WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93100 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Black Screen on Startup [Solved]

Started by FarReaching , Nov 13 2013 08:50 AM

Black Screen

This topic is locked

22 replies to this topic

#1 FarReaching

New Member

Authentic Member
11 posts

Posted 13 November 2013 - 08:50 AM

I have a HP Pavillion DV7 Laptop that has worked for about 2 years. Now I am getting a Black Screen on Boot with a movable cursor. If I wait 15 minutes the desktop appears. Alternatively if I go into Task Manager end task explorerer.exe and then restart explorer.exe I get my desktop back. I believe I may be infected and have run the usual antivirus and antimalware services (Malawarebytes, Microsoft Security Essentials and Spybot S&D). I get a temporary fix that way then black screens after a few boots.

I saw a similar post (http://forums.whatth...=+black +screen) and tried Tweaking.com-Windows repair as suggested but it didn't work for me.

Here are my logs:

From OLT:

OTL logfile created on: 11/13/2013 9:21:35 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HTPC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.48 Gb Total Physical Memory | 3.95 Gb Available Physical Memory | 72.16% Memory free
10.96 Gb Paging File | 9.05 Gb Available in Paging File | 82.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.51 Gb Total Space | 620.65 Gb Free Space | 90.80% Space Free | Partition Type: NTFS
Drive D: | 14.82 Gb Total Space | 1.56 Gb Free Space | 10.50% Space Free | Partition Type: NTFS
Drive F: | 96.98 Mb Total Space | 86.83 Mb Free Space | 89.54% Space Free | Partition Type: FAT32
Drive G: | 199.00 Mb Total Space | 160.87 Mb Free Space | 80.84% Space Free | Partition Type: NTFS

Computer Name: HTPC-HP | User Name: HTPC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\HTPC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PDFree\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (PDEngine) -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (Riverbed Technology, Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (Riverbed Technology, Inc.)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (RsFx0201) -- C:\Windows\SysNative\drivers\RsFx0201.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (btmhid) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{EB8E38B3-D8B7-4D05-8984-4320EE74B99D}: "URL" = http://www.amazon.ca...s={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C2E6A9C7-5AD2-4C0D-A4B5-E5C210F1F636}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{EB8E38B3-D8B7-4D05-8984-4320EE74B99D}: "URL" = http://www.amazon.ca...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {C2E6A9C7-5AD2-4C0D-A4B5-E5C210F1F636}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{C2E6A9C7-5AD2-4C0D-A4B5-E5C210F1F636}: "URL" = http://search.condui...9842190925&UM=2
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{EB8E38B3-D8B7-4D05-8984-4320EE74B99D}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.3.0.1
FF - prefs.js..extensions.enabledAddons: savedpasswordeditor%40daniel.dawson:2.7.1
FF - prefs.js..extensions.enabledAddons: pavel.sherbakov%40gmail.com:4.4.9
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: BigButtons%40kensaunders:1.1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/10/18 09:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Extensions
[2013/11/12 12:26:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions
[2013/11/12 12:26:17 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2013/11/12 12:26:19 | 000,000,000 | ---D | M] ("FVD Speed Dial with Full Online Sync") -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\pavel.sherbakov@gmail.com
[2013/11/12 12:26:19 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\autofillForms@blueimp.net.xpi
[2013/11/12 12:26:19 | 000,164,021 | ---- | M] () (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\BigButtons@kensaunders.xpi
[2013/11/12 12:13:26 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\firefox@ghostery.com.xpi
[2013/11/12 12:13:02 | 000,229,424 | ---- | M] () (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
[2013/11/12 12:26:19 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\nosquint@urandom.ca.xpi
[2013/11/12 12:26:17 | 000,215,334 | ---- | M] () (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\savedpasswordeditor@daniel.dawson.xpi
[2013/11/12 12:13:05 | 000,041,044 | ---- | M] () (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\vdpure@link64.xpi
[2013/11/12 12:13:19 | 000,029,019 | ---- | M] () (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
[2013/11/12 12:13:15 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2013/11/12 19:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/12 19:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/12 19:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/12 19:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/11/12 19:11:35 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2013/11/12 19:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/12 19:12:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/12 21:27:55 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WinHotKey] C:\Program Files (x86)\WinHotKey\WinHotKey.exe ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A8979F-A928-47F2-9A45-C115BE548BDE}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E238444A-0718-477E-89FF-DED462E7A672}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/13 09:18:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HTPC\Desktop\OTL.exe
[2013/11/12 22:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/11/12 21:34:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/11/12 21:04:52 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/11/12 21:02:29 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/11/12 20:30:54 | 000,000,000 | ---D | C] -- C:\Users\HTPC\Documents\ProcAlyzer Dumps
[2013/11/12 20:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/11/12 20:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/11/12 19:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/12 10:05:31 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/12 10:02:23 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 10:02:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 10:02:16 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 10:02:16 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 10:02:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 10:02:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 10:02:15 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 10:02:15 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 10:02:15 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 10:02:15 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 10:02:15 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 10:02:15 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 10:02:15 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 10:02:15 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 10:02:15 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 10:02:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 10:02:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 10:02:15 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 10:02:15 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 10:02:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 10:02:15 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 10:02:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 10:02:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 10:02:14 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 10:02:14 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 10:02:14 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 10:02:14 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 10:02:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 10:02:14 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 10:02:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 10:02:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 10:02:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 10:02:13 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 10:02:13 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 10:02:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 10:02:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 10:02:12 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 10:02:12 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 10:02:12 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 10:02:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 10:02:12 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 10:02:12 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 10:02:12 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 10:02:12 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 10:02:12 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 10:02:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 10:02:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 10:02:11 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 10:02:11 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 10:02:11 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 10:02:11 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 10:02:11 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 10:02:11 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 10:02:11 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 10:02:11 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 10:02:11 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 10:02:11 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 10:02:11 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 10:02:11 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 10:02:11 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 10:02:11 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 10:02:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 10:02:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 10:02:11 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 10:02:11 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 10:02:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 10:02:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 10:02:10 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 10:02:10 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 10:02:10 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 10:02:10 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 10:02:10 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 10:02:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 10:02:10 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 10:02:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 10:02:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 10:02:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 10:02:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 10:02:10 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 10:02:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/12 09:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/11/12 09:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/11/12 09:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2013/11/12 09:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013/11/12 09:42:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/12 09:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/11/11 15:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/11/11 15:15:09 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/11/11 15:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/11/11 15:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/11/10 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Roaming\XBMC
[2013/11/10 21:26:24 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2013/11/10 21:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2013/11/10 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/10 12:28:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/10 09:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/11/10 09:32:37 | 000,000,000 | ---D | C] -- C:\Users\HTPC\Desktop\mbar
[2013/11/10 09:29:38 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Roaming\Malwarebytes
[2013/11/10 09:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/10 09:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/07 13:38:30 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB
[2013/11/07 13:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RMPrepUSB
[2013/10/28 17:11:00 | 000,000,000 | ---D | C] -- C:\Users\HTPC\Documents\XBMC Backups
[2013/10/18 09:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/10/18 09:27:11 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Local\cache
[2013/10/18 09:27:10 | 000,000,000 | ---D | C] -- C:\Users\HTPC\Documents\Mobogenie
[2013/10/18 09:27:10 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Local\Mobogenie
[2013/10/18 09:26:11 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Local\Programs
[2013/10/15 10:32:08 | 000,000,000 | ---D | C] -- C:\Users\HTPC\Desktop\Media Companion 3.581b
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/13 09:18:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HTPC\Desktop\OTL.exe
[2013/11/13 09:07:51 | 000,032,064 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 09:07:51 | 000,032,064 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 09:06:55 | 000,905,954 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/13 09:06:55 | 000,737,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/13 09:06:55 | 000,153,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/13 09:02:20 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/13 09:02:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/12 22:14:26 | 000,324,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/12 21:40:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/12 21:32:38 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/11/12 21:31:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/12 21:27:55 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/12 21:03:34 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-HTPC-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/11/12 20:35:37 | 000,002,159 | ---- | M] () -- C:\Users\HTPC\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/11/12 12:21:47 | 000,000,604 | ---- | M] () -- C:\Users\HTPC\Desktop\regedit 2013 11.reg
[2013/11/12 10:02:23 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 10:02:23 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 10:02:16 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 10:02:16 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 10:02:16 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 10:02:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 10:02:16 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 10:02:15 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 10:02:15 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 10:02:15 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 10:02:15 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 10:02:15 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 10:02:15 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 10:02:15 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 10:02:15 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 10:02:15 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 10:02:15 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 10:02:15 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 10:02:15 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 10:02:15 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 10:02:15 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 10:02:15 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 10:02:15 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 10:02:15 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 10:02:14 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 10:02:14 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 10:02:14 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 10:02:14 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 10:02:14 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 10:02:14 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 10:02:14 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 10:02:13 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 10:02:13 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 10:02:13 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 10:02:13 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 10:02:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 10:02:13 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 10:02:12 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 10:02:12 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 10:02:12 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 10:02:12 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 10:02:12 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 10:02:12 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 10:02:12 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 10:02:12 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 10:02:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 10:02:12 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 10:02:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 10:02:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 10:02:11 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 10:02:11 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 10:02:11 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 10:02:11 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 10:02:11 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 10:02:11 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 10:02:11 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 10:02:11 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 10:02:11 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 10:02:11 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 10:02:11 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 10:02:11 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 10:02:11 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 10:02:11 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 10:02:11 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 10:02:11 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 10:02:11 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 10:02:11 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 10:02:11 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 10:02:11 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 10:02:11 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/12 10:02:10 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 10:02:10 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 10:02:10 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 10:02:10 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 10:02:10 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 10:02:10 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 10:02:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 10:02:10 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 10:02:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 10:02:10 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 10:02:10 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 10:02:10 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/12 09:45:16 | 000,890,264 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/11 15:15:20 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/10 12:28:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/07 13:38:30 | 000,001,035 | ---- | M] () -- C:\Users\HTPC\Desktop\RMPrepUSB.lnk
[2013/11/07 13:32:22 | 007,408,975 | ---- | M] () -- C:\Users\HTPC\Desktop\Install_RMPrepUSB_Full.exe
[2013/10/18 09:30:07 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/14 18:00:00 | 000,028,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/12 21:03:34 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-HTPC-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/11/12 20:35:37 | 000,002,159 | ---- | C] () -- C:\Users\HTPC\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/11/12 12:21:47 | 000,000,604 | ---- | C] () -- C:\Users\HTPC\Desktop\regedit 2013 11.reg
[2013/11/12 10:02:15 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 10:02:11 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/11 15:15:20 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/11/11 15:15:20 | 000,001,379 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/10 12:28:21 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/07 13:38:30 | 000,001,035 | ---- | C] () -- C:\Users\HTPC\Desktop\RMPrepUSB.lnk
[2013/10/18 09:30:07 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/18 09:30:07 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/17 19:38:52 | 007,408,975 | ---- | C] () -- C:\Users\HTPC\Desktop\Install_RMPrepUSB_Full.exe
[2013/10/08 09:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 08:39:08 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 08:39:08 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/07/20 13:47:51 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2013/07/15 15:15:09 | 002,498,216 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013/07/15 15:15:09 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013/07/15 15:15:08 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013/07/15 15:15:08 | 000,013,896 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013/07/15 15:15:08 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/12/19 14:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/19 14:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/05 19:12:54 | 000,000,249 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/07/24 11:54:17 | 000,005,495 | ---- | C] () -- C:\Users\HTPC\.swfinfo

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/05 16:43:37 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\ARGUS TV
[2012/06/21 12:27:38 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Blio
[2013/07/20 13:47:51 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\DonationCoder
[2012/09/05 19:13:18 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\For The Record
[2013/09/17 18:14:40 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\IDT
[2013/08/13 18:26:53 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\LibreOffice
[2012/08/13 12:16:12 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Notepad++
[2013/09/02 17:02:05 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Opera Software
[2012/08/09 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Philipp Winterberg
[2012/07/19 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Silicondust
[2012/11/27 12:57:41 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\SqueezePlay
[2012/06/20 15:10:51 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Synaptics
[2013/11/13 09:04:16 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\XBMC
[2012/12/30 15:10:48 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Xbmccustomregis

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2010/11/21 02:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2013/09/20 10:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) MD5=CDEB46FE688F062D3033209B29755203 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2010/11/21 02:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 02:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 02:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 02:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013/11/13 09:17:54 | 000,162,130 | ---- | M] () MD5=C4A9D071D42EC383E07F34CE42A73316 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.EXE >
[2012/06/02 06:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2013/01/08 20:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[2013/11/12 10:02:12 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/11/12 10:02:12 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2013/05/16 21:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012/06/29 00:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013/07/26 01:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013/08/10 01:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2012/05/17 17:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2013/04/05 19:03:39 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_20e4a040529a2792\iexplore.exe
[2013/02/24 19:58:09 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=28F93BAFB3EB407E99A7ED3D9DBDE04C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_ffb93ba237e760ce\iexplore.exe
[2013/06/11 23:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2012/08/24 06:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/04/05 00:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
[2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2013/08/10 01:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/09 23:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/05/16 20:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[2013/08/10 00:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012/10/08 07:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012/05/17 21:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
[2012/08/24 05:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/28 21:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012/06/02 07:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2012/08/24 02:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013/02/21 07:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_16920d4a1e377ea4\iexplore.exe
[2013/04/05 19:03:35 | 000,775,184 | ---- | M] (Microsoft Corporation) MD5=681B380492ACB571ED6CCC1F37F53343 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_168ff5ee1e396597\iexplore.exe
[2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2013/07/25 22:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013/02/02 03:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2010/11/20 22:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/07/26 00:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013/05/16 22:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
[2011/10/29 17:21:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013/06/11 21:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/02/24 18:52:40 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=A11C5E3E288256C540B7ED8BE3A04B01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_0a0de5f46c4822c9\iexplore.exe
[2013/02/01 23:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2013/02/02 02:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2013/04/05 01:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[2012/11/15 22:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012/06/02 03:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2010/11/20 22:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/11/12 10:02:16 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/11/12 10:02:16 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2013/06/12 02:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013/04/05 02:53:33 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
[2012/10/08 03:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/09/22 18:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/09/22 19:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/02/01 23:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2013/04/05 02:23:03 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=DE751E18F8DBF7BCCE46989CBA4A9828 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_ffbd812237e37947\iexplore.exe
[2013/02/21 06:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
[2013/07/26 00:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/22 20:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2012/06/28 18:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013/05/16 22:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
[2013/01/08 19:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/08 16:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2011/10/29 17:21:57 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2012/10/08 06:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/13 21:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013/09/22 20:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012/05/17 20:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe
[2012/11/14 02:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2013/11/12 10:02:16 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/12 10:02:13 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/12 10:02:13 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/11/12 10:02:16 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2011/10/29 17:21:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2011/10/29 17:21:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/04/05 19:03:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/04/05 19:03:39 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 09:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2013/07/23 05:14:48 | 000,007,885 | ---- | M] () MD5=2CC4532D2DC09C8F237AE9F4EF4AE24B -- C:\Program Files (x86)\LibreOffice 4\URE\misc\services.rdb
[2013/07/23 07:06:46 | 000,183,343 | ---- | M] () MD5=325AF7E5657F32CBF9412FEA6960A3A2 -- C:\Program Files (x86)\LibreOffice 4\program\services\services.rdb

< MD5 for: SERVICES.SBS >
[2011/03/01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011/03/01 02:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs

< MD5 for: SERVICES.SBS-20110301.CAB >
[2013/11/11 15:18:20 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab

< MD5 for: WINLOGON.ADML >
[2010/11/21 02:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/21 02:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 02:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2010/11/21 02:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010/11/21 02:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2012/07/17 05:20:27 | 000,386,226 | RHS- | M] () -- C:\bootmgr
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2013/11/13 09:02:08 | 1588,490,239 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 84C3-6480
Directory of C:\
14/07/2009 12:08 AM    <JUNCTION>     Documents and Settings [..]
               0 File(s)              0 bytes
Directory of C:\Program Files (x86)\Evernote
13/05/2011 02:54 PM    <SYMLINKD>     Evernote3.5 [D:\Program Files (x86)\Evernote\Evernote]
               0 File(s)              0 bytes
Directory of C:\ProgramData
14/07/2009 12:08 AM    <JUNCTION>     Application Data [..]
14/07/2009 12:08 AM    <JUNCTION>     Desktop [..]
14/07/2009 12:08 AM    <JUNCTION>     Documents [..]
14/07/2009 12:08 AM    <JUNCTION>     Favorites [..]
14/07/2009 12:08 AM    <JUNCTION>     Start Menu [..]
14/07/2009 12:08 AM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
Directory of C:\Users
14/07/2009 12:08 AM    <SYMLINKD>     All Users [D:\ProgramData]
14/07/2009 12:08 AM    <JUNCTION>     Default User [..]
               0 File(s)              0 bytes
Directory of C:\Users\Default
14/07/2009 12:08 AM    <JUNCTION>     Application Data [..]
14/07/2009 12:08 AM    <JUNCTION>     Cookies [..]
14/07/2009 12:08 AM    <JUNCTION>     Local Settings [..]
14/07/2009 12:08 AM    <JUNCTION>     My Documents [..]
14/07/2009 12:08 AM    <JUNCTION>     NetHood [..]
14/07/2009 12:08 AM    <JUNCTION>     PrintHood [..]
14/07/2009 12:08 AM    <JUNCTION>     Recent [..]
14/07/2009 12:08 AM    <JUNCTION>     SendTo [..]
14/07/2009 12:08 AM    <JUNCTION>     Start Menu [..]
14/07/2009 12:08 AM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 12:08 AM    <JUNCTION>     Application Data [..]
14/07/2009 12:08 AM    <JUNCTION>     History [..]
14/07/2009 12:08 AM    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 12:08 AM    <JUNCTION>     My Music [..]
14/07/2009 12:08 AM    <JUNCTION>     My Pictures [..]
14/07/2009 12:08 AM    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
Directory of C:\Users\HTPC
20/06/2012 03:02 PM    <JUNCTION>     Application Data [C:\Users\HTPC\AppData\Roaming]
20/06/2012 03:02 PM    <JUNCTION>     Cookies [C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Cookies]
20/06/2012 03:02 PM    <JUNCTION>     Local Settings [C:\Users\HTPC\AppData\Local]
20/06/2012 03:02 PM    <JUNCTION>     My Documents [C:\Users\HTPC\Documents]
20/06/2012 03:02 PM    <JUNCTION>     NetHood [C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
20/06/2012 03:02 PM    <JUNCTION>     PrintHood [C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
20/06/2012 03:02 PM    <JUNCTION>     Recent [C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Recent]
20/06/2012 03:02 PM    <JUNCTION>     SendTo [C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\SendTo]
20/06/2012 03:02 PM    <JUNCTION>     Start Menu [C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu]
20/06/2012 03:02 PM    <JUNCTION>     Templates [C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\HTPC\AppData\Local
20/06/2012 03:02 PM    <JUNCTION>     Application Data [C:\Users\HTPC\AppData\Local]
20/06/2012 03:02 PM    <JUNCTION>     History [C:\Users\HTPC\AppData\Local\Microsoft\Windows\History]
20/06/2012 03:02 PM    <JUNCTION>     Temporary Internet Files [C:\Users\HTPC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\HTPC\Documents
20/06/2012 03:02 PM    <JUNCTION>     My Music [C:\Users\HTPC\Music]
20/06/2012 03:02 PM    <JUNCTION>     My Pictures [C:\Users\HTPC\Pictures]
20/06/2012 03:02 PM    <JUNCTION>     My Videos [C:\Users\HTPC\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\MSSQL$SQLEXPRESS
05/09/2012 07:05 PM    <JUNCTION>     Application Data [C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming]
05/09/2012 07:05 PM    <JUNCTION>     Cookies [C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Cookies]
05/09/2012 07:05 PM    <JUNCTION>     Local Settings [C:\Users\MSSQL$SQLEXPRESS\AppData\Local]
05/09/2012 07:05 PM    <JUNCTION>     My Documents [C:\Users\MSSQL$SQLEXPRESS\Documents]
05/09/2012 07:05 PM    <JUNCTION>     NetHood [C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/09/2012 07:05 PM    <JUNCTION>     PrintHood [C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/09/2012 07:05 PM    <JUNCTION>     Recent [C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Recent]
05/09/2012 07:05 PM    <JUNCTION>     SendTo [C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\SendTo]
05/09/2012 07:05 PM    <JUNCTION>     Start Menu [C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu]
05/09/2012 07:05 PM    <JUNCTION>     Templates [C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\MSSQL$SQLEXPRESS\AppData\Local
05/09/2012 07:05 PM    <JUNCTION>     Application Data [C:\Users\MSSQL$SQLEXPRESS\AppData\Local]
05/09/2012 07:05 PM    <JUNCTION>     History [C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Microsoft\Windows\History]
05/09/2012 07:05 PM    <JUNCTION>     Temporary Internet Files [C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\MSSQL$SQLEXPRESS\Documents
05/09/2012 07:05 PM    <JUNCTION>     My Music [C:\Users\MSSQL$SQLEXPRESS\Music]
05/09/2012 07:05 PM    <JUNCTION>     My Pictures [C:\Users\MSSQL$SQLEXPRESS\Pictures]
05/09/2012 07:05 PM    <JUNCTION>     My Videos [C:\Users\MSSQL$SQLEXPRESS\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 12:08 AM    <JUNCTION>     My Music [D:\Users\Public\Music]
14/07/2009 12:08 AM    <JUNCTION>     My Pictures [D:\Users\Public\Pictures]
14/07/2009 12:08 AM    <JUNCTION>     My Videos [D:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              61 Dir(s) 665,844,027,392 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/06/20 15:11:07 | 000,000,221 | -HS- | M] () -- C:\Users\HTPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/11/07 13:32:22 | 007,408,975 | ---- | M] () -- C:\Users\HTPC\Desktop\Install_RMPrepUSB_Full.exe
[2013/11/13 09:18:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HTPC\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

My Extras Log is from an earlier scan as it doesn't seem to produce that log after repeated scans:

OTL Extras logfile created on: 11/12/2013 7:18:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HTPC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.48 Gb Total Physical Memory | 3.58 Gb Available Physical Memory | 65.25% Memory free
10.96 Gb Paging File | 8.74 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.51 Gb Total Space | 618.94 Gb Free Space | 90.55% Space Free | Partition Type: NTFS
Drive D: | 14.82 Gb Total Space | 1.56 Gb Free Space | 10.50% Space Free | Partition Type: NTFS
Drive F: | 96.98 Mb Total Space | 86.83 Mb Free Space | 89.54% Space Free | Partition Type: FAT32
Drive G: | 199.00 Mb Total Space | 160.87 Mb Free Space | 80.84% Space Free | Partition Type: NTFS

Computer Name: HTPC-HP | User Name: HTPC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064902AC-EB51-4116-8E82-97CDAC1354C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{091FE3C7-004C-4717-AC27-713F208D062E}" = lport=554 | protocol=6 | dir=in | name=argus tv streaming server (554) |
"{0C258F84-1DF5-4FE3-8996-B3DF67B9EF2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{0D9ED131-5612-44AE-AD97-19922DD13570}" = lport=42080 | protocol=6 | dir=in | name=for the record web access |
"{2BB6EF84-E157-4FA3-B822-0990C311A395}" = lport=49941 | protocol=6 | dir=in | name=argus tv https (xml/rest) |
"{2CE7C0C5-CA4C-4A84-ABA4-4F4E00EA3C11}" = lport=139 | protocol=6 | dir=in | app=system |
"{3A028581-60CC-4357-ABD3-902400963018}" = lport=137 | protocol=17 | dir=in | app=system |
"{3AF8FF97-B98D-4F5A-AE79-6223D76B4829}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{5203478D-DC78-4DE6-94F0-72456B5657FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68E9590D-7EB8-4587-9CC2-9A745B252B94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{7369E490-96A3-40D1-9E19-8DBE66B0B3F3}" = lport=3306 | protocol=6 | dir=in | name=mysql |
"{769A9B1F-7EF6-4200-905B-052D94FA7E40}" = rport=138 | protocol=17 | dir=out | app=system |
"{7BE5CA45-34EC-49F7-B6F9-07256C032382}" = lport=135 | protocol=6 | dir=in | name=rpc_pd |
"{8718DBA2-8697-4E49-96E5-7157FE7E4C7F}" = lport=8554 | protocol=6 | dir=in | name=argus tv streaming server (8554) |
"{89B9F0F4-926F-4D4C-B38F-2476EEED5103}" = lport=49943 | protocol=6 | dir=in | name=for the record http (xml/rest) |
"{8F115839-8DFA-41B7-800E-961ACA17F931}" = rport=137 | protocol=17 | dir=out | app=system |
"{9849A369-37FA-41CE-8DBA-26FB4E8F1201}" = lport=138 | protocol=17 | dir=in | app=system |
"{9A7FCB71-3CEA-4C69-B8A0-052CB53FA5ED}" = lport=8554 | protocol=6 | dir=in | name=for the record streaming server (8554) |
"{9FA01596-FB90-432D-B30A-543BFB940A9B}" = rport=445 | protocol=6 | dir=out | app=system |
"{A33FCCF8-D1AF-4DCE-9832-75CE96F26F7B}" = rport=139 | protocol=6 | dir=out | app=system |
"{A9AE954D-8E71-413F-8EE1-CCCEAD21B10A}" = lport=49944 | protocol=6 | dir=in | name=argus tv https (binary) |
"{ABE24572-1673-4EF3-9E90-3730F476BD0A}" = lport=554 | protocol=6 | dir=in | name=for the record streaming server (554) |
"{C37CCD1A-9864-49A9-BFF1-EF5325BE0D15}" = lport=49944 | protocol=6 | dir=in | name=for the record https (binary) |
"{DF4334CF-9B8C-469E-9962-9DFC90896C36}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2D96501-1EFC-4B1B-A685-D1BBC54DA0A2}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9D3AE83-DA4C-48C8-AE57-66E60B9E921C}" = lport=49941 | protocol=6 | dir=in | name=for the record https (xml/rest) |
"{EB92332C-B88B-41F2-BA1D-C63E0A749DA3}" = lport=49943 | protocol=6 | dir=in | name=argus tv http (xml/rest) |
"{F5C8C5F8-459B-4DA0-B476-17744110A7AA}" = lport=445 | protocol=6 | dir=in | name=dcom_pd |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BDB267E-E52C-4588-8EC0-7912D5F93AA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{103B6C5F-83B9-4633-B4EF-311CD83510DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{204DCC36-4C7B-48C4-BF5E-61F414823120}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2CDB538A-8601-44E2-8D32-6953C608A0D4}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{3895FB2E-A0D4-4695-9996-8A1D38DAA5A3}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{3D9FD6E8-032F-4323-9145-60D002BDCC5B}" = protocol=6 | dir=in | app=c:\program files\raxco\pdfree\pdagent.exe |
"{48C3B59D-B8A7-42FB-A380-B5118D020FD9}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{4DD9D020-A9E0-4142-9770-7711C9696796}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
"{54D21CF3-0550-4952-8167-57D6BE2ACB89}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{6F9FE943-2748-4B15-AACD-CBBE1E4DF1A0}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{73301E20-EE92-4611-93CB-A6BE7D94EDB3}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{788C20DB-E065-4222-8B7F-2DC3F0FE805C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A50A44A2-E139-444C-8D3C-19A7AC453184}" = protocol=17 | dir=in | app=c:\program files\raxco\pdfree\pdagent.exe |
"{AF12C923-3504-455F-AD2E-148D885D01D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D360C55F-22C1-43FF-8964-7E49AD964615}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{E358AA0E-325A-4197-BA5C-6D2BC2F21C95}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{E76CB8DC-3214-4AB2-81F3-8BA34A9C741D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{396D643D-367B-4DBA-B4F0-DEC88689898C}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{3D70B4D8-2F55-4E95-80CB-7E855F46A552}C:\program files (x86)\squeezebox\squeezeplay\squeezeplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\squeezebox\squeezeplay\squeezeplay.exe |
"TCP Query User{AA8E82E6-5EE4-4212-B562-4A0DE583CD24}C:\program files (x86)\squeezebox\squeezeplay\squeezeplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\squeezebox\squeezeplay\squeezeplay.exe |
"TCP Query User{D8EA178B-902D-4A77-AF3E-622287D7061A}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{10A56E27-DEE0-47CF-8C02-4494EB28DA2E}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{43D503AD-87A0-4AF7-AA49-4521AADBE63B}C:\program files (x86)\squeezebox\squeezeplay\squeezeplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\squeezebox\squeezeplay\squeezeplay.exe |
"UDP Query User{790509AB-9DCB-4EB3-AF39-ACCFE9CECDD9}C:\program files (x86)\squeezebox\squeezeplay\squeezeplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\squeezebox\squeezeplay\squeezeplay.exe |
"UDP Query User{DA8DD0B9-4B0D-4AF8-8B60-B6E12DDE0A77}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0838B70E-B35E-AC61-EF41-3E9472AD6C41}" = AMD Drag and Drop Transcoding
"{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}" = SQL Server 2012 Database Engine Services
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D411379-9CE0-4B13-A19B-72D3222DD620}" = SQL Server 2012 Common Files
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}" = SQL Server 2012 Common Files
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}" = SQL Server 2012 Management Studio
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}" = Microsoft VSS Writer for SQL Server 2012
"{408DD513-C71C-EF6C-1456-247DD8403E18}" = AMD Steady Video Plug-In
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54C5041B-0E91-4E92-8417-AAA12493C790}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}" = SQL Server 2012 Database Engine Shared
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{56C0C063-2B3B-4B9B-8C1F-51C895EA1F0C}" = PerfectDisk Free Defrag
"{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}" = SQL Server 2012 Database Engine Shared
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6B3840D6-4B8F-4E74-9202-9CE36DA94E99}" = SQL Server 2012 Client Tools
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{7842C220-6E9A-4D5A-AE70-0E138271F883}" = SQL Server 2012 Client Tools
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}" = SQL Server 2012 Database Engine Services
"{88CB5DFD-6CE1-486F-998C-9FC090FCE5E2}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB933A1-603C-5B22-3D56-19593698C41A}" = AMD Fuel
"{8CB0713F-CFE0-445D-BCB2-538465860E1A}" = Microsoft SQL Server 2012 Setup (English)
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{91537A0E-FEEB-4AB1-A203-0563BEBB3464}" = Microsoft SQL Server 2012 RsFx Driver
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A7037EB2-F953-4B12-B843-195F4D988DA1}" = SQL Server 2012 Management Studio
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ADCB5F9E-EF88-6D61-EE2F-99F51DF1B6EF}" = AMD Media Foundation Decoders
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BED1EA3D-592D-4305-9D1F-20F03726EFC1}" = Sql Server Customer Experience Improvement Program
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}" = Microsoft SQL Server 2012 Native Client
"{E57289A3-B314-F00A-F0D0-7CB63E588CFF}" = AMD Accelerated Video Transcoding
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{FEB22B7A-7B05-4A49-3BA3-D24815D37FAE}" = ccc-utility64
"CCleaner" = CCleaner
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 11" = Microsoft SQL Server 2012 (64-bit)
"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 (64-bit)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09B790E3-21E3-4D1A-8130-AAA9227C9785}_is1" = SqueezePlay 7.6.2
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{170236F2-1F88-A116-DA64-3FEED17B9387}" = CCC Help Italian
"{1BBEB0C2-B5F6-4B8E-A4EA-1B13C45FCE7D}" = ScreenShot V1.1.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2178EDD8-A3A6-50E3-407B-6629EA8E6ECE}" = AMD Catalyst Control Center
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32957F2B-A371-151F-9DA1-7BCA54BA2C71}" = CCC Help Danish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{398004A7-6198-B8AB-443A-D250FFA57446}" = CCC Help Greek
"{3A29665B-2304-A9F7-601D-86340BD29D57}" = CCC Help Korean
"{4310E447-8AF3-020C-06D0-CB317D1BC92B}" = CCC Help Spanish
"{4B9E6EB0-0EED-4E74-9479-F982C3254F71}" = SQL Server Browser for SQL Server 2012
"{4DF0CAAC-F479-1673-EE92-03FFB9A05C1A}" = CCC Help English
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{6670AE0A-83FD-C514-C4EC-51618BEDCF04}" = Catalyst Control Center InstallProxy
"{6DD76706-759A-1D77-9D1B-39FFFEC203BE}" = CCC Help Hungarian
"{6DF3C5B5-AEA5-198E-289C-CAADC4A17C04}" = CCC Help Dutch
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6F9B3984-08EB-19EE-5E93-E79FD0854596}" = CCC Help Czech
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{82DA3D5E-0041-D8F7-6ACD-53A06C863FD4}" = CCC Help Swedish
"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8E63AD00-6BEB-9E98-739E-C8EE42CF0419}" = CCC Help Norwegian
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9584BE1B-2FBE-4F45-13EA-6567F3E2D9A2}" = CCC Help Chinese Traditional
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{993609E5-B0A7-0270-BA78-385016D5A4FA}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C50B767-48BA-A567-0CFE-31620AE8FC97}" = CCC Help German
"{9CCE40CE-A9E6-4916-8729-B008558EEF3F}" = Microsoft Report Viewer 2012 Runtime
"{9E94C6F8-2B4E-D900-E73C-E7BCC7653188}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6946BAC-2169-42CC-8E6D-F6FE2EEDB20F}" = HP Documentation
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BEFD4139-C684-DBF8-33F2-7963161E2F10}" = CCC Help Russian
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}" = AMD System Monitor
"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CFBC3C9F-C781-4A0A-4AC9-BEBDE9850C16}" = CCC Help Turkish
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D17BE572-CBFB-2AA4-759B-E21F04093001}" = CCC Help Thai
"{D3C44AE6-7A77-6CB3-0708-C970C53E8136}" = Catalyst Control Center Localization All
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}" = Microsoft SQL Server 2012 Policies
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9E87CFE-894C-8FFB-31C2-61C6B640F2B2}" = CCC Help Finnish
"{E9F63F5F-00EF-516C-C7F6-ABD3DC174B5E}" = CCC Help Polish
"{EA3960CB-883C-5B18-FA85-7C36C320E4BC}" = Catalyst Control Center Graphics Previews Common
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED62231A-B71D-C39A-7CE0-B2C8388A67C2}" = CCC Help French
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8478020-D98E-49FB-BA14-07A534AED99C}" = LibreOffice 4.1.0.4
"{FBC9A8BD-C74D-86B3-7818-D584C9174F48}" = CCC Help Portuguese
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AutoHotkey" = AutoHotkey 1.1.07.03
"EaseUS Partition Master_is1" = EaseUS Partition Master 9.2.2
"EasyBCD" = EasyBCD 2.1.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0 (x86 en-US)" = Mozilla Firefox 23.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Opera 17.0.1241.53" = Opera Stable 17.0.1241.53
"RarZilla Free Unrar" = RarZilla Free Unrar
"RMPrepUSB" = RMPrepUSB
"WildTangent hp Master Uninstall" = HP Games
"WinHotKey_is1" = WinHotKey 0.70
"WinPcapInst" = WinPcap 4.1.3
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2013 8:17:14 PM | Computer Name = HTPC-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2013 8:19:16 PM | Computer Name = HTPC-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2013 9:02:56 PM | Computer Name = HTPC-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2013 9:10:29 PM | Computer Name = HTPC-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2013 9:40:14 PM | Computer Name = HTPC-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2013 10:14:46 PM | Computer Name = HTPC-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2013 11:09:57 PM | Computer Name = HTPC-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/11/2013 9:19:36 AM | Computer Name = HTPC-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/11/2013 10:44:23 AM | Computer Name = HTPC-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/12/2013 10:47:27 AM | Computer Name = HTPC-HP | Source = .NET Runtime Optimization Service | ID = 1101
Description =

[ HP Software Framework Events ]
Error - 3/19/2013 7:05:14 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/19 19:05:14.892|000012A4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/20/2013 6:54:35 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/20 18:54:35.569|000015E4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/21/2013 8:15:31 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/21 20:15:31.621|00000BC8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/21/2013 8:28:32 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/21 20:28:32.712|000015B4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/22/2013 6:51:01 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/22 18:51:01.700|00001090|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/24/2013 4:43:02 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/24 16:43:02.061|000016C8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/25/2013 8:43:25 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/25 20:43:25.578|00000BB4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/26/2013 7:15:23 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/26 19:15:23.951|00000294|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/27/2013 7:01:13 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/27 19:01:13.428|0000164C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 3/29/2013 8:23:17 PM | Computer Name = HTPC-HP | Source = CaslWmi | ID = 5
Description = 2013/03/29 20:23:17.392|0000160C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ Media Center Events ]
Error - 11/7/2013 12:31:46 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 11:31:45 AM - Failed to retrieve SMTiles.cab (Error: HTTP status 404:
The requested URL does not exist on the server. )

Error - 11/8/2013 8:56:41 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 7:56:41 PM - Failed to retrieve dSM.cab (Error: HTTP status 404: The
requested URL does not exist on the server. )

Error - 11/8/2013 8:56:44 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 7:56:44 PM - Failed to retrieve Logos.cab (Error: HTTP status 404:
The requested URL does not exist on the server. )

Error - 11/8/2013 8:56:47 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 7:56:47 PM - Failed to retrieve SMTiles.cab (Error: HTTP status 404:
The requested URL does not exist on the server. )

Error - 11/9/2013 8:19:52 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 7:19:51 PM - Failed to retrieve dSM.cab (Error: HTTP status 404: The
requested URL does not exist on the server. )

Error - 11/9/2013 8:19:55 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 7:19:54 PM - Failed to retrieve Logos.cab (Error: HTTP status 404:
The requested URL does not exist on the server. )

Error - 11/9/2013 8:19:58 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 7:19:58 PM - Failed to retrieve SMTiles.cab (Error: HTTP status 404:
The requested URL does not exist on the server. )

Error - 11/11/2013 7:33:26 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 6:33:26 PM - Failed to retrieve dSM.cab (Error: HTTP status 404: The
requested URL does not exist on the server. )

Error - 11/11/2013 7:33:29 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 6:33:29 PM - Failed to retrieve Logos.cab (Error: HTTP status 404:
The requested URL does not exist on the server. )

Error - 11/11/2013 7:33:32 PM | Computer Name = HTPC-HP | Source = MCUpdate | ID = 0
Description = 6:33:32 PM - Failed to retrieve SMTiles.cab (Error: HTTP status 404:
The requested URL does not exist on the server. )

[ Spybot - Search and Destroy Events ]
Error - 11/11/2013 5:29:14 PM | Computer Name = HTPC-HP | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 11/11/2013 1:31:02 PM | Computer Name = HTPC-HP | Source = Service Control Manager | ID = 7034
Description = The HP Software Framework Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/11/2013 1:31:31 PM | Computer Name = HTPC-HP | Source = DCOM | ID = 10010
Description =

Error - 11/11/2013 1:41:17 PM | Computer Name = HTPC-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
Version:      Previous Signature Version: 1.161.1819.0     Update Source: %%859     Update Stage:
%%853     Source Path: Signature Type: %%800     Update Type: %%803

   User:
NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10003.0

   Error
code: 0x8024001e     Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 11/11/2013 1:41:17 PM | Computer Name = HTPC-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
Version:      Previous Signature Version: 1.161.1819.0     Update Source: %%859     Update Stage:
%%853     Source Path: Signature Type: %%800     Update Type: %%803

   User:
NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10003.0

   Error
code: 0x8024001e     Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 11/12/2013 9:33:02 AM | Computer Name = HTPC-HP | Source = Service Control Manager | ID = 7043
Description = The Group Policy Client service did not shut down properly after receiving
a preshutdown control.

Error - 11/12/2013 9:33:35 AM | Computer Name = HTPC-HP | Source = Service Control Manager | ID = 7043
Description = The AMD FUEL Service service did not shut down properly after receiving
a preshutdown control.

Error - 11/12/2013 10:23:15 AM | Computer Name = HTPC-HP | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.

Error - 11/12/2013 10:54:24 AM | Computer Name = HTPC-HP | Source = DCOM | ID = 10010
Description =

Error - 11/12/2013 7:49:22 PM | Computer Name = HTPC-HP | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.

Error - 11/12/2013 8:06:06 PM | Computer Name = HTPC-HP | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.

< End of report >

Edited by FarReaching, 13 November 2013 - 08:52 AM.

Advertisements

Register to Remove

#2 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 13 November 2013 - 08:59 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

Run FRST.
Don´t change one of the checkboxes and hit Scan.
Logfiles are created on your desktop.
Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
Leave everything else as it is.
Close all other running programs as well as your Browser.
Click the Scan button & wait for it to finish.
Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.
Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Proud Member of UNITE & TB

#3 FarReaching

New Member

Authentic Member
11 posts

Posted 13 November 2013 - 09:38 AM

Here are the scans from FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013
Ran by HTPC (administrator) on HTPC-HP on 13-11-2013 10:10:28
Running from C:\Users\HTPC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PDFree\PDAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(OldTimer Tools) C:\Users\HTPC\Desktop\OTL.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Trend Micro Inc.) C:\Users\HTPC\Desktop\HiJackThis.exe
(Trend Micro Inc.) C:\Users\HTPC\Downloads\HiJackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-05] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [WinHotKey] - C:\Program Files (x86)\WinHotKey\WinHotKey.exe [480768 2004-11-11] ()
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
AppInit_DLLs:   [ ] ()
BootExecute: PDBoot.exeautocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yah...psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {EB8E38B3-D8B7-4D05-8984-4320EE74B99D} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {C2E6A9C7-5AD2-4C0D-A4B5-E5C210F1F636} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yah...psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {EB8E38B3-D8B7-4D05-8984-4320EE74B99D} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKCU - DefaultScope {C2E6A9C7-5AD2-4C0D-A4B5-E5C210F1F636} URL = http://search.condui...9842190925&UM=2
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yah...psg&type=HPNTDF
SearchScopes: HKCU - {C2E6A9C7-5AD2-4C0D-A4B5-E5C210F1F636} URL = http://search.condui...9842190925&UM=2
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {EB8E38B3-D8B7-4D05-8984-4320EE74B99D} URL = http://www.amazon.ca...s={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FVD Speed Dial with Full Online Sync - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\pavel.sherbakov@gmail.com
FF Extension: FEBE - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF Extension: autofillForms - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\autofillForms@blueimp.net.xpi
FF Extension: BigButtons - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\BigButtons@kensaunders.xpi
FF Extension: firefox - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\firefox@ghostery.com.xpi
FF Extension: jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
FF Extension: nosquint - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\nosquint@urandom.ca.xpi
FF Extension: savedpasswordeditor - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\savedpasswordeditor@daniel.dawson.xpi
FF Extension: vdpure - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\vdpure@link64.xpi
FF Extension: defaults - C:\Users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\st75brg1.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PDAgent; C:\Program Files\Raxco\PDFree\PDAgent.exe [1882376 2012-03-28] (Raxco Software, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\windows\SysWow64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\windows\SysWow64\EuGdiDrv.sys [9160 2013-03-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-13 10:10 - 2013-11-13 10:10 - 00016711 _____ C:\Users\HTPC\Desktop\FRST.txt
2013-11-13 10:10 - 2013-11-13 10:10 - 00000000 ____D C:\FRST
2013-11-13 10:09 - 2013-11-13 10:09 - 01957610 _____ (Farbar) C:\Users\HTPC\Desktop\FRST64.exe
2013-11-13 10:05 - 2013-11-13 10:06 - 00012112 _____ C:\Users\HTPC\Desktop\hijackthis.log
2013-11-13 09:56 - 2013-11-13 09:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\HTPC\Desktop\HiJackThis.exe
2013-11-13 09:33 - 2013-11-13 09:33 - 00207192 _____ C:\Users\HTPC\Desktop\OTL.Txt
2013-11-13 09:18 - 2013-11-13 09:18 - 00602112 _____ (OldTimer Tools) C:\Users\HTPC\Desktop\OTL.exe
2013-11-12 21:30 - 2013-11-12 21:30 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-11-12 21:04 - 2013-11-12 21:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-12 21:03 - 2013-11-12 21:03 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HTPC-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-11-12 21:02 - 2013-11-12 21:02 - 00000000 ____D C:\RegBackup
2013-11-12 20:35 - 2013-11-12 20:35 - 00002159 _____ C:\Users\HTPC\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\HTPC\Documents\ProcAlyzer Dumps
2013-11-12 20:27 - 2013-11-12 20:27 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-11-12 20:26 - 2013-11-12 20:27 - 04976148 _____ C:\Users\HTPC\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-11-12 20:12 - 2013-11-13 10:05 - 00012112 _____ C:\Users\HTPC\Downloads\hijackthis.log
2013-11-12 20:12 - 2013-11-12 20:12 - 00003120 _____ C:\Windows\System32\Tasks\{3E1CB50B-4E53-470D-8BA8-0B05FCBCD77E}
2013-11-12 19:47 - 2013-11-13 09:05 - 00000000 ____D C:\Users\HTPC\Downloads\OTL
2013-11-12 19:43 - 2013-11-12 19:45 - 00000000 ____D C:\Users\HTPC\Downloads\Scans 2013 11
2013-11-12 19:14 - 2013-11-12 19:14 - 00625664 _____ C:\Users\HTPC\Downloads\dds.scr
2013-11-12 19:13 - 2013-11-12 19:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\HTPC\Downloads\HiJackThis.exe
2013-11-12 19:11 - 2013-11-12 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 12:21 - 2013-11-12 12:21 - 00000604 _____ C:\Users\HTPC\Desktop\regedit 2013 11.reg
2013-11-12 10:05 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-12 10:02 - 2013-11-12 10:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 10:02 - 2013-11-12 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 10:02 - 2013-11-12 10:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 10:02 - 2013-11-12 10:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 10:02 - 2013-11-12 10:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 10:02 - 2013-11-12 10:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 10:02 - 2013-11-12 10:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 10:02 - 2013-11-12 10:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 10:02 - 2013-11-12 10:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 10:02 - 2013-11-12 10:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 10:02 - 2013-11-12 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 10:00 - 2013-11-12 10:05 - 00007469 _____ C:\Windows\IE11_main.log
2013-11-12 09:58 - 2013-11-12 09:58 - 00000000 ____D C:\ProgramData\ATI
2013-11-12 09:58 - 2013-11-12 09:58 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-11-12 09:57 - 2013-11-12 09:57 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201311120957142472.log
2013-11-12 09:57 - 2013-11-12 09:57 - 00000000 ____D C:\Program Files\AMD
2013-11-12 09:40 - 2013-11-12 09:50 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-12 09:33 - 2013-11-12 09:37 - 207468968 _____ (Advanced Micro Devices, Inc.) C:\Users\HTPC\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2013-11-12 09:29 - 2013-11-12 09:29 - 00791552 _____ (AMD) C:\Users\HTPC\Downloads\amddriverdownloader (1).exe
2013-11-11 15:15 - 2013-11-11 15:15 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-11-11 15:15 - 2013-11-11 15:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-11-11 15:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-11-11 15:14 - 2013-11-12 20:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-11 15:14 - 2013-11-11 15:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-11 15:10 - 2013-11-11 15:11 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\HTPC\Downloads\spybot-2.2.exe
2013-11-11 14:45 - 2013-11-11 14:45 - 00000000 ____D C:\Users\HTPC\Downloads\Trailers
2013-11-11 10:49 - 2013-11-11 10:49 - 00671232 _____ C:\Users\HTPC\Downloads\MicrosoftFixit50688.msi
2013-11-11 09:15 - 2013-11-11 09:15 - 00791552 _____ (AMD) C:\Users\HTPC\Downloads\amddriverdownloader.exe
2013-11-10 21:44 - 2013-11-10 21:44 - 00070644 _____ C:\Users\HTPC\Downloads\repository.superrepo.org.frodo.repositoriesincladult-0.3.1.zip
2013-11-10 21:27 - 2013-11-13 09:04 - 00000000 ____D C:\Users\HTPC\AppData\Roaming\XBMC
2013-11-10 21:26 - 2013-11-10 21:26 - 00000000 ____D C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
2013-11-10 21:25 - 2013-11-10 21:26 - 00000000 ____D C:\Program Files (x86)\XBMC
2013-11-10 20:51 - 2013-11-10 20:51 - 00064971 _____ C:\Users\HTPC\Downloads\script.module.elementtree-1.2.8.zip
2013-11-10 13:57 - 2013-11-10 13:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\HTPC\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-11-10 12:28 - 2013-11-10 12:28 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 12:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-10 12:21 - 2013-11-10 12:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\HTPC\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-10 09:33 - 2013-11-10 10:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-10 09:32 - 2013-11-10 15:11 - 00000000 ____D C:\Users\HTPC\Desktop\mbar
2013-11-10 09:29 - 2013-11-10 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-10 09:29 - 2013-11-10 09:29 - 00000000 ____D C:\Users\HTPC\AppData\Roaming\Malwarebytes
2013-11-10 09:29 - 2013-11-10 09:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 13:38 - 2013-11-07 13:38 - 00001035 _____ C:\Users\HTPC\Desktop\RMPrepUSB.lnk
2013-11-07 13:38 - 2013-11-07 13:38 - 00000000 ____D C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB
2013-11-07 13:38 - 2013-11-07 13:38 - 00000000 ____D C:\Program Files (x86)\RMPrepUSB
2013-11-07 13:30 - 2013-11-07 13:30 - 07391478 _____ C:\Users\HTPC\Downloads\Install_RMPrepUSB_Full_v2.1.714b (1).zip
2013-11-07 13:13 - 2013-11-07 13:14 - 07391478 _____ C:\Users\HTPC\Downloads\Install_RMPrepUSB_Full_v2.1.714b.zip
2013-10-28 17:11 - 2013-10-28 17:13 - 00000000 ____D C:\Users\HTPC\Documents\XBMC Backups
2013-10-18 20:14 - 2013-10-18 20:14 - 00711531 _____ C:\Users\HTPC\Downloads\Opera Glasses.zip
2013-10-18 09:30 - 2013-11-12 20:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-18 09:30 - 2013-10-18 09:30 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-18 09:27 - 2013-10-18 09:27 - 00000000 ____D C:\Users\HTPC\Documents\Mobogenie
2013-10-18 09:27 - 2013-10-18 09:27 - 00000000 ____D C:\Users\HTPC\AppData\Local\Mobogenie
2013-10-18 09:27 - 2013-10-18 09:27 - 00000000 ____D C:\Users\HTPC\AppData\Local\cache
2013-10-18 09:27 - 2013-10-18 09:27 - 00000000 _____ C:\Users\HTPC\daemonprocess.txt
2013-10-18 09:24 - 2013-10-18 09:25 - 22404568 _____ (Mozilla) C:\Users\HTPC\Downloads\Firefox_Setup.exe
2013-10-18 09:24 - 2013-10-18 09:24 - 00680344 _____ C:\Users\HTPC\Downloads\Firefox_Setup (1).exe
2013-10-17 19:38 - 2013-11-07 13:32 - 07408975 _____ C:\Users\HTPC\Desktop\Install_RMPrepUSB_Full.exe
2013-10-17 19:23 - 2013-10-17 19:23 - 00036627 _____ C:\Users\HTPC\Downloads\plugin.video.mms-3.2.0.zip
2013-10-17 19:22 - 2013-10-17 19:22 - 01914151 _____ C:\Users\HTPC\Downloads\XWMM-210.zip
2013-10-16 21:05 - 2013-10-16 21:05 - 00108653 _____ C:\Users\HTPC\Downloads\Austin City Limits - R.E.M. (2008).tbn
2013-10-15 10:32 - 2013-10-26 20:55 - 00000000 ____D C:\Users\HTPC\Desktop\Media Companion 3.581b
2013-10-15 10:29 - 2013-10-15 10:30 - 11346161 _____ (Igor Pavlov) C:\Users\HTPC\Downloads\Media Companion 3.581b.exe
2013-10-14 18:54 - 2013-10-14 18:56 - 51965718 _____ C:\Users\HTPC\Downloads\xbmc-12.2.exe

==================== One Month Modified Files and Folders =======

2013-11-13 10:10 - 2013-11-13 10:10 - 00016711 _____ C:\Users\HTPC\Desktop\FRST.txt
2013-11-13 10:10 - 2013-11-13 10:10 - 00000000 ____D C:\FRST
2013-11-13 10:09 - 2013-11-13 10:09 - 01957610 _____ (Farbar) C:\Users\HTPC\Desktop\FRST64.exe
2013-11-13 10:06 - 2013-11-13 10:05 - 00012112 _____ C:\Users\HTPC\Desktop\hijackthis.log
2013-11-13 10:05 - 2013-11-12 20:12 - 00012112 _____ C:\Users\HTPC\Downloads\hijackthis.log
2013-11-13 09:56 - 2013-11-13 09:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\HTPC\Desktop\HiJackThis.exe
2013-11-13 09:40 - 2012-06-21 08:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 09:33 - 2013-11-13 09:33 - 00207192 _____ C:\Users\HTPC\Desktop\OTL.Txt
2013-11-13 09:31 - 2012-06-20 19:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 09:21 - 2011-10-29 17:05 - 01197594 _____ C:\Windows\WindowsUpdate.log
2013-11-13 09:18 - 2013-11-13 09:18 - 00602112 _____ (OldTimer Tools) C:\Users\HTPC\Desktop\OTL.exe
2013-11-13 09:07 - 2009-07-13 23:45 - 00032064 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-13 09:07 - 2009-07-13 23:45 - 00032064 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-13 09:06 - 2009-07-14 00:13 - 00905954 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 09:05 - 2013-11-12 19:47 - 00000000 ____D C:\Users\HTPC\Downloads\OTL
2013-11-13 09:04 - 2013-11-10 21:27 - 00000000 ____D C:\Users\HTPC\AppData\Roaming\XBMC
2013-11-13 09:02 - 2013-07-14 15:43 - 00068523 _____ C:\Windows\setupact.log
2013-11-13 09:02 - 2012-06-21 08:54 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 09:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 22:15 - 2012-06-20 15:09 - 00070352 _____ C:\Users\HTPC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-12 22:14 - 2009-07-13 23:45 - 00324544 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-12 22:13 - 2013-07-15 18:48 - 00352338 _____ C:\Windows\PFRO.log
2013-11-12 21:32 - 2013-11-12 21:04 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-12 21:30 - 2013-11-12 21:30 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-11-12 21:27 - 2009-07-13 21:34 - 00000439 _____ C:\Windows\win.ini
2013-11-12 21:22 - 2012-08-10 08:06 - 00000000 ____D C:\Users\HTPC\AppData\Local\CrashDumps
2013-11-12 21:13 - 2012-06-20 15:10 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FE5A9A25-4661-482A-8855-CD72A7B8973F}
2013-11-12 21:03 - 2013-11-12 21:03 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HTPC-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-11-12 21:02 - 2013-11-12 21:02 - 00000000 ____D C:\RegBackup
2013-11-12 20:44 - 2013-10-18 09:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 20:35 - 2013-11-12 20:35 - 00002159 _____ C:\Users\HTPC\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-11-12 20:30 - 2013-11-12 20:30 - 00000000 ____D C:\Users\HTPC\Documents\ProcAlyzer Dumps
2013-11-12 20:30 - 2013-11-11 15:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-12 20:27 - 2013-11-12 20:27 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-11-12 20:27 - 2013-11-12 20:26 - 04976148 _____ C:\Users\HTPC\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-11-12 20:12 - 2013-11-12 20:12 - 00003120 _____ C:\Windows\System32\Tasks\{3E1CB50B-4E53-470D-8BA8-0B05FCBCD77E}
2013-11-12 20:10 - 2012-06-20 15:02 - 00000000 ____D C:\Users\HTPC\AppData\Local\VirtualStore
2013-11-12 19:45 - 2013-11-12 19:43 - 00000000 ____D C:\Users\HTPC\Downloads\Scans 2013 11
2013-11-12 19:14 - 2013-11-12 19:14 - 00625664 _____ C:\Users\HTPC\Downloads\dds.scr
2013-11-12 19:13 - 2013-11-12 19:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\HTPC\Downloads\HiJackThis.exe
2013-11-12 19:12 - 2013-11-12 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 14:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-12 12:21 - 2013-11-12 12:21 - 00000604 _____ C:\Users\HTPC\Desktop\regedit 2013 11.reg
2013-11-12 11:12 - 2012-06-20 15:10 - 00001413 _____ C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 11:11 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther
2013-11-12 11:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 10:05 - 2013-11-12 10:00 - 00007469 _____ C:\Windows\IE11_main.log
2013-11-12 10:02 - 2013-11-12 10:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 10:02 - 2013-11-12 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 10:02 - 2013-11-12 10:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 10:02 - 2013-11-12 10:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 10:02 - 2013-11-12 10:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 10:02 - 2013-11-12 10:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 10:02 - 2013-11-12 10:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 10:02 - 2013-11-12 10:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 10:02 - 2013-11-12 10:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 10:02 - 2013-11-12 10:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 10:02 - 2013-11-12 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 10:02 - 2013-11-12 10:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 10:02 - 2013-11-12 10:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 09:58 - 2013-11-12 09:58 - 00000000 ____D C:\ProgramData\ATI
2013-11-12 09:58 - 2013-11-12 09:58 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-11-12 09:58 - 2011-10-29 17:08 - 00000000 ____D C:\ProgramData\AMD
2013-11-12 09:57 - 2013-11-12 09:57 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201311120957142472.log
2013-11-12 09:57 - 2013-11-12 09:57 - 00000000 ____D C:\Program Files\AMD
2013-11-12 09:57 - 2011-10-29 17:24 - 00000000 ____D C:\Program Files (x86)\AMD
2013-11-12 09:56 - 2013-03-04 21:47 - 00000000 ____D C:\Program Files\ATI Technologies
2013-11-12 09:50 - 2013-11-12 09:40 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-12 09:45 - 2011-10-29 17:16 - 00890264 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-12 09:37 - 2013-11-12 09:33 - 207468968 _____ (Advanced Micro Devices, Inc.) C:\Users\HTPC\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2013-11-12 09:29 - 2013-11-12 09:29 - 00791552 _____ (AMD) C:\Users\HTPC\Downloads\amddriverdownloader (1).exe
2013-11-11 15:18 - 2013-11-11 15:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-11 15:15 - 2013-11-11 15:15 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-11-11 15:15 - 2013-11-11 15:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-11-11 15:11 - 2013-11-11 15:10 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\HTPC\Downloads\spybot-2.2.exe
2013-11-11 14:45 - 2013-11-11 14:45 - 00000000 ____D C:\Users\HTPC\Downloads\Trailers
2013-11-11 10:49 - 2013-11-11 10:49 - 00671232 _____ C:\Users\HTPC\Downloads\MicrosoftFixit50688.msi
2013-11-11 10:40 - 2013-08-23 17:32 - 00070352 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-11-11 10:09 - 2013-07-20 13:42 - 00000000 ____D C:\Program Files (x86)\URLSnooper2
2013-11-11 10:09 - 2012-06-24 20:04 - 00000000 ____D C:\Program Files (x86)\Speedfan
2013-11-11 09:15 - 2013-11-11 09:15 - 00791552 _____ (AMD) C:\Users\HTPC\Downloads\amddriverdownloader.exe
2013-11-10 21:44 - 2013-11-10 21:44 - 00070644 _____ C:\Users\HTPC\Downloads\repository.superrepo.org.frodo.repositoriesincladult-0.3.1.zip
2013-11-10 21:26 - 2013-11-10 21:26 - 00000000 ____D C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
2013-11-10 21:26 - 2013-11-10 21:25 - 00000000 ____D C:\Program Files (x86)\XBMC
2013-11-10 20:51 - 2013-11-10 20:51 - 00064971 _____ C:\Users\HTPC\Downloads\script.module.elementtree-1.2.8.zip
2013-11-10 15:15 - 2012-06-21 10:11 - 00000000 ____D C:\Program Files\MyDefrag v4.3.1
2013-11-10 15:12 - 2013-02-27 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-11-10 15:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-10 15:11 - 2013-11-10 09:32 - 00000000 ____D C:\Users\HTPC\Desktop\mbar
2013-11-10 15:11 - 2012-06-20 17:17 - 00000000 ____D C:\Users\HTPC\AppData\Local\Mozilla
2013-11-10 15:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-11-10 13:58 - 2013-11-10 13:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\HTPC\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-11-10 12:28 - 2013-11-10 12:28 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-10 12:28 - 2013-11-10 09:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-10 12:21 - 2013-11-10 12:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\HTPC\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-10 12:14 - 2012-09-05 19:05 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2013-11-10 12:14 - 2012-06-20 15:02 - 00000000 ____D C:\Users\HTPC
2013-11-10 10:14 - 2013-11-10 09:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-10 09:29 - 2013-11-10 09:29 - 00000000 ____D C:\Users\HTPC\AppData\Roaming\Malwarebytes
2013-11-10 09:29 - 2013-11-10 09:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-07 13:38 - 2013-11-07 13:38 - 00001035 _____ C:\Users\HTPC\Desktop\RMPrepUSB.lnk
2013-11-07 13:38 - 2013-11-07 13:38 - 00000000 ____D C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB
2013-11-07 13:38 - 2013-11-07 13:38 - 00000000 ____D C:\Program Files (x86)\RMPrepUSB
2013-11-07 13:32 - 2013-10-17 19:38 - 07408975 _____ C:\Users\HTPC\Desktop\Install_RMPrepUSB_Full.exe
2013-11-07 13:30 - 2013-11-07 13:30 - 07391478 _____ C:\Users\HTPC\Downloads\Install_RMPrepUSB_Full_v2.1.714b (1).zip
2013-11-07 13:14 - 2013-11-07 13:13 - 07391478 _____ C:\Users\HTPC\Downloads\Install_RMPrepUSB_Full_v2.1.714b.zip
2013-11-07 11:26 - 2012-07-19 12:26 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-07 11:26 - 2012-06-21 10:39 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-28 17:13 - 2013-10-28 17:11 - 00000000 ____D C:\Users\HTPC\Documents\XBMC Backups
2013-10-26 20:55 - 2013-10-15 10:32 - 00000000 ____D C:\Users\HTPC\Desktop\Media Companion 3.581b
2013-10-23 14:38 - 2013-09-02 17:02 - 00000000 ____D C:\Program Files (x86)\Opera
2013-10-18 20:14 - 2013-10-18 20:14 - 00711531 _____ C:\Users\HTPC\Downloads\Opera Glasses.zip
2013-10-18 09:36 - 2012-06-20 17:17 - 00000000 ____D C:\Users\HTPC\AppData\Roaming\Mozilla
2013-10-18 09:33 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2013-10-18 09:30 - 2013-10-18 09:30 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-18 09:27 - 2013-10-18 09:27 - 00000000 ____D C:\Users\HTPC\Documents\Mobogenie
2013-10-18 09:27 - 2013-10-18 09:27 - 00000000 ____D C:\Users\HTPC\AppData\Local\Mobogenie
2013-10-18 09:27 - 2013-10-18 09:27 - 00000000 ____D C:\Users\HTPC\AppData\Local\cache
2013-10-18 09:27 - 2013-10-18 09:27 - 00000000 _____ C:\Users\HTPC\daemonprocess.txt
2013-10-18 09:25 - 2013-10-18 09:24 - 22404568 _____ (Mozilla) C:\Users\HTPC\Downloads\Firefox_Setup.exe
2013-10-18 09:24 - 2013-10-18 09:24 - 00680344 _____ C:\Users\HTPC\Downloads\Firefox_Setup (1).exe
2013-10-17 19:23 - 2013-10-17 19:23 - 00036627 _____ C:\Users\HTPC\Downloads\plugin.video.mms-3.2.0.zip
2013-10-17 19:22 - 2013-10-17 19:22 - 01914151 _____ C:\Users\HTPC\Downloads\XWMM-210.zip
2013-10-16 21:05 - 2013-10-16 21:05 - 00108653 _____ C:\Users\HTPC\Downloads\Austin City Limits - R.E.M. (2008).tbn
2013-10-15 10:30 - 2013-10-15 10:29 - 11346161 _____ (Igor Pavlov) C:\Users\HTPC\Downloads\Media Companion 3.581b.exe
2013-10-15 09:35 - 2012-06-21 08:54 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 09:35 - 2012-06-21 08:54 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-14 18:56 - 2013-10-14 18:54 - 51965718 _____ C:\Users\HTPC\Downloads\xbmc-12.2.exe
2013-10-14 18:00 - 2013-11-12 10:05 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-10 17:35

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2013
Ran by HTPC at 2013-11-13 10:11:04
Running from C:\Users\HTPC\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.1008.932.15229)
AMD Media Foundation Decoders (Version: 1.0.81008.0920)
AMD Steady Video Plug-In (Version: 2.06.0000)
AMD System Monitor (x32 Version: 1.0.5)
AuthenTec TrueAPI (Version: 1.2.1.33)
AutoHotkey 1.1.07.03 (x32 Version: 1.1.07.03)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.95)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229)
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229)
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229)
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229)
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229)
CCC Help Czech (x32 Version: 2013.1008.0931.15229)
CCC Help Danish (x32 Version: 2013.1008.0931.15229)
CCC Help Dutch (x32 Version: 2013.1008.0931.15229)
CCC Help English (x32 Version: 2013.1008.0931.15229)
CCC Help Finnish (x32 Version: 2013.1008.0931.15229)
CCC Help French (x32 Version: 2013.1008.0931.15229)
CCC Help German (x32 Version: 2013.1008.0931.15229)
CCC Help Greek (x32 Version: 2013.1008.0931.15229)
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229)
CCC Help Italian (x32 Version: 2013.1008.0931.15229)
CCC Help Japanese (x32 Version: 2013.1008.0931.15229)
CCC Help Korean (x32 Version: 2013.1008.0931.15229)
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229)
CCC Help Polish (x32 Version: 2013.1008.0931.15229)
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229)
CCC Help Russian (x32 Version: 2013.1008.0931.15229)
CCC Help Spanish (x32 Version: 2013.1008.0931.15229)
CCC Help Swedish (x32 Version: 2013.1008.0931.15229)
CCC Help Thai (x32 Version: 2013.1008.0931.15229)
CCC Help Turkish (x32 Version: 2013.1008.0931.15229)
ccc-utility64 (Version: 2013.1008.932.15229)
CCleaner (Version: 4.03)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CyberLink YouCam (x32 Version: 3.5.1.3922)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
EaseUS Partition Master 9.2.2 (x32)
EasyBCD 2.1.2 (x32 Version: 2.1.2)
Energy Star Digital Logo (x32 Version: 1.0.1)
Eraser 6.0.10.2620 (Version: 6.0.2620)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Evernote v. 4.2.2 (x32 Version: 4.2.2.3979)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (Version: 11.1.3128.0)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.9.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (x32 Version: 4.1.22.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.2.0.0)
HP Games (x32 Version: 1.0.2.4)
HP MovieStore (x32 Version: 1.0.047)
HP MovieStore (x32 Version: 2.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.2.1)
HP Product Detection (x32 Version: 11.15.0004)
HP Quick Launch (x32 Version: 2.5.2)
HP Setup (x32 Version: 8.6.4530.3651)
HP Setup Manager (x32 Version: 1.1.13253.3682)
HP SimplePass 2011 (x32 Version: 5.1.0.495)
HP Software Framework (x32 Version: 4.1.13.1)
HP Support Assistant (x32 Version: 7.0.39.15)
IDT Audio (x32 Version: 1.0.6329.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
LibreOffice 4.1.0.4 (x32 Version: 4.1.0.4)
Logitech Harmony Remote Software (x32 Version: 1.0.110307)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Report Viewer 2012 Runtime (x32 Version: 11.0.2100.60)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.51.2500.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server 2012 (64-bit)
Microsoft SQL Server 2012 Native Client (Version: 11.1.3000.0)
Microsoft SQL Server 2012 Policies (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 RsFx Driver (Version: 11.1.3000.0)
Microsoft SQL Server 2012 Setup (English) (Version: 11.1.3128.0)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (Version: 11.1.3128.0)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (Version: 11.1.3000.0)
Microsoft SQL Server System CLR Types (x32 Version: 10.51.2500.0)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.1.3000.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (x32 Version: 10.0.40219)
Microsoft VSS Writer for SQL Server 2012 (Version: 11.1.3000.0)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyDefrag v4.3.1 (Version: 4.0.0.0)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Notepad++ (x32 Version: 6.2.3)
Opera Stable 17.0.1241.53 (x32 Version: 17.0.1241.53)
Penguins! (x32 Version: 2.2.0.95)
PerfectDisk Free Defrag (Version: 1.0.0)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.02.02.0)
RarZilla Free Unrar (x32 Version: 4.80)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.80)
Recovery Manager (x32 Version: 2.0.0)
Remote Control USB Driver (x32 Version: 2.3.2.317)
RMPrepUSB (x32)
ScreenShot V1.1.0.0 (x32 Version: 1.1.0)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (Version: 11.1.3000.0)
Slingo Supreme (x32 Version: 2.2.0.95)
Spybot - Search & Destroy (x32 Version: 2.2.25)
SQL Server 2012 Client Tools (Version: 11.1.3000.0)
SQL Server 2012 Common Files (Version: 11.1.3000.0)
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0)
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0)
SQL Server 2012 Management Studio (Version: 11.1.3000.0)
SQL Server Browser for SQL Server 2012 (x32 Version: 11.1.3000.0)
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0)
SqueezePlay 7.6.2 (x32)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.29.0)
Tweaking.com - Windows Repair (All in One) (x32 Version: 2.0.1)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
WinHotKey 0.70 (x32)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
XBMC (HKCU)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points =========================

28-10-2013 20:34:34 Windows Update
01-11-2013 15:55:08 Windows Update
05-11-2013 16:15:41 Windows Update
08-11-2013 19:14:22 Windows Update
10-11-2013 00:24:07 Windows Update
10-11-2013 17:24:52 Windows Update
11-11-2013 00:21:56 Installed DirectX
11-11-2013 02:27:00 Installed DirectX
11-11-2013 15:13:05 Removed Macrium Reflect Free Edition
11-11-2013 15:16:41 Removed Blio.
11-11-2013 15:49:36 Installed Microsoft Fix it 50688
12-11-2013 14:40:42 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
12-11-2013 14:50:24 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
12-11-2013 15:00:09 Windows Update
13-11-2013 00:32:47 OTL Restore Point - 11/12/2013 7:32:41 PM
13-11-2013 00:50:03 OTL Restore Point - 11/12/2013 7:50:02 PM
13-11-2013 02:02:03 Tweaking.com - Windows Repair
13-11-2013 14:22:43 OTL Restore Point - 11/13/2013 9:22:38 AM

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-11-12 21:27 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {07D27D8E-B8B8-45DC-8F45-1BC11B488000} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21] (Google Inc.)
Task: {0BFA00E0-C2E9-4625-8723-9222CEB87938} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {0FF4D6CE-E06E-462F-AD46-1631FDBD7427} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {2DB7FF13-649C-4097-A617-0153508B5FB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {492826FB-C659-4B96-B4F5-4FCC2D160C4B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {58CCC557-4389-40B3-8C8A-2AFA71F5B386} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21] (Google Inc.)
Task: {7F31624E-7325-4A20-B2E4-782752AFC6B4} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A749F1D8-14AB-4022-AB90-8A0BC2AE1491} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {BB2E1E6A-2597-43B2-B272-580F9BD7CA43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {D59E56C4-2D6A-42DF-A988-4104FB760EF1} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {DE7E0027-0FA6-40EA-B430-F7959A389B91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {FC1B4EBD-DAEB-44C1-8BEE-ABFA25247A3E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {FE0CE7AE-1515-4B18-9790-A95D55B0ED7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FE47BBF1-B119-45CA-8C07-D019C75D1840} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-11 15:14 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-11 15:14 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-11 15:14 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-11-11 15:14 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-11-11 15:14 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-11-12 19:11 - 2013-11-12 19:11 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-08 15:31 - 2013-10-08 15:31 - 16233864 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2013 09:24:04 PM) (Source: WinMgmt) (User: )
Description: 0x8004100aC:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\110\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (11/12/2013 09:22:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 2.5.2.0, time stamp: 0x4e1a9177
Faulting module name: HPMSGSVC.exe, version: 2.5.2.0, time stamp: 0x4e1a9177
Exception code: 0xc0000005
Fault offset: 0x0000368f
Faulting process id: 0xcbc
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3

Error: (11/12/2013 09:22:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPOSD.exe, version: 1.3.5.0, time stamp: 0x4e4e0737
Faulting module name: HPOSD.exe, version: 1.3.5.0, time stamp: 0x4e4e0737
Exception code: 0xc0000005
Fault offset: 0x00005ad0
Faulting process id: 0xf58
Faulting application start time: 0xHPOSD.exe0
Faulting application path: HPOSD.exe1
Faulting module path: HPOSD.exe2
Report Id: HPOSD.exe3

Error: (11/12/2013 08:36:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.

Operation:
   Instantiating VSS server

Error: (11/12/2013 08:36:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
   Instantiating VSS server

Error: (11/12/2013 09:47:27 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003

Error: (11/11/2013 09:44:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 08:19:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 10:09:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 09:14:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/13/2013 09:18:23 AM) (Source: Service Control Manager) (User: )
Description: The Server service hung on starting.

Error: (11/12/2013 10:17:04 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243

Error: (11/12/2013 10:14:55 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (11/12/2013 09:27:54 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/12/2013 07:06:06 PM) (Source: Service Control Manager) (User: )
Description: The Server service hung on starting.

Error: (11/12/2013 06:49:22 PM) (Source: Service Control Manager) (User: )
Description: The Server service hung on starting.

Error: (11/12/2013 09:54:24 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/12/2013 09:23:15 AM) (Source: Service Control Manager) (User: )
Description: The Server service hung on starting.

Error: (11/12/2013 08:33:35 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service did not shut down properly after receiving a preshutdown control.

Error: (11/12/2013 08:33:02 AM) (Source: Service Control Manager) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Microsoft Office Sessions:
=========================
Error: (11/12/2013 09:24:04 PM) (Source: WinMgmt)(User: )
Description: 0x8004100aC:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\110\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (11/12/2013 09:22:54 PM) (Source: Application Error)(User: )
Description: HPMSGSVC.exe2.5.2.04e1a9177HPMSGSVC.exe2.5.2.04e1a9177c00000050000368fcbc01cee011fbe1d83cC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe8029ea13-4c0a-11e3-ad73-101f7416b26f

Error: (11/12/2013 09:22:53 PM) (Source: Application Error)(User: )
Description: HPOSD.exe1.3.5.04e4e0737HPOSD.exe1.3.5.04e4e0737c000000500005ad0f5801cee011fbfc075fC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe7fd1ddb9-4c0a-11e3-ad73-101f7416b26f

Error: (11/12/2013 08:36:22 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
   Instantiating VSS server

Error: (11/12/2013 08:36:22 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Class not registered

Operation:
   Instantiating VSS server

Error: (11/12/2013 09:47:27 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (11/11/2013 09:44:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 08:19:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 10:09:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 09:14:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 5610.9 MB
Available physical RAM: 3557.78 MB
Total Pagefile: 11219.98 MB
Available Pagefile: 8672.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:683.51 GB) (Free:619.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.82 GB) (Free:1.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.08 GB) FAT32
Drive g: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=684 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=101 MB) - (Type=0C)

==================== End Of Log ============================

#4 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 13 November 2013 - 09:51 AM

then we need the gmer log as well

Proud Member of UNITE & TB

#5 FarReaching

New Member

Authentic Member
11 posts

Posted 13 November 2013 - 10:11 AM

ArK.txt output

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-13 11:11:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 Hitachi_ rev.JE4O 698.64GB
Running: itwc1woi.exe; Driver: C:\Users\HTPC\AppData\Local\Temp\kwldipog.sys

---- Threads - GMER 2.1 ----

Thread   [284:536]                                                                                    0000000076ddfbf0
Thread C:\Windows\system32\svchost.exe [1420:1468]                                                   000007fef918341c
Thread C:\Windows\system32\svchost.exe [1420:1484]                                                   000007fef9183a2c
Thread C:\Windows\system32\svchost.exe [1420:1488]                                                   000007fef9183768
Thread C:\Windows\system32\svchost.exe [1420:1492]                                                   000007fef9185c20
Thread C:\Windows\system32\svchost.exe [1420:2856]                                                   000007fef09ebd88
Thread C:\Windows\system32\svchost.exe [1420:2364]                                                   000007fef0c05124
Thread C:\Windows\system32\svchost.exe [1420:6052]                                                   000007fef9183900
Thread C:\Windows\system32\svchost.exe [1420:2516]                                                   000007fef8375240
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2912] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2916] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2920] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2924] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2928] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2932] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2936] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2940] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2944] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2948] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2952] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2956] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2960] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2964] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2968] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2980] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2984] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2988] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2992] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2996] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3000] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3004] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3008] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3012] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3016] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3020] 000007fef02f2060
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3024] 000007feefb6d954
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3028] 000007feefb8e350
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3032] 000007feefb8e350
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3036] 000007feefb8e350
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3040] 000007feefb8e350
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3044] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3048] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2392] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2504] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2460] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2472] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2496] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:2484] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3984] 000007fef33f3de0
Thread C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2352:3988] 000007fef33f3de0

---- EOF - GMER 2.1 ----

Computer just gave me BSOD on shutdown. I am afraid I didn't get the error code but message was DRIVER_POWER_STATE_FAILURE

Edited by FarReaching, 13 November 2013 - 02:01 PM.

#6 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 14 November 2013 - 02:51 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

Click the "Windows Orb" Start button, then click Computer.
Right-click on the drive that you wish to check > Properties > Tools tab
In the "Error checking" section, click on Check now.
Place a checkmark in both boxes > Start.
If the disk you have chosen is the Windows system disk:
A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
Click Schedule disk check > OK and close all windows.
Re-start the computer. The disk will be checked when the system boots.
This will take some time to run and at times may appear stalled but just let it run.
When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
The Event Viewer window will open.
In the left pane, expand "Windows Logs" and then click on Application.
In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
Click on that Wininit entry to select it.
On the top main menu, click Action > Copy > Copy Details as Text.
Paste the contents into your next reply.

Proud Member of UNITE & TB

#7 FarReaching

New Member

Authentic Member
11 posts

Posted 14 November 2013 - 11:22 AM

Thank You for your help. I chose the C Drive which appears to have all my Windows and Program files. There is another partition call "System" but ithas no visible files and I think it may be something HP setup for restores maybe

Here is the log File details:

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          14/11/2013 12:03:06 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      HTPC-HP
Description:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
230144 file records processed.

File verification completed.
801 large file records processed.

0 bad file records processed.

0 EA records processed.

61 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
311046 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
230144 file SDs/SIDs processed.

Cleaning up 779 unused index entries from index $SII of file 0x9.
Cleaning up 779 unused index entries from index $SDH of file 0x9.
Cleaning up 779 unused security descriptors.
Security descriptor verification completed.
40452 data files processed.

CHKDSK is verifying Usn Journal...
35160624 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
230128 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
163290065 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

716711889 KB total disk space.
63102540 KB in 176953 files.
     95280 KB in 40453 indexes.
         0 KB in bad sectors.
    353809 KB in use by the system.
     65536 KB occupied by the log file.
653160260 KB available on disk.

      4096 bytes in each allocation unit.
179177972 total allocation units on disk.
163290065 allocation units available on disk.

Internal Info:
00 83 03 00 4a 51 03 00 15 a8 05 00 00 00 00 00 ....JQ..........
a5 01 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 ....=...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-11-14T17:03:06.000000000Z" />
    <EventRecordID>90293</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>HTPC-HP</Computer>
    <Security />
</System>
<EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
230144 file records processed.

File verification completed.
801 large file records processed.

0 bad file records processed.

0 EA records processed.

61 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
311046 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
230144 file SDs/SIDs processed.

Cleaning up 779 unused index entries from index $SII of file 0x9.
Cleaning up 779 unused index entries from index $SDH of file 0x9.
Cleaning up 779 unused security descriptors.
Security descriptor verification completed.
40452 data files processed.

CHKDSK is verifying Usn Journal...
35160624 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
230128 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
163290065 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

716711889 KB total disk space.
63102540 KB in 176953 files.
     95280 KB in 40453 indexes.
         0 KB in bad sectors.
    353809 KB in use by the system.
     65536 KB occupied by the log file.
653160260 KB available on disk.

      4096 bytes in each allocation unit.
179177972 total allocation units on disk.
163290065 allocation units available on disk.

Internal Info:
00 83 03 00 4a 51 03 00 15 a8 05 00 00 00 00 00 ....JQ..........
a5 01 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 ....=...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

#8 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 15 November 2013 - 03:10 AM

System File Check

For Windows XP:

Press the Windows- and the R-key simultanously.
Within the text box that jus opened, write cmd and hit Enter.

For Windows Vista/7:

Press the Windows key to open the start menu.
Don´t highlight anything, just write cmd.
The start menu will offer you an entry named cmd.
Right click it and select "run as administrator"

Within the opening window, write the following:

sfc /scannow

(See the blank within).

Hit enter. Your system will be checked for damaged system files.
Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB

#9 FarReaching

New Member

Authentic Member
11 posts

Posted 15 November 2013 - 10:04 AM

Microsoft Windows [Version 6.1.7601]

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>

Will we be running scans for viruses,trojans or malware? It concerns me that there may be some security problem with my system that has caused the black screen....Thanks

Edited by FarReaching, 15 November 2013 - 10:06 AM.

#10 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 18 November 2013 - 02:37 AM

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Proud Member of UNITE & TB

Advertisements

Register to Remove

#11 FarReaching

New Member

Authentic Member
11 posts

Posted 18 November 2013 - 10:46 AM

Here is the ComboFix log. It took about 45 minutes to run is tha an indication the PC was badly infected?

ComboFix 13-11-16.01 - HTPC 18/11/2013 10:56:04.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5611.3810 [GMT -5:00]

Running from: c:\users\HTPC\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\tmp

c:\windows\tmp\dd_vcredistMSI06A1.txt

c:\windows\tmp\dd_vcredistMSI258F.txt

c:\windows\tmp\dd_vcredistMSI590A.txt

c:\windows\tmp\dd_vcredistMSI5993.txt

c:\windows\tmp\dd_vcredistMSI7894.txt

c:\windows\tmp\dd_vcredistUI06A1.txt

c:\windows\tmp\dd_vcredistUI258F.txt

c:\windows\tmp\dd_vcredistUI590A.txt

c:\windows\tmp\dd_vcredistUI5993.txt

c:\windows\tmp\dd_vcredistUI7894.txt

c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile

((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 )))))))))))))))))))))))))))))))

2013-11-18 16:41 . 2013-11-18 16:41 -------- d-----w- c:\users\MSSQL$SQLEXPRESS\AppData\Local\temp

2013-11-18 16:41 . 2013-11-18 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-18 00:53 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3B6C667-CF09-4863-9AAF-7299B27D3F03}\mpengine.dll

2013-11-17 19:03 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-16 16:21 . 2013-11-16 16:21 -------- d-----w- c:\programdata\Auslogics

2013-11-16 16:21 . 2013-11-16 16:21 -------- d-----w- c:\program files (x86)\Auslogics

2013-11-13 15:10 . 2013-11-13 15:10 -------- d-----w- C:\FRST

2013-11-13 02:34 . 2013-11-14 03:16 -------- d-----w- c:\windows\system32\catroot2

2013-11-13 02:23 . 2013-11-18 15:47 -------- d-----w- c:\windows\system32\wbem\repository

2013-11-13 02:22 . 2013-11-13 02:22 -------- d-----w- c:\windows\SysWow64\wbem\Performance

2013-11-13 02:04 . 2013-11-13 02:32 181064 ----a-w- c:\windows\PSEXESVC.EXE

2013-11-13 02:02 . 2013-11-13 02:02 -------- d-----w- C:\RegBackup

2013-11-13 01:27 . 2013-11-13 01:27 -------- d-----w- c:\program files (x86)\Tweaking.com

2013-11-12 15:05 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-11-12 14:58 . 2013-11-12 14:58 -------- d-----w- c:\programdata\ATI

2013-11-12 14:58 . 2013-11-12 14:58 -------- d-----w- c:\program files (x86)\AMD AVT

2013-11-12 14:57 . 2013-11-12 14:57 -------- d-----w- c:\program files\AMD

2013-11-12 14:40 . 2013-11-12 14:50 -------- d-----w- c:\programdata\Package Cache

2013-11-11 20:14 . 2013-11-18 15:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-11-11 20:14 . 2013-11-18 15:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-11-11 02:27 . 2013-11-18 15:47 -------- d-----w- c:\users\HTPC\AppData\Roaming\XBMC

2013-11-11 02:25 . 2013-11-11 02:26 -------- d-----w- c:\program files (x86)\XBMC

2013-11-10 17:28 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-11-10 14:33 . 2013-11-10 15:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-11-10 14:29 . 2013-11-10 14:29 -------- d-----w- c:\users\HTPC\AppData\Roaming\Malwarebytes

2013-11-10 14:29 . 2013-11-10 14:29 -------- d-----w- c:\programdata\Malwarebytes

2013-11-10 14:29 . 2013-11-10 17:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-11-07 18:38 . 2013-11-07 18:38 -------- d-----w- c:\program files (x86)\RMPrepUSB

2013-11-06 17:22 . 2013-10-18 00:20 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A72E37B9-82B3-42A6-B636-2C0A61D25B13}\gapaengine.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-11-18 15:21 . 2012-08-03 16:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-11-17 23:11 . 2012-06-21 00:13 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2013-11-15 21:22 . 2012-06-24 18:03 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-11-06 00:32 . 2012-12-31 00:41 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2013-10-18 00:20 . 2012-07-03 17:50 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-10-08 20:31 . 2012-06-21 00:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-08 20:31 . 2012-06-21 00:34 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-08 14:50 . 2013-10-08 14:50 51200 ----a-w- c:\windows\system32\kdbsdk64.dll

2013-10-08 14:45 . 2013-10-08 14:45 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\atimpc64.dll

2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\amdpcom64.dll

2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2013-10-08 14:01 . 2013-10-08 14:01 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2013-10-08 14:01 . 2011-04-02 06:15 142792 ----a-w- c:\windows\system32\atiuxp64.dll

2013-10-08 14:01 . 2013-10-08 14:01 114488 ----a-w- c:\windows\system32\atiu9p64.dll

2013-10-08 14:01 . 2011-09-15 22:37 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2013-10-08 14:01 . 2011-04-02 06:57 1237200 ----a-w- c:\windows\system32\aticfx64.dll

2013-10-08 14:01 . 2011-09-15 23:15 1030128 ----a-w- c:\windows\SysWow64\aticfx32.dll

2013-10-08 14:00 . 2011-04-02 06:40 9464840 ----a-w- c:\windows\system32\atidxx64.dll

2013-10-08 14:00 . 2013-10-08 14:00 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll

2013-10-08 14:00 . 2011-09-15 22:50 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll

2013-10-08 14:00 . 2011-09-15 22:50 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll

2013-10-08 14:00 . 2013-10-08 14:00 6767240 ----a-w- c:\windows\system32\atiumd6a.dll

2013-10-08 14:00 . 2013-10-08 14:00 7256496 ----a-w- c:\windows\system32\atiumd64.dll

2013-10-08 13:58 . 2013-10-08 13:58 12534784 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2013-10-08 13:39 . 2013-10-08 13:39 229376 ----a-w- c:\windows\system32\clinfo.exe

2013-10-08 13:39 . 2013-10-08 13:39 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe

2013-10-08 13:39 . 2013-10-08 13:39 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe

2013-10-08 13:39 . 2013-10-08 13:39 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe

2013-10-08 13:39 . 2013-10-08 13:39 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe

2013-10-08 13:39 . 2013-10-08 13:39 98816 ----a-w- c:\windows\system32\OpenVideo64.dll

2013-10-08 13:38 . 2013-10-08 13:38 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2013-10-08 13:38 . 2013-10-08 13:38 127488 ----a-w- c:\windows\system32\coinst_13.152.1.8.dll

2013-10-08 13:38 . 2013-10-08 13:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll

2013-10-08 13:38 . 2013-10-08 13:38 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll

2013-10-08 13:38 . 2013-10-08 13:38 28192256 ----a-w- c:\windows\system32\amdocl64.dll

2013-10-08 13:36 . 2013-10-08 13:36 23761408 ----a-w- c:\windows\SysWow64\amdocl.dll

2013-10-08 13:34 . 2013-10-08 13:34 63488 ----a-w- c:\windows\system32\OpenCL.dll

2013-10-08 13:34 . 2013-10-08 13:34 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-10-08 13:17 . 2013-10-08 13:17 25385984 ----a-w- c:\windows\system32\atio6axx.dll

2013-10-08 13:13 . 2013-10-08 13:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe

2013-10-08 13:13 . 2013-10-08 13:13 62464 ----a-w- c:\windows\system32\aticalrt64.dll

2013-10-08 13:13 . 2013-10-08 13:13 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll

2013-10-08 13:13 . 2013-10-08 13:13 55808 ----a-w- c:\windows\system32\aticalcl64.dll

2013-10-08 13:13 . 2013-10-08 13:13 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll

2013-10-08 13:13 . 2013-10-08 13:13 15716352 ----a-w- c:\windows\system32\aticaldd64.dll

2013-10-08 13:09 . 2013-10-08 13:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll

2013-10-08 13:00 . 2013-10-08 13:00 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll

2013-10-08 12:54 . 2013-10-08 12:54 442368 ----a-w- c:\windows\system32\atidemgy.dll

2013-10-08 12:53 . 2013-10-08 12:53 26112 ----a-w- c:\windows\system32\atimuixx.dll

2013-10-08 12:53 . 2013-10-08 12:53 576512 ----a-w- c:\windows\system32\atieclxx.exe

2013-10-08 12:52 . 2013-10-08 12:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2013-10-08 12:51 . 2013-10-08 12:51 190976 ----a-w- c:\windows\system32\atitmm64.dll

2013-10-08 12:28 . 2013-10-08 12:28 784384 ----a-w- c:\windows\system32\atiadlxx.dll

2013-10-08 12:28 . 2013-10-08 12:28 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2013-10-08 12:28 . 2013-10-08 12:28 75264 ----a-w- c:\windows\system32\atig6pxx.dll

2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\system32\atiglpxx.dll

2013-10-08 12:28 . 2013-10-08 12:28 100352 ----a-w- c:\windows\system32\atig6txx.dll

2013-10-08 12:27 . 2013-10-08 12:27 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2013-10-08 12:27 . 2013-10-08 12:27 619008 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2013-10-08 12:24 . 2013-10-08 12:24 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2013-09-08 02:30 . 2013-10-09 23:40 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-09 23:40 327168 ----a-w- c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-09 23:40 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2013-08-29 02:17 . 2013-10-09 23:40 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 02:16 . 2013-10-09 23:40 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 02:16 . 2013-10-09 23:40 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-29 02:16 . 2013-10-09 23:40 859648 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 02:13 . 2013-10-09 23:40 878080 ----a-w- c:\windows\system32\advapi32.dll

2013-08-29 01:51 . 2013-10-09 23:40 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51 . 2013-10-09 23:40 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50 . 2013-10-09 23:40 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-29 01:50 . 2013-10-09 23:40 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-29 01:50 . 2013-10-09 23:40 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2013-08-29 01:48 . 2013-10-09 23:40 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2013-08-29 01:48 . 2013-10-09 23:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-29 00:49 . 2013-10-09 23:40 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-29 00:49 . 2013-10-09 23:40 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-29 00:49 . 2013-10-09 23:40 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-29 00:49 . 2013-10-09 23:40 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-28 01:21 . 2013-10-09 23:40 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-08-28 01:12 . 2013-10-09 23:40 461312 ----a-w- c:\windows\system32\scavengeui.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinHotKey"="c:\program files (x86)\WinHotKey\WinHotKey.exe" [2004-11-12 480768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

XBMC.lnk - c:\program files (x86)\XBMC\XBMC.exe [2013-5-2 18135040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]

R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]

R3 btmhid;btmhid;c:\windows\system32\drivers\btmhid.sys;c:\windows\SYSNATIVE\drivers\btmhid.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 20:31]

2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 13:54]

2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 13:54]

2013-11-14 c:\windows\Tasks\HPCeeScheduleForHTPC.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-11-06 21720]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = localhost:8080

TCP: DhcpNameServer = 192.168.1.1 0.0.0.0

FF - ProfilePath - c:\users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\9xsfnkrv.default-1384716882864\

FF - ExtSQL: 2013-11-17 14:39; BigButtons@kensaunders; c:\users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\9xsfnkrv.default-1384716882864\extensions\BigButtons@kensaunders.xpi

FF - ExtSQL: 2013-11-17 14:42; firefox@ghostery.com; c:\users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\9xsfnkrv.default-1384716882864\extensions\firefox@ghostery.com.xpi

FF - ExtSQL: 2013-11-17 14:51; pavel.sherbakov@gmail.com; c:\users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\9xsfnkrv.default-1384716882864\extensions\pavel.sherbakov@gmail.com

FF - ExtSQL: 2013-11-17 16:11; nosquint@urandom.ca; c:\users\HTPC\AppData\Roaming\Mozilla\Firefox\Profiles\9xsfnkrv.default-1384716882864\extensions\nosquint@urandom.ca.xpi

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

"v5Licence0"="15-WAG6-8NKP-AY5D-1GVV-U2JZ-7YQD8HN"

"Activated"="N"

Completion time: 2013-11-18 11:44:06

ComboFix-quarantined-files.txt 2013-11-18 16:44

Pre-Run: 663,520,526,336 bytes free

Post-Run: 663,403,835,392 bytes free

- - End Of File - - 27160F1F87243EF8A6B110C61187BBF5

A36C5E4F47E84449FF07ED3517B43A31

#12 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 19 November 2013 - 03:49 AM

Are you using a pirated windows version?

Proud Member of UNITE & TB

#13 FarReaching

New Member

Authentic Member
11 posts

Posted 19 November 2013 - 08:33 AM

No it is the Win 7 installed on my HP Pavillion DV-7 when I bought it at NewEgg. It was a refurbished unit though

I use it as an HTPC with XBMC

Edited by FarReaching, 19 November 2013 - 08:35 AM.

#14 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 19 November 2013 - 08:59 AM

Please download this tool and save it to your desktop: http://go.microsoft....k/?linkid=52012

Run the file by double click and press the "Continue" button.

When the tool is finished, click the "Copy" button in the lower right corner.

Reply to your topic here, right click into the reply box and select paste.

Post up.

Proud Member of UNITE & TB

#15 FarReaching

New Member

Authentic Member
11 posts

Posted 19 November 2013 - 09:11 AM

What does this have to do with finding malware ,viruses or trojans on my computer?

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9

Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=

Windows Product ID: 00359-OEM-8992687-00010

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.1.7601.2.00010300.1.0.003

ID: {6CDDD7B6-EED5-4BBE-B9B2-BC9DB52A87AA}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Home Premium

Architecture: 0x00000009

Build lab: 7601.win7sp1_gdr.130828-1532

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{6CDDD7B6-EED5-4BBE-B9B2-BC9DB52A87AA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3002779063-1698977657-952791392</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv7 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.21</Version><SMBIOSVersion major="2" minor="7"/><Date>20110913000000.000000+000</Date></BIOS><HWID>D11D3D07018400FC</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition

Description: Windows Operating System - Windows® 7, OEM_SLP channel

Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 00359-00178-926-800010-02-1033-7601.0000-3022011

Installation ID: 016723165351074212918534351744426011892653562330424501

Processor Certificate URL: http://go.microsoft....k/?LinkID=88338

Machine Certificate URL: http://go.microsoft....k/?LinkID=88339

Use License URL: http://go.microsoft....k/?LinkID=88341

Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340

Partial Product Key: 3Q6C9

License Status: Licensed

Remaining Windows rearm count: 1

Trusted time: 19/11/2013 10:08:27 AM

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0x00000000

HealthStatus: 0x0000000000000000

Event Time Stamp: 10:10:2013 19:56

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

HWID Data-->

HWID Hash Current: MgAAAAEAAwABAAEAAAACAAAAAgABAAEAonY4beRIftLu+1j5bNbiDGI9enrKkdyjAGo=

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name OEMID Value OEMTableID Value

APIC HP INSYDE

FACP HPQOEM SLIC-MPC

HPET HP INSYDE

BOOT HP INSYDE

MCFG HP INSYDE

WDRT HP INSYDE

ASF! HP INSYDE

SLIC HPQOEM SLIC-MPC

MSDM HP INSYDE

SSDT HP INSYDE

Edited by FarReaching, 19 November 2013 - 11:47 AM.

Also tagged with one or more of these keywords: Black Screen

	Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Unexpected Chrome Shutdown & Black Screens Started by rockaway1 , 13 Apr 2022 Chrome shutdown, Black screen		11 replies 32,077 views	Juliet 23 Apr 2022
	black screen Software → Microsoft Windows™ → Black screen on start up after upgrade from win 7 to win 10 on HP Touc Started by wwwlaurel , 03 Nov 2015 black screen, windows 10 and 7 more...		5 replies 12,448 views	paws 04 Nov 2015

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Body Background

skin color theme

Black Screen on Startup [Solved]

#1 FarReaching

Advertisements

Register to Remove

#2 ----------------

#3 FarReaching

#4 ----------------

#5 FarReaching

#6 ----------------

#7 FarReaching

#8 ----------------

#9 FarReaching

#10 ----------------

Advertisements

Register to Remove

#11 FarReaching

#12 ----------------

#13 FarReaching

#14 ----------------

#15 FarReaching

Related Topics

Also tagged with one or more of these keywords: Black Screen

Unexpected Chrome Shutdown & Black Screens

Black screen on start up after upgrade from win 7 to win 10 on HP Touc

2 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Black Screen on Startup [Solved]

#1 FarReaching

Advertisements Register to Remove

#2 ----------------

#3 FarReaching

#4 ----------------

#5 FarReaching

#6 ----------------

#7 FarReaching

#8 ----------------

#9 FarReaching

#10 ----------------

Advertisements Register to Remove

#11 FarReaching

#12 ----------------

#13 FarReaching

#14 ----------------

#15 FarReaching

Related Topics

Also tagged with one or more of these keywords: Black Screen

Unexpected Chrome Shutdown & Black Screens

Black screen on start up after upgrade from win 7 to win 10 on HP Touc

2 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove