions[/FONT]

[FONT=Calibri][2013/09/27 11:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sbghkeln.default\extensions[/FONT]

[FONT=Calibri][2013/10/08 10:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[/FONT]

[FONT=Calibri][2013/09/19 12:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[/FONT]

[FONT=Calibri][2013/09/19 12:55:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Chrome ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]CHR - homepage: http://www.google.com/[/FONT]

[FONT=Calibri]CHR - default_search_provider: Google (Enabled)[/FONT]

[FONT=Calibri]CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}[/FONT]

[FONT=Calibri]CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},[/FONT]

[FONT=Calibri]CHR - homepage: http://www.google.com/[/FONT]

[FONT=Calibri]CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer[/FONT]

[FONT=Calibri]CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll[/FONT]

[FONT=Calibri]CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll[/FONT]

[FONT=Calibri]CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll[/FONT]

[FONT=Calibri]CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll[/FONT]

[FONT=Calibri]CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll[/FONT]

[FONT=Calibri]CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll[/FONT]

[FONT=Calibri]CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll[/FONT]

[FONT=Calibri]CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll[/FONT]

[FONT=Calibri]CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll[/FONT]

[FONT=Calibri]CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll[/FONT]

[FONT=Calibri]CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\[/FONT]

[FONT=Calibri]CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\[/FONT]

[FONT=Calibri]CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\[/FONT]

[FONT=Calibri]CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\[/FONT]

[FONT=Calibri]CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\[/FONT]

[FONT=Calibri]CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]O1 HOSTS File: ([2013/10/07 20:06:10 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts[/FONT]

[FONT=Calibri]O1 - Hosts: 127.0.0.1 localhost[/FONT]

[FONT=Calibri]O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)[/FONT]

[FONT=Calibri]O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)[/FONT]

[FONT=Calibri]O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found[/FONT]

[FONT=Calibri]O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()[/FONT]

[FONT=Calibri]O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)[/FONT]

[FONT=Calibri]O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)[/FONT]

[FONT=Calibri]O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)[/FONT]

[FONT=Calibri]O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()[/FONT]

[FONT=Calibri]O3 - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [] File not found[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O4 - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000..\Run: [BuildNotification] C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\BuildNotification.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O4 - HKU\S-1-5-21-1515895344-2271285631-4117087887-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O4 - HKU\S-1-5-21-1515895344-2271285631-4117087887-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found[/FONT]

[FONT=Calibri]O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)[/FONT]

 

[Homercliez]

[FONT=Calibri]O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)[/FONT]

[FONT=Calibri]O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()[/FONT]

[FONT=Calibri]O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3[/FONT]

[FONT=Calibri]O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-21-1515895344-2271285631-4117087887-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-21-1515895344-2271285631-4117087887-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)[/FONT]

[FONT=Calibri]O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)[/FONT]

[FONT=Calibri]O13 - gopher Prefix: missing[/FONT]

[FONT=Calibri]O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 10.40.2)[/FONT]

[FONT=Calibri]O16 - DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 1.7.0_40)[/FONT]

[FONT=Calibri]O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 1.7.0_40)[/FONT]

[FONT=Calibri]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)[/FONT]

[FONT=Calibri]O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.webex.com/client/T27LD/webex/ieatgpc1.cab (GpcContainer Class)[/FONT]

[FONT=Calibri]O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://site02.remoteoffice.citigroup.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)[/FONT]

[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.13.1[/FONT]

[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2872207-C8F0-4ABE-AF57-7FADAD3D23FF}: DhcpNameServer = 192.168.13.1[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\livecall - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\ms-help - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\msnim - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\osf - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\wlpg - No CLSID value found[/FONT]

[FONT=Calibri]O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[/FONT]

[FONT=Calibri]O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[/FONT]

[FONT=Calibri]O32 - HKLM CDRom: AutoRun - 1[/FONT]

[FONT=Calibri]O34 - HKLM BootExecute: (autocheck autochk *)[/FONT]

[FONT=Calibri]O35:64bit: - HKLM\..comfile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35:64bit: - HKLM\..exefile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35 - HKLM\..comfile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35 - HKLM\..exefile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*[/FONT]

[FONT=Calibri]O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*[/FONT]

[FONT=Calibri]O37 - HKLM\...com [@ = ComFile] -- "%1" %*[/FONT]

[FONT=Calibri]O37 - HKLM\...exe [@ = exefile] -- "%1" %*[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files/Folders - Created Within 30 Days ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2013/10/10 19:21:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[/FONT]

[FONT=Calibri][2013/10/10 19:03:19 | 005,131,844 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri][2013/10/10 12:28:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes[/FONT]

[FONT=Calibri][2013/10/10 12:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[/FONT]

[FONT=Calibri][2013/10/10 12:28:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[/FONT]

[FONT=Calibri][2013/10/10 12:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[/FONT]

[FONT=Calibri][2013/10/10 12:28:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Programs[/FONT]

[FONT=Calibri][2013/10/10 09:58:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.com[/FONT]

[FONT=Calibri][2013/10/10 08:53:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[/FONT]

[FONT=Calibri][2013/10/10 08:53:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[/FONT]

[FONT=Calibri][2013/10/10 08:53:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[/FONT]

[FONT=Calibri][2013/10/10 08:53:28 | 000,000,000 | ---D | C] -- C:\Qoobox[/FONT]

[FONT=Calibri][2013/10/08 10:27:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Oracle[/FONT]

[FONT=Calibri][2013/10/08 10:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[/FONT]

[FONT=Calibri][2013/10/08 10:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[/FONT]

[FONT=Calibri][2013/10/08 10:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[/FONT]

[FONT=Calibri][2013/10/08 10:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee[/FONT]

[FONT=Calibri][2013/10/07 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine[/FONT]

[FONT=Calibri][2013/10/07 19:57:26 | 000,000,000 | ---D | C] -- C:\_OTL[/FONT]

[FONT=Calibri][2013/10/07 19:30:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[/FONT]

[FONT=Calibri][2013/10/07 19:16:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner[/FONT]

[FONT=Calibri][2013/10/07 18:46:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[/FONT]

[FONT=Calibri][2013/10/07 18:41:02 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\82246316.sys[/FONT]

[FONT=Calibri][2013/10/07 16:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[/FONT]

[FONT=Calibri][2013/10/07 14:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[/FONT]

[FONT=Calibri][2013/10/07 14:04:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\mbar[/FONT]

[FONT=Calibri][2013/10/05 23:15:56 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware[/FONT]

[FONT=Calibri][2013/10/05 10:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ccqxs[/FONT]

[FONT=Calibri][2013/10/03 01:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\7sDVnn37[/FONT]

[FONT=Calibri][2013/10/02 12:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[/FONT]

[FONT=Calibri][2013/09/24 15:47:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Poster[/FONT]

[FONT=Calibri][2013/09/23 09:51:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\HandBrake[/FONT]

[FONT=Calibri][2013/09/23 09:50:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake[/FONT]

[FONT=Calibri][2013/09/23 09:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake[/FONT]

[FONT=Calibri][2013/09/23 09:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake[/FONT]

[FONT=Calibri][2013/09/21 11:39:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Copy_Time[/FONT]

[FONT=Calibri][2013/09/20 19:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio[/FONT]

[FONT=Calibri][2013/09/20 19:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Serviio[/FONT]

[FONT=Calibri][2013/09/20 18:20:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Plex Media Server[/FONT]

[FONT=Calibri][2013/09/20 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Plex[/FONT]

[FONT=Calibri][2013/09/20 18:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex[/FONT]

[FONT=Calibri][2013/09/19 12:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[/FONT]

[FONT=Calibri][2013/09/16 11:17:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\WinMerge[/FONT]

[FONT=Calibri][2013/09/15 18:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge[/FONT]

[FONT=Calibri][2013/09/15 18:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinMerge[/FONT]

[FONT=Calibri][2013/09/15 18:27:07 | 006,433,055 | ---- | C] (http://winmerge.org ) -- C:\Users\Chris\Documents\WinMerge-2.14.0-Setup.exe[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files - Modified Within 30 Days ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2013/10/10 21:58:44 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri][2013/10/10 21:58:44 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri][2013/10/10 21:55:42 | 000,786,598 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[/FONT]

[FONT=Calibri][2013/10/10 21:55:42 | 000,666,954 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[/FONT]

[FONT=Calibri][2013/10/10 21:55:42 | 000,123,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[/FONT]

[FONT=Calibri][2013/10/10 21:51:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[/FONT]

[FONT=Calibri][2013/10/10 21:51:00 | 536,260,607 | -HS- | M] () -- C:\hiberfil.sys[/FONT]

[FONT=Calibri][2013/10/10 21:22:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515895344-2271285631-4117087887-1000UA.job[/FONT]

[FONT=Calibri][2013/10/10 21:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[/FONT]

[FONT=Calibri][2013/10/10 19:03:22 | 005,131,844 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri][2013/10/10 18:22:06 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515895344-2271285631-4117087887-1000Core.job[/FONT]

[FONT=Calibri][2013/10/10 12:28:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]

[FONT=Calibri][2013/10/10 10:20:46 | 000,801,858 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[/FONT]

[FONT=Calibri][2013/10/10 09:58:58 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.com[/FONT]

[FONT=Calibri][2013/10/10 07:47:54 | 000,001,095 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk[/FONT]

[FONT=Calibri][2013/10/10 03:41:52 | 003,323,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[/FONT]

[FONT=Calibri][2013/10/10 02:51:54 | 000,001,326 | ---- | M] () -- C:\.dir[/FONT]

[FONT=Calibri][2013/10/08 07:43:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif[/FONT]

[FONT=Calibri][2013/10/07 20:33:26 | 000,000,000 | ---- | M] () -- C:\Windows\ViewNX2.INI[/FONT]

[FONT=Calibri][2013/10/07 20:33:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT[/FONT]

[FONT=Calibri][2013/10/07 20:06:10 | 000,000,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[/FONT]

[FONT=Calibri][2013/10/07 18:41:03 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\82246316.sys[/FONT]

[FONT=Calibri][2013/10/07 18:38:13 | 552,203,709 | ---- | M] () -- C:\Windows\MEMORY.DMP[/FONT]

[FONT=Calibri][2013/10/07 12:50:40 | 003,980,800 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKillerX64.exe[/FONT]

[FONT=Calibri][2013/10/05 22:17:49 | 000,002,330 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk[/FONT]

[FONT=Calibri][2013/10/05 12:09:40 | 000,000,051 | ---- | M] () -- C:\Users\Chris\Desktop\quickhelp.bat[/FONT]

[FONT=Calibri][2013/10/02 12:50:22 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk[/FONT]

[FONT=Calibri][2013/09/28 20:54:35 | 000,002,286 | -H-- | M] () -- C:\Users\Chris\Documents\Default.rdp[/FONT]

[FONT=Calibri][2013/09/23 09:50:39 | 000,000,824 | ---- | M] () -- C:\Users\Chris\Desktop\Handbrake.lnk[/FONT]

[FONT=Calibri][2013/09/20 19:49:25 | 000,001,843 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk[/FONT]

[FONT=Calibri][2013/09/17 22:22:44 | 000,022,814 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb[/FONT]

[FONT=Calibri][2013/09/15 18:27:22 | 006,433,055 | ---- | M] (http://winmerge.org ) -- C:\Users\Chris\Documents\WinMerge-2.14.0-Setup.exe[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files Created - No Company Name ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2013/10/10 12:28:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]

[FONT=Calibri][2013/10/10 08:53:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[/FONT]

[FONT=Calibri][2013/10/10 08:53:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[/FONT]

[FONT=Calibri][2013/10/10 08:53:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[/FONT]

[FONT=Calibri][2013/10/10 08:53:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[/FONT]

[FONT=Calibri][2013/10/10 08:53:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[/FONT]

[FONT=Calibri][2013/10/07 20:33:26 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI[/FONT]

[FONT=Calibri][2013/10/07 16:52:50 | 552,203,709 | ---- | C] () -- C:\Windows\MEMORY.DMP[/FONT]

[FONT=Calibri][2013/10/07 12:54:27 | 003,980,800 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKillerX64.exe[/FONT]

[FONT=Calibri][2013/10/05 12:09:40 | 000,000,051 | ---- | C] () -- C:\Users\Chris\Desktop\quickhelp.bat[/FONT]

[FONT=Calibri][2013/10/02 12:50:22 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk[/FONT]

[FONT=Calibri][2013/09/23 09:50:39 | 000,000,824 | ---- | C] () -- C:\Users\Chris\Desktop\Handbrake.lnk[/FONT]

[FONT=Calibri][2013/09/20 19:49:25 | 000,001,843 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk[/FONT]

[FONT=Calibri][2012/10/17 15:19:20 | 000,097,653 | ---- | C] () -- C:\ProgramData\ahudtdwjzzxutby[/FONT]

[FONT=Calibri][2012/08/19 15:59:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tables[/FONT]

[FONT=Calibri][2012/08/19 15:59:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\System Image Utility[/FONT]

[FONT=Calibri][2012/08/19 15:59:11 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\Synth Pads[/FONT]

[FONT=Calibri][2012/08/19 15:59:11 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\Synth Basics[/FONT]

[FONT=Calibri][2012/08/19 15:59:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT[/FONT]

[FONT=Calibri][2012/08/19 15:59:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT[/FONT]

[FONT=Calibri][2012/08/19 15:59:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\User Pictures[/FONT]

[FONT=Calibri][2012/08/19 15:55:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\SystemConfiguration[/FONT]

[FONT=Calibri][2012/08/19 15:55:17 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\Synth Leads[/FONT]

[FONT=Calibri][2012/08/19 15:55:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT[/FONT]

[FONT=Calibri][2012/08/19 15:55:17 | 000,000,012 | RH-- | C] () -- C:\ProgramData\URLs[/FONT]

[FONT=Calibri][2012/08/19 15:53:52 | 000,000,268 | RH-- | C] () -- C:\Users\Chris\AppData\Roaming\Transportation[/FONT]

[FONT=Calibri][2012/08/19 15:53:52 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT[/FONT]

[FONT=Calibri][2012/08/19 15:53:52 | 000,000,012 | RH-- | C] () -- C:\ProgramData\vhosts[/FONT]

[FONT=Calibri][2012/08/19 15:53:52 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Trumpet Section[/FONT]

[FONT=Calibri][2012/08/12 16:06:28 | 000,000,000 | ---- | C] () -- C:\Users\Chris\telnet[/FONT]

[FONT=Calibri][2012/08/12 16:06:12 | 000,000,000 | ---- | C] () -- C:\Users\Chris\tracert[/FONT]

[FONT=Calibri][2012/08/12 16:06:12 | 000,000,000 | ---- | C] () -- C:\Users\Chris\ping[/FONT]

[FONT=Calibri][2012/07/03 13:24:14 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll[/FONT]

[FONT=Calibri][2012/02/13 15:56:15 | 000,007,623 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat[/FONT]

[FONT=Calibri][2012/02/10 21:15:33 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini[/FONT]

[FONT=Calibri][2012/02/08 10:09:43 | 000,060,304 | ---- | C] () -- C:\Users\Chris\g2mdlhlpx.exe[/FONT]

[FONT=Calibri][2012/01/28 16:47:02 | 000,801,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== ZeroAccess Check ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[/FONT]

[FONT=Calibri]"ThreadingModel" = Both[/FONT]

[FONT=Calibri]"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[/FONT]

[FONT=Calibri]"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Apartment[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][/FONT]

[FONT=Calibri]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Apartment[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64[/FONT]

[FONT=Calibri]"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Free[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32][/FONT]

[FONT=Calibri]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Free[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64[/FONT]

[FONT=Calibri]"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Both[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== LOP Check ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2013/10/10 21:53:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox[/FONT]

[FONT=Calibri][2012/07/02 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla[/FONT]

[FONT=Calibri][2013/02/20 14:06:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\foobar2000[/FONT]

[FONT=Calibri][2012/05/06 23:11:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeVideoConverter[/FONT]

[FONT=Calibri][2013/09/23 10:05:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HandBrake[/FONT]

[FONT=Calibri][2013/03/24 14:25:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Juniper Networks[/FONT]

[FONT=Calibri][2012/09/01 23:24:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mp3tag[/FONT]

[FONT=Calibri][2012/08/19 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nikon[/FONT]

[FONT=Calibri][2012/08/26 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\onOne Software[/FONT]

[FONT=Calibri][2012/08/19 18:33:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org[/FONT]

[FONT=Calibri][2013/10/08 10:27:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Oracle[/FONT]

[FONT=Calibri][2012/09/12 17:22:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify[/FONT]

[FONT=Calibri][2012/06/28 17:05:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\VideoReDo-TVSuite4[/FONT]

[FONT=Calibri][2012/04/27 06:15:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\webex[/FONT]

[FONT=Calibri][2012/03/26 16:01:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Windows Live Writer[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Purity Check ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Alternate Data Streams ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:3440EB47[/FONT]

[FONT=Calibri]@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0888F409[/FONT]

[FONT=Calibri]@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:66633281[/FONT]

[FONT=Calibri]@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0CE7F3C9[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< End of report >[/FONT]

 

[Homercliez]

[FONT=Calibri]OTL Extras logfile created on: 10/10/2013 10:11:42 PM - Run 1[/FONT]
[FONT=Calibri]OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads[/FONT]
[FONT=Calibri]64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation[/FONT]
[FONT=Calibri]Internet Explorer (Version = 9.10.9200.16721)[/FONT]
[FONT=Calibri]Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]6.00 Gb Total Physical Memory | 4.40 Gb Available Physical Memory | 73.37% Memory free[/FONT]
[FONT=Calibri]12.00 Gb Paging File | 10.34 Gb Available in Paging File | 86.16% Paging File free[/FONT]
[FONT=Calibri]Paging file location(s): ?:\pagefile.sys [binary data][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)[/FONT]
[FONT=Calibri]Drive C: | 931.41 Gb Total Space | 346.08 Gb Free Space | 37.16% Space Free | Partition Type: NTFS[/FONT]
[FONT=Calibri]Drive I: | 931.51 Gb Total Space | 684.46 Gb Free Space | 73.48% Space Free | Partition Type: NTFS[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]Computer Name: CHRIS-PC-7 | User Name: Chris | Logged in as Administrator.[/FONT]
[FONT=Calibri]Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans[/FONT]
[FONT=Calibri]Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Extra Registry (SafeList) ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== File Associations ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][/FONT]
[FONT=Calibri].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][/FONT]
[FONT=Calibri].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri].html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_USERS\S-1-5-21-1515895344-2271285631-4117087887-1000\SOFTWARE\Classes\<extension>][/FONT]
[FONT=Calibri].html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Shell Spawning ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command][/FONT]
[FONT=Calibri]batfile [open] -- "%1" %*[/FONT]
[FONT=Calibri]cmdfile [open] -- "%1" %*[/FONT]
[FONT=Calibri]comfile [open] -- "%1" %*[/FONT]
[FONT=Calibri]exefile [open] -- "%1" %*[/FONT]
[FONT=Calibri]helpfile [open] -- Reg Error: Key error.[/FONT]
[FONT=Calibri]htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)[/FONT]
[FONT=Calibri]http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)[/FONT]
[FONT=Calibri]InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)[/FONT]
[FONT=Calibri]InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)[/FONT]
[FONT=Calibri]piffile [open] -- "%1" %*[/FONT]
[FONT=Calibri]regfile [merge] -- Reg Error: Key error.[/FONT]
[FONT=Calibri]scrfile [config] -- "%1"[/FONT]
[FONT=Calibri]scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l[/FONT]
[FONT=Calibri]scrfile [open] -- "%1" /S[/FONT]
[FONT=Calibri]txtfile [edit] -- Reg Error: Key error.[/FONT]
[FONT=Calibri]Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1[/FONT]
[FONT=Calibri]Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)[/FONT]
[FONT=Calibri]Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)[/FONT]
[FONT=Calibri]Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)[/FONT]
[FONT=Calibri]Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]Folder [explore] -- Reg Error: Value error.[/FONT]
[FONT=Calibri]Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command][/FONT]
[FONT=Calibri]batfile [open] -- "%1" %*[/FONT]
[FONT=Calibri]cmdfile [open] -- "%1" %*[/FONT]
[FONT=Calibri]comfile [open] -- "%1" %*[/FONT]
[FONT=Calibri]cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)[/FONT]
[FONT=Calibri]exefile [open] -- "%1" %*[/FONT]
[FONT=Calibri]helpfile [open] -- Reg Error: Key error.[/FONT]
[FONT=Calibri]htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)[/FONT]
[FONT=Calibri]piffile [open] -- "%1" %*[/FONT]
[FONT=Calibri]regfile [merge] -- Reg Error: Key error.[/FONT]
[FONT=Calibri]scrfile [config] -- "%1"[/FONT]
[FONT=Calibri]scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l[/FONT]
[FONT=Calibri]scrfile [open] -- "%1" /S[/FONT]
[FONT=Calibri]txtfile [edit] -- Reg Error: Key error.[/FONT]
[FONT=Calibri]Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1[/FONT]
[FONT=Calibri]Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)[/FONT]
[FONT=Calibri]Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)[/FONT]
[FONT=Calibri]Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)[/FONT]
[FONT=Calibri]Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]Folder [explore] -- Reg Error: Value error.[/FONT]
[FONT=Calibri]Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)[/FONT]
[FONT=Calibri]CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Security Center Settings ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][/FONT]
[FONT=Calibri]"cval" = 1[/FONT]
[FONT=Calibri]"FirewallDisableNotify" = 0[/FONT]
[FONT=Calibri]"AntiVirusDisableNotify" = 0[/FONT]
[FONT=Calibri]"UpdatesDisableNotify" = 0[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc][/FONT]
[FONT=Calibri]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data][/FONT]
[FONT=Calibri]"AntiVirusOverride" = 0[/FONT]
[FONT=Calibri]"AntiSpywareOverride" = 0[/FONT]
[FONT=Calibri]"FirewallOverride" = 0[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== System Restore Settings ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore][/FONT]
[FONT=Calibri]"DisableSR" = 0[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Firewall Settings ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][/FONT]
[FONT=Calibri]"DisableNotifications" = 0[/FONT]
[FONT=Calibri]"EnableFirewall" = 1[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile][/FONT]
[FONT=Calibri]"DisableNotifications" = 0[/FONT]
[FONT=Calibri]"EnableFirewall" = 1[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile][/FONT]
[FONT=Calibri]"DisableNotifications" = 0[/FONT]
[FONT=Calibri]"EnableFirewall" = 1[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Authorized Applications List ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Vista Active Open Ports Exception List ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules][/FONT]
[FONT=Calibri]"{0A755F47-F48B-4859-9A3F-720FC1FE53F9}" = rport=445 | protocol=6 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{0CC43C23-6D83-46AC-99BF-AEBFA74FBC6B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | [/FONT]
[FONT=Calibri]"{0D9D7FED-398E-422E-AA53-3B8EBA66CEBB}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | [/FONT]
[FONT=Calibri]"{0D9F3C33-9FF0-47EF-8E0A-CBCBA99A11B1}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | [/FONT]
[FONT=Calibri]"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{138350C8-93B5-4C08-BB15-92471CD34915}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe | [/FONT]
[FONT=Calibri]"{1C76A4AC-7668-4877-88DD-CAD75808AF2C}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | [/FONT]
[FONT=Calibri]"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{204A6AA5-9247-4962-B215-AE31E13E695F}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe | [/FONT]
[FONT=Calibri]"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | [/FONT]
[FONT=Calibri]"{349C4E3D-3929-4340-95F2-F786F0B5E2EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | [/FONT]
[FONT=Calibri]"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp | [/FONT]
[FONT=Calibri]"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{3BB175EC-7F78-4222-B224-568D251323A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | [/FONT]
[FONT=Calibri]"{3CAB7EDD-22CE-4DF7-A38E-DA55D2556C5A}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | [/FONT]
[FONT=Calibri]"{42B3AE2E-3898-4638-A3FF-07D7AAEF5D97}" = rport=139 | protocol=6 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{42CF99E6-E731-4701-B41C-885937FE70A1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | [/FONT]
[FONT=Calibri]"{45239EF0-E1E6-421C-B44D-566AEE49FF0B}" = lport=445 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{45EC2D2E-1492-4AE7-8AC9-686E86CB0CDB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | [/FONT]
[FONT=Calibri]"{47BB7D5F-B837-4004-AB61-8D1C0728DAF7}" = lport=139 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{59FB0036-94C7-45E4-BD46-9CB20BAFF5FE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | [/FONT]
[FONT=Calibri]"{5E320678-DA5E-40E0-8798-36252CB6243A}" = lport=137 | protocol=17 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp | [/FONT]
[FONT=Calibri]"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{8B634A73-E53E-4251-9784-FE13A3416ABD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | [/FONT]
[FONT=Calibri]"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | [/FONT]
[FONT=Calibri]"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{A0AB8E06-EB9A-4A46-9F76-36461C0CFC97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{A5544F99-BDFC-491C-8C23-E82D1C7EBFAA}" = rport=138 | protocol=17 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{C01B2D8A-F4A7-4684-94DC-C74CD95481B0}" = rport=137 | protocol=17 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | [/FONT]
[FONT=Calibri]"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | [/FONT]
[FONT=Calibri]"{CAF4FD0F-508E-419E-B228-34A942977885}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | [/FONT]
[FONT=Calibri]"{DA30E354-5274-4FEB-BEAB-F3658C6034FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | [/FONT]
[FONT=Calibri]"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | [/FONT]
[FONT=Calibri]"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{F10C02B4-0092-402D-8EDB-CB292D62E592}" = lport=138 | protocol=17 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system | [/FONT]
[FONT=Calibri]"{FEA4F62C-A73E-4F05-8709-0970BA9F2179}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Vista Active Application Exception List ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules][/FONT]
[FONT=Calibri]"{0070B26E-A880-49EC-9641-C6FD169C34F6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | [/FONT]
[FONT=Calibri]"{03017A8B-4DC0-48DE-9166-34A847BA3266}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | [/FONT]
[FONT=Calibri]"{0F7473F0-C931-4E9A-9E9B-EB14AFAACDC5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | [/FONT]
[FONT=Calibri]"{1CDDFF17-9941-4BDA-86D8-A3BD1E42075B}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | [/FONT]
[FONT=Calibri]"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Calibri]"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | [/FONT]
[FONT=Calibri]"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | [/FONT]
[FONT=Calibri]"{3A934916-7C19-4AA9-8DEB-FA836CDD8ECE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | [/FONT]
[FONT=Calibri]"{3CE5CB32-080B-49CF-9C91-C5EB5F883099}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | [/FONT]
[FONT=Calibri]"{486A3983-F4CA-4D4B-B389-E95F2981E449}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | [/FONT]
[FONT=Calibri]"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | [/FONT]
[FONT=Calibri]"{4DA3135C-FE3A-4327-9163-37CEA0209ED3}" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe | [/FONT]
[FONT=Calibri]"{4E4E41EA-87FC-4063-A971-27622B65BFAB}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | [/FONT]
[FONT=Calibri]"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | [/FONT]
[FONT=Calibri]"{51272608-C713-4FE5-A0AC-7D125352051A}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | [/FONT]
[FONT=Calibri]"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | [/FONT]
[FONT=Calibri]"{527ECD47-B3B5-4C91-B7BA-280FA45D1EB7}" = dir=in | app=c:\program files (x86)\directv\directv\vdtv.exe | [/FONT]
[FONT=Calibri]"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Calibri]"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Calibri]"{64406188-25CF-4DAE-8F59-71C572C97E41}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | [/FONT]
[FONT=Calibri]"{6CF68A1F-E45A-4E82-99F3-8C4F46E63743}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | [/FONT]
[FONT=Calibri]"{72065031-1BF3-4F91-B949-0DE7443A32EA}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | [/FONT]
[FONT=Calibri]"{7266761F-D4EC-426A-90EB-DB87BF8CCF51}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | [/FONT]
[FONT=Calibri]"{73936371-3E2E-4BAA-AD3B-A7D85C27BBA8}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | [/FONT]
[FONT=Calibri]"{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe | [/FONT]
[FONT=Calibri]"{7B0CA09B-E132-4AA1-8B28-59AA97CB5C57}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe | [/FONT]
[FONT=Calibri]"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | [/FONT]
[FONT=Calibri]"{83831B52-B6AC-4119-BC1D-865D3E19CEF9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | [/FONT]
[FONT=Calibri]"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Calibri]"{87CDC921-6C13-414A-9875-3FD43A092BF2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | [/FONT]
[FONT=Calibri]"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Calibri]"{941C6EBA-7465-4F96-8258-8DE79E239629}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | [/FONT]
[FONT=Calibri]"{95D2534C-A7EB-4A44-9934-F336DE004801}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | [/FONT]
[FONT=Calibri]"{9B15F693-7BE6-4C83-ACC0-C481A95321E0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | [/FONT]
[FONT=Calibri]"{9CD09840-B549-4F75-9EEB-6BE3B543DAE8}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe | [/FONT]
[FONT=Calibri]"{AB823EB5-66CF-41CA-8F05-AA15A07D4833}" = dir=in | app=c:\program files (x86)\directv\directv\directv2pc(tm).exe | [/FONT]
[FONT=Calibri]"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system | [/FONT]
[FONT=Calibri]"{AC76FB1F-4C9B-45C6-847A-B8D0A95AE369}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | [/FONT]
[FONT=Calibri]"{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | [/FONT]
[FONT=Calibri]"{AF177D6D-DFA2-478D-ADC1-DA6F114B389B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | [/FONT]
[FONT=Calibri]"{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | [/FONT]
[FONT=Calibri]"{B151C6DB-C993-4C87-AA7B-B331C5347F1D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | [/FONT]
[FONT=Calibri]"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | [/FONT]
[FONT=Calibri]"{B485CB12-F4DB-4200-A8CE-ECFBF112415E}" = dir=in | app=c:\users\chris\appdata\local\microsoft\skydrive\skydrive.exe | [/FONT]
[FONT=Calibri]"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | [/FONT]
[FONT=Calibri]"{B8B4E785-9232-4B9A-8B01-74C63AC2AA26}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | [/FONT]
[FONT=Calibri]"{B99495FC-FDFD-4897-8B0B-FDA65205D3B4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | [/FONT]
[FONT=Calibri]"{C4660933-E5D8-4A03-A396-D3B4A4DB3E92}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | [/FONT]
[FONT=Calibri]"{C4B13F49-ED20-4D00-83B5-81F4E53DC53F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | [/FONT]
[FONT=Calibri]"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | [/FONT]
[FONT=Calibri]"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | [/FONT]
[FONT=Calibri]"{DE6DA6FF-2F12-4B27-9633-27DE5971FB3C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | [/FONT]
[FONT=Calibri]"{E31D2190-7FC7-4249-8B3F-019B95FD28A4}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | [/FONT]
[FONT=Calibri]"{E3B843C0-5031-46CD-96F5-2C4762AA1AFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | [/FONT]
[FONT=Calibri]"{E5A3A576-D3DC-4347-928F-F6EE4997DB68}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | [/FONT]
[FONT=Calibri]"{E5D6877E-5E91-445C-9C24-89E594D86CB6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | [/FONT]
[FONT=Calibri]"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | [/FONT]
[FONT=Calibri]"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | [/FONT]
[FONT=Calibri]"{F4EA9622-9A9C-4B95-A64D-7FF5C8708859}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | [/FONT]
[FONT=Calibri]"{F8041A2A-BE06-4423-AA1A-83D278BAE9F5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | [/FONT]
[FONT=Calibri]"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | [/FONT]
[FONT=Calibri]"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | [/FONT]
[FONT=Calibri]"{F96B297F-BE9B-4A97-BCF8-4B3888991B17}" = dir=in | app=c:\program files (x86)\directv\directv\kernel\clml\vdtvrec.exe | [/FONT]
[FONT=Calibri]"{FE36D68E-CAAD-43BB-8B53-75DB5F136F64}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | [/FONT]
[FONT=Calibri]"TCP Query User{1361A5D9-62DF-4B7C-9B9B-43EF8644D3B5}C:\program files (x86)\plex\plex media center\plex.exe" = protocol=6 | dir=in | app=c:\program files (x86)\plex\plex media center\plex.exe | [/FONT]
[FONT=Calibri]"TCP Query User{563A01AB-9D24-4005-A355-12FC85CBCA46}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | [/FONT]
[FONT=Calibri]"TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe | [/FONT]
[FONT=Calibri]"TCP Query User{7341429F-DE90-45F6-AEF4-005FB7FBB3B6}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | [/FONT]
[FONT=Calibri]"TCP Query User{94E41114-1E22-4392-9915-118628738808}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | [/FONT]
[FONT=Calibri]"TCP Query User{9E310CEB-CB5E-4386-8359-64DD6274FA82}C:\users\chris\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\spotify\spotify.exe | [/FONT]
[FONT=Calibri]"TCP Query User{E038EE0D-0CE5-490B-8DD2-3B48E5BF1128}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | [/FONT]
[FONT=Calibri]"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe | [/FONT]
[FONT=Calibri]"TCP Query User{E4714ADC-D31E-483B-BED7-EE134571BD0A}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | [/FONT]
[FONT=Calibri]"TCP Query User{E6E216C7-946F-4C03-BFE8-C171B08E6E59}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | [/FONT]
[FONT=Calibri]"UDP Query User{04870D66-C8F2-469A-BBEE-DB139BBAEF25}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | [/FONT]
[FONT=Calibri]"UDP Query User{05F90C68-8883-44ED-BE91-3CBE70F9488F}C:\program files (x86)\plex\plex media center\plex.exe" = protocol=17 | dir=in | app=c:\program files (x86)\plex\plex media center\plex.exe | [/FONT]
[FONT=Calibri]"UDP Query User{186E12A1-E374-4D28-A187-6806BAA50409}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | [/FONT]
[FONT=Calibri]"UDP Query User{2C2E0821-71C5-430C-948B-04F3A7216050}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | [/FONT]
[FONT=Calibri]"UDP Query User{3284EB51-54CF-4FF7-8F0D-ECD53D0E1F06}C:\users\chris\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\spotify\spotify.exe | [/FONT]
[FONT=Calibri]"UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe | [/FONT]
[FONT=Calibri]"UDP Query User{3CEAA592-6949-41C0-A342-04BA0FD6723B}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | [/FONT]
[FONT=Calibri]"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe | [/FONT]
[FONT=Calibri]"UDP Query User{939C13A6-8C65-4C1E-B22B-671B03EF37CA}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe | [/FONT]
[FONT=Calibri]"UDP Query User{D6426748-C206-46FB-8765-E2310A0F78AC}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Calibri]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector[/FONT]
[FONT=Calibri]"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety[/FONT]
[FONT=Calibri]"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety[/FONT]
[FONT=Calibri]"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom [/FONT]
[FONT=Calibri]"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64[/FONT]
[FONT=Calibri]"{129C5584-DB98-4A98-B28F-299C45E1E355}" = Microsoft Camera Codec Pack[/FONT]
[FONT=Calibri]"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode[/FONT]
[FONT=Calibri]"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB [/FONT]
[FONT=Calibri]"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant[/FONT]
[FONT=Calibri]"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5[/FONT]
[FONT=Calibri]"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219[/FONT]
[FONT=Calibri]"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client[/FONT]
[FONT=Calibri]"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote[/FONT]
[FONT=Calibri]"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64[/FONT]
[FONT=Calibri]"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727[/FONT]
[FONT=Calibri]"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64[/FONT]
[FONT=Calibri]"{30B7A7A6-D519-3332-BEB3-D105EFC7389A}" = Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU[/FONT]
[FONT=Calibri]"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022[/FONT]
[FONT=Calibri]"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework [/FONT]
[FONT=Calibri]"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client [/FONT]
[FONT=Calibri]"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes[/FONT]
[FONT=Calibri]"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote[/FONT]
[FONT=Calibri]"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161[/FONT]
[FONT=Calibri]"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2[/FONT]
[FONT=Calibri]"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources[/FONT]
[FONT=Calibri]"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64[/FONT]
[FONT=Calibri]"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU[/FONT]
[FONT=Calibri]"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour[/FONT]

 

[Homercliez]

[FONT=Calibri]"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model[/FONT]
[FONT=Calibri]"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support[/FONT]
[FONT=Calibri]"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU[/FONT]
[FONT=Calibri]"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center[/FONT]
[FONT=Calibri]"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17[/FONT]
[FONT=Calibri]"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources[/FONT]
[FONT=Calibri]"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64[/FONT]
[FONT=Calibri]"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4[/FONT]
[FONT=Calibri]"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight[/FONT]
[FONT=Calibri]"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4[/FONT]
[FONT=Calibri]"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64[/FONT]
[FONT=Calibri]"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007[/FONT]
[FONT=Calibri]"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007[/FONT]
[FONT=Calibri]"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component[/FONT]
[FONT=Calibri]"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4[/FONT]
[FONT=Calibri]"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5[/FONT]
[FONT=Calibri]"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting[/FONT]
[FONT=Calibri]"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation[/FONT]
[FONT=Calibri]"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities [/FONT]
[FONT=Calibri]"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727[/FONT]
[FONT=Calibri]"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64[/FONT]
[FONT=Calibri]"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727[/FONT]
[FONT=Calibri]"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 327.23[/FONT]
[FONT=Calibri]"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.23[/FONT]
[FONT=Calibri]"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.23[/FONT]
[FONT=Calibri]"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.14.17[/FONT]
[FONT=Calibri]"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application[/FONT]
[FONT=Calibri]"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components[/FONT]
[FONT=Calibri]"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service [/FONT]
[FONT=Calibri]"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)[/FONT]
[FONT=Calibri]"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter[/FONT]
[FONT=Calibri]"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client[/FONT]
[FONT=Calibri]"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4[/FONT]
[FONT=Calibri]"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service[/FONT]
[FONT=Calibri]"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)[/FONT]
[FONT=Calibri]"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)[/FONT]
[FONT=Calibri]"AutoHotkey" = AutoHotkey 1.1.09.02[/FONT]
[FONT=Calibri]"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP[/FONT]
[FONT=Calibri]"EPSON Printer and Utilities" = EPSON Printer Software[/FONT]
[FONT=Calibri]"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center[/FONT]
[FONT=Calibri]"Microsoft Security Client" = Microsoft Security Essentials[/FONT]
[FONT=Calibri]"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us[/FONT]
[FONT=Calibri]"Recuva" = Recuva[/FONT]
[FONT=Calibri]"Serviio" = Serviio[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Calibri]"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3[/FONT]
[FONT=Calibri]"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4[/FONT]
[FONT=Calibri]"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3[/FONT]
[FONT=Calibri]"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4[/FONT]
[FONT=Calibri]"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4[/FONT]
[FONT=Calibri]"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting[/FONT]
[FONT=Calibri]"{09412B73-6159-40D6-B0B9-C11B30A7531E}" = Microsoft Visual Studio 2012 Preparation[/FONT]
[FONT=Calibri]"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler[/FONT]
[FONT=Calibri]"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer[/FONT]
[FONT=Calibri]"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models[/FONT]
[FONT=Calibri]"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4[/FONT]
[FONT=Calibri]"{0F3C9093-6C13-484D-8385-93AA21BEC025}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources[/FONT]
[FONT=Calibri]"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4[/FONT]
[FONT=Calibri]"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4[/FONT]
[FONT=Calibri]"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4[/FONT]
[FONT=Calibri]"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4[/FONT]
[FONT=Calibri]"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB[/FONT]
[FONT=Calibri]"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin[/FONT]
[FONT=Calibri]"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK[/FONT]
[FONT=Calibri]"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker[/FONT]
[FONT=Calibri]"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server[/FONT]
[FONT=Calibri]"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU[/FONT]
[FONT=Calibri]"{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}" = Microsoft Visual Studio Express 2012 for Windows Desktop[/FONT]
[FONT=Calibri]"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727[/FONT]
[FONT=Calibri]"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server[/FONT]
[FONT=Calibri]"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update[/FONT]
[FONT=Calibri]"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models[/FONT]
[FONT=Calibri]"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions[/FONT]
[FONT=Calibri]"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en[/FONT]
[FONT=Calibri]"{222C5507-AC43-388F-808E-2266EC57E043}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU[/FONT]
[FONT=Calibri]"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote[/FONT]
[FONT=Calibri]"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40[/FONT]
[FONT=Calibri]"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections[/FONT]
[FONT=Calibri]"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models[/FONT]
[FONT=Calibri]"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3[/FONT]
[FONT=Calibri]"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger[/FONT]
[FONT=Calibri]"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources[/FONT]
[FONT=Calibri]"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder[/FONT]
[FONT=Calibri]"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727[/FONT]
[FONT=Calibri]"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4[/FONT]
[FONT=Calibri]"{32136776-FE3F-453D-80DA-CDD993BDB2A3}" = Entity Framework Designer for Visual Studio 2012 - enu[/FONT]
[FONT=Calibri]"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery[/FONT]
[FONT=Calibri]"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support[/FONT]
[FONT=Calibri]"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery[/FONT]
[FONT=Calibri]"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4[/FONT]
[FONT=Calibri]"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium[/FONT]
[FONT=Calibri]"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources[/FONT]
[FONT=Calibri]"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player[/FONT]
[FONT=Calibri]"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4[/FONT]
[FONT=Calibri]"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4[/FONT]
[FONT=Calibri]"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin[/FONT]
[FONT=Calibri]"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4[/FONT]
[FONT=Calibri]"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote[/FONT]
[FONT=Calibri]"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit[/FONT]
[FONT=Calibri]"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime[/FONT]
[FONT=Calibri]"{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor[/FONT]
[FONT=Calibri]"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models[/FONT]
[FONT=Calibri]"{49402ED1-A795-4435-A745-1B781BE621A6}" = Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop[/FONT]
[FONT=Calibri]"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension[/FONT]
[FONT=Calibri]"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater[/FONT]
[FONT=Calibri]"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models[/FONT]
[FONT=Calibri]"{4F2B8233-35EE-4197-8C3B-EACCBF712029}" = Microsoft SQL Server Data Tools - enu (11.1.20828.01)[/FONT]
[FONT=Calibri]"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion[/FONT]
[FONT=Calibri]"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4[/FONT]
[FONT=Calibri]"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs[/FONT]
[FONT=Calibri]"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3[/FONT]
[FONT=Calibri]"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4[/FONT]
[FONT=Calibri]"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack[/FONT]
[FONT=Calibri]"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Plug-in Suite 5[/FONT]
[FONT=Calibri]"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor[/FONT]
[FONT=Calibri]"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack[/FONT]
[FONT=Calibri]"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411[/FONT]
[FONT=Calibri]"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit[/FONT]
[FONT=Calibri]"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support[/FONT]
[FONT=Calibri]"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4[/FONT]
[FONT=Calibri]"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support[/FONT]
[FONT=Calibri]"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4[/FONT]
[FONT=Calibri]"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK[/FONT]
[FONT=Calibri]"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE[/FONT]
[FONT=Calibri]"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup[/FONT]
[FONT=Calibri]"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3[/FONT]
[FONT=Calibri]"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files[/FONT]
[FONT=Calibri]"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash[/FONT]
[FONT=Calibri]"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service [/FONT]
[FONT=Calibri]"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer[/FONT]
[FONT=Calibri]"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3[/FONT]
[FONT=Calibri]"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update[/FONT]
[FONT=Calibri]"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core[/FONT]
[FONT=Calibri]"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en[/FONT]
[FONT=Calibri]"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup[/FONT]
[FONT=Calibri]"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3[/FONT]
[FONT=Calibri]"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3[/FONT]
[FONT=Calibri]"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)[/FONT]
[FONT=Calibri]"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3[/FONT]
[FONT=Calibri]"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer[/FONT]
[FONT=Calibri]"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies[/FONT]
[FONT=Calibri]"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4[/FONT]
[FONT=Calibri]"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4[/FONT]
[FONT=Calibri]"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform[/FONT]
[FONT=Calibri]"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4[/FONT]
[FONT=Calibri]"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4[/FONT]
[FONT=Calibri]"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime[/FONT]
[FONT=Calibri]"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3[/FONT]
[FONT=Calibri]"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT[/FONT]
[FONT=Calibri]"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007[/FONT]
[FONT=Calibri]"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007[/FONT]
[FONT=Calibri]"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007[/FONT]
[FONT=Calibri]"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007[/FONT]
[FONT=Calibri]"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In[/FONT]
[FONT=Calibri]"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component[/FONT]
[FONT=Calibri]"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component[/FONT]
[FONT=Calibri]"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3[/FONT]
[FONT=Calibri]"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007[/FONT]
[FONT=Calibri]"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Calibri]"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT [/FONT]
[FONT=Calibri]"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker[/FONT]
[FONT=Calibri]"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4[/FONT]
[FONT=Calibri]"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4[/FONT]
[FONT=Calibri]"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models[/FONT]
[FONT=Calibri]"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models[/FONT]
[FONT=Calibri]"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161[/FONT]
[FONT=Calibri]"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3[/FONT]
[FONT=Calibri]"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail[/FONT]
[FONT=Calibri]"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh[/FONT]
[FONT=Calibri]"{A1785BD4-3486-4E7E-8074-E3FC61B8F315}" = Microsoft Visual C++ 2012 x86-x64 Compilers[/FONT]
[FONT=Calibri]"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4[/FONT]
[FONT=Calibri]"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer[/FONT]
[FONT=Calibri]"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common[/FONT]
[FONT=Calibri]"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer[/FONT]
[FONT=Calibri]"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer[/FONT]
[FONT=Calibri]"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch[/FONT]
[FONT=Calibri]"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)[/FONT]
[FONT=Calibri]"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007[/FONT]
[FONT=Calibri]"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2[/FONT]
[FONT=Calibri]"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect[/FONT]
[FONT=Calibri]"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models[/FONT]
[FONT=Calibri]"{B362A397-B38A-3A23-A190-611F9C7EB4F9}" = Microsoft Visual C++ 2012 Core Libraries[/FONT]
[FONT=Calibri]"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation[/FONT]
[FONT=Calibri]"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0[/FONT]
[FONT=Calibri]"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4[/FONT]
[FONT=Calibri]"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3[/FONT]
[FONT=Calibri]"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4[/FONT]
[FONT=Calibri]"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module[/FONT]
[FONT=Calibri]"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3[/FONT]
[FONT=Calibri]"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core[/FONT]
[FONT=Calibri]"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2[/FONT]
[FONT=Calibri]"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium[/FONT]
[FONT=Calibri]"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4[/FONT]
[FONT=Calibri]"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3[/FONT]
[FONT=Calibri]"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail[/FONT]
[FONT=Calibri]"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com[/FONT]
[FONT=Calibri]"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw[/FONT]
[FONT=Calibri]"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform[/FONT]
[FONT=Calibri]"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack[/FONT]
[FONT=Calibri]"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64[/FONT]
[FONT=Calibri]"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client[/FONT]
[FONT=Calibri]"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps[/FONT]
[FONT=Calibri]"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common[/FONT]
[FONT=Calibri]"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform[/FONT]
[FONT=Calibri]"{D6506521-0959-4FA3-875F-E2E28830B0D2}" = NEF Codec[/FONT]
[FONT=Calibri]"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects [/FONT]
[FONT=Calibri]"{DDB824DA-C431-3A3E-B997-F4B5539838FC}" = Google Talk Plugin[/FONT]
[FONT=Calibri]"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources[/FONT]
[FONT=Calibri]"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4[/FONT]
[FONT=Calibri]"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh[/FONT]
[FONT=Calibri]"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10[/FONT]
[FONT=Calibri]"{e0efdce9-a486-4676-8aa5-65bb08cbf34c}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU[/FONT]
[FONT=Calibri]"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012[/FONT]
[FONT=Calibri]"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger[/FONT]
[FONT=Calibri]"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3[/FONT]
[FONT=Calibri]"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU[/FONT]
[FONT=Calibri]"{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC(TM)[/FONT]
[FONT=Calibri]"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3[/FONT]
[FONT=Calibri]"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU][/FONT]
[FONT=Calibri]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219[/FONT]
[FONT=Calibri]"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help[/FONT]
[FONT=Calibri]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver[/FONT]
[FONT=Calibri]"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4[/FONT]
[FONT=Calibri]"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4[/FONT]
[FONT=Calibri]"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4[/FONT]
[FONT=Calibri]"{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)[/FONT]
[FONT=Calibri]"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework [/FONT]
[FONT=Calibri]"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3[/FONT]
[FONT=Calibri]"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All[/FONT]
[FONT=Calibri]"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727[/FONT]
[FONT=Calibri]"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials[/FONT]
[FONT=Calibri]"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR[/FONT]
[FONT=Calibri]"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0[/FONT]
[FONT=Calibri]"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022[/FONT]
[FONT=Calibri]"7-zip" = 7-zip v9.20[/FONT]
[FONT=Calibri]"ActiveTouchMeetingClient" = Cisco WebEx Meetings[/FONT]
[FONT=Calibri]"Adobe AIR" = Adobe AIR[/FONT]
[FONT=Calibri]"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX[/FONT]
[FONT=Calibri]"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin[/FONT]
[FONT=Calibri]"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium[/FONT]
[FONT=Calibri]"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium[/FONT]
[FONT=Calibri]"Alt.Binz" = Alt.Binz 0.25.0[/FONT]
[FONT=Calibri]"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player[/FONT]
[FONT=Calibri]"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com[/FONT]
[FONT=Calibri]"DVD Shrink_is1" = DVD Shrink 3.2[/FONT]
[FONT=Calibri]"FileZilla Client" = FileZilla Client 3.5.3[/FONT]
[FONT=Calibri]"foobar2000" = foobar2000 v1.1.15[/FONT]
[FONT=Calibri]"Fraps" = Fraps[/FONT]
[FONT=Calibri]"Free Video Converter_is1" = Free Video Converter V 2.8[/FONT]
[FONT=Calibri]"HandBrake" = HandBrake 0.9.9.1[/FONT]
[FONT=Calibri]"InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor[/FONT]
[FONT=Calibri]"InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC(TM)[/FONT]
[FONT=Calibri]"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300[/FONT]
[FONT=Calibri]"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0[/FONT]
[FONT=Calibri]"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)[/FONT]
[FONT=Calibri]"MozillaMaintenanceService" = Mozilla Maintenance Service[/FONT]
[FONT=Calibri]"Mp3tag" = Mp3tag v2.52[/FONT]
[FONT=Calibri]"MyTomTom" = MyTomTom 3.2.0.700[/FONT]
[FONT=Calibri]"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver[/FONT]
[FONT=Calibri]"Picasa 3" = Picasa 3[/FONT]
[FONT=Calibri]"Recover My Files_is1" = Recover My Files[/FONT]
[FONT=Calibri]"ULTIMATER" = Microsoft Office Ultimate 2007[/FONT]
[FONT=Calibri]"VideoReDo4_is1" = VideoReDo TVSuite Version 4.20.7.638[/FONT]
[FONT=Calibri]"VLC media player" = VLC media player 2.0.8[/FONT]
[FONT=Calibri]"WinLiveSuite" = Windows Live Essentials[/FONT]
[FONT=Calibri]"WinMerge_is1" = WinMerge 2.14.0[/FONT]
[FONT=Calibri]"WinRAR archiver" = WinRAR 4.10 (32-bit)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== HKEY_USERS Uninstall List ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== HKEY_USERS Uninstall List ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== HKEY_USERS Uninstall List ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_USERS\S-1-5-21-1515895344-2271285631-4117087887-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Calibri]"Dropbox" = Dropbox[/FONT]
[FONT=Calibri]"e02fe2c34dc565d1" = WindowsFormsApplication2[/FONT]
[FONT=Calibri]"Google Chrome" = Google Chrome[/FONT]
[FONT=Calibri]"GoToMeeting" = GoToMeeting 5.4.0.1082[/FONT]
[FONT=Calibri]"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client[/FONT]
[FONT=Calibri]"SkyDriveSetup.exe" = Microsoft SkyDrive[/FONT]
[FONT=Calibri]"Spotify" = Spotify[/FONT]
[FONT=Calibri]"UnityWebPlayer" = Unity Web Player[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== HKEY_USERS Uninstall List ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_USERS\S-1-5-21-1515895344-2271285631-4117087887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Last 20 Event Log Errors ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][ OSession Events ][/FONT]
[FONT=Calibri]Error - 4/4/2012 4:11:27 PM | Computer Name = Chris-PC-7 | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Calibri]Description = ID: 0, Application Name: Microsoft Office Word, Application Version:[/FONT]
[FONT=Calibri] 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23724[/FONT]
[FONT=Calibri] seconds with 660 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]Error - 10/18/2012 12:25:54 AM | Computer Name = Chris-PC-7 | Source = Microsoft Office 12 Sessions | ID = 7001[/FONT]
[FONT=Calibri]Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:[/FONT]
[FONT=Calibri] 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12051[/FONT]
[FONT=Calibri] seconds with 2640 seconds of active time. This session ended with a crash.[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]< End of report >[/FONT]

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-1515895344-2271285631-4117087887-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0CE7F3C9

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Homercliez]

All processes killed
========== OTL ==========
Service MSCamSvc stopped successfully!
Service MSCamSvc deleted successfully!
File C:\Program Files\Microsoft LifeCam\MSCamS64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1515895344-2271285631-4117087887-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
File Protocol\Handler\osf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:3440EB47 deleted successfully.
ADS C:\ProgramData\TEMP:0888F409 deleted successfully.
ADS C:\ProgramData\TEMP:66633281 deleted successfully.
ADS C:\ProgramData\TEMP:0CE7F3C9 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 2279169 bytes
->Temporary Internet Files folder emptied: 1695567793 bytes
->Java cache emptied: 12613391 bytes
->FireFox cache emptied: 98263646 bytes
->Google Chrome cache emptied: 120955190 bytes
->Flash cache emptied: 9564 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Old_Me
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1422 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 682072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 77058 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,841.00 mb


[EMPTYJAVA]

User: All Users

User: Chris
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Old_Me

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Old_Me

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10102013_231806
Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF1DB34BF2BDB1D743.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF22D4FB17D04CE40C.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF23F62021ECFBD08F.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF3ED1C094707C4369.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF4278E7559FDF713D.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF8A9447F367491B8E.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF931EFE3ED9D3682B.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DFA634A32FFA08BB50.TMP not found!
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{C127822E-2379-4D57-9467-BF78C9E88EE9}.tmp moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2B326586-61AE-49F7-8725-F0F345B62A47}.tmp moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7CDE5682-C749-45B6-AF53-F33C78846F1C}.tmp moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A1275432-0F4D-4EEB-AB1D-84C55E08079C}.tmp moved successfully.
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DB20AC67-CFD2-4EBB-A4B4-FAC30575DBC0}.tmp not found!
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F14EB43E-7B3A-4520-AA11-207DE9709441}.tmp moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYLAN042\50kb-20130809CANS1D4Y.htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYLAN042\ba[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYLAN042\partner[3].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HC3MIXI\50kb-20130809CAQF3T7Z.htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HC3MIXI\918[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HC3MIXI\trojan-dos-rovnix-d-mbr-issue-remains[2].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5L82DIL2\1996[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5L82DIL2\50kb-20130809CA1NUS1Y.htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NVCBUG7\1996[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NVCBUG7\adServer[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NVCBUG7\adServer[2].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(20131010215123624).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20131010215123624).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20131010215124624).log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[Homercliez]

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 40
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (24.0)
Google Chrome 30.0.1599.66
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Homercliez]

Farbar Service Scanner Version: 13-09-2013
Ran by Chris (administrator) on 10-10-2013 at 23:40:48
Running from "C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6D437PSY"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-09 12:06] - [2013-09-13 20:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 12:06] - [2013-09-07 21:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Homercliez]

TFC Completed fine.
Running the ESET online Scanner now. I will probably post the results in the morning.

Thanks...

 

[Broni]

 

[Homercliez]

ESET did not find any threats.