Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PC running slow, Disk runs at 100% [Closed]

semaphore threads exe

  • This topic is locked This topic is locked
5 replies to this topic

#1 shonofthedead

shonofthedead

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 17 December 2013 - 04:21 AM

Hi I started my computer up today, noticed it was running very slow, I opened task manager and noticed Disk was running at 100% for no particular reason. I looked into it and noticed there was a process called "semaphore-threads.exe" using alot.

Anyway here's my results from OTL.

 

 

OTL.Txt:

 

OTL logfile created on: 17/12/2013 7:54:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\radiorentals\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
7.89 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 76.75% Memory free
9.82 Gb Paging File | 7.11 Gb Available in Paging File | 72.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.95 Gb Total Space | 131.93 Gb Free Space | 29.00% Space Free | Partition Type: NTFS
Drive D: | 455.63 Gb Total Space | 455.48 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: RR | User Name: radiorentals | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\radiorentals\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe ()
PRC - C:\Program Files (x86)\lucky leap\updateluckyleap.exe ()
PRC - C:\Program Files\News.net\NewsNetService.exe (International News Network Limited)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
PRC - C:\ClassicShell\ClassicShellService.exe (IvoSoft)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe (ITE Tech. Inc.)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe ()
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros)
PRC - C:\Program Files\acerIR\IRListenApp.exe (Corp)
PRC - C:\Program Files\acerIR\IRSrv.exe ()
PRC - C:\Windows\SysWOW64\CtrlPanel.exe (Wistron)
PRC - C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\audio.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\mssvoice.asi ()
MOD - C:\Program Files (x86)\Steam\bin\mssmp3.asi ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (.Net Main) -- C:\Windows\SysNative\idle-Threads.exe ()
SRV:64bit: - (.Net Crypt) -- C:\Windows\SysNative\mutex-Threads.exe ()
SRV:64bit: - (.Net Semaphore) -- C:\Windows\SysNative\semaphore-Threads.exe ()
SRV:64bit: - (.Net Security) -- C:\Windows\SysNative\latch-Threads.exe ()
SRV:64bit: - (NewsNetService) -- C:\Program Files\News.net\NewsNetService.exe (International News Network Limited)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (IRSrv) -- C:\Program Files\acerIR\IRSrv.exe ()
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Util lucky leap) -- C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe ()
SRV - (Update lucky leap) -- C:\Program Files (x86)\lucky leap\updateluckyleap.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (RzMaelstromVADStreamingService) -- C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe (A-Volute)
SRV - (ClassicShellService) -- C:\ClassicShell\ClassicShellService.exe (IvoSoft)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros)
SRV - (CtrlPanel) -- C:\Windows\SysWOW64\CtrlPanel.exe (Wistron)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (PGService) -- C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe (PointGrab LTD)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (scssifilter) -- C:\Windows\SysNative\Drivers\scssifilter64.sys (Microsoft Corporation)
DRV:64bit: - (usbmp3) -- C:\Windows\SysNative\Drivers\usbmp364.sys ()
DRV:64bit: - (usbwav) -- C:\Windows\SysNative\Drivers\usbwav64.sys ()
DRV:64bit: - (usbvox) -- C:\Windows\SysNative\Drivers\usbvox64.sys ()
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\Drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\Drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\Drivers\rzudd.sys (Razer Inc)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (RZMAELSTROMVADService) -- C:\Windows\SysNative\Drivers\RzMaelstromVAD.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NARA) -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\Drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (ITECIRfilter) -- C:\Windows\SysNative\Drivers\ITECIRfilter.sys (ITE Tech. Inc. )
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (AVerIT13x) -- C:\Windows\SysNative\Drivers\AVerIT13x_x64.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (PQAWRwa) -- C:\Program Files\acerIR\PQAWDrv.sys ()
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (RtkIOAC60) -- C:\Windows\SysNative\Drivers\RtkIOAC60.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys (OpenLibSys.org)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7354125F-295B-4F01-AE6E-7AFE5F70E668}
IE:64bit: - HKLM\..\SearchScopes\{7354125F-295B-4F01-AE6E-7AFE5F70E668}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {7354125F-295B-4F01-AE6E-7AFE5F70E668}
IE - HKLM\..\SearchScopes\{7354125F-295B-4F01-AE6E-7AFE5F70E668}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.news.net/...php?referid=118
IE - HKCU\..\SearchScopes,DefaultScope = {7354125F-295B-4F01-AE6E-7AFE5F70E668}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...120684&tsp=5027
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.news.net/...hp?referid=118"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@news.net/npapi: C:\Program Files\News.net\npapi.dll (International News Network Limited)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/07/11 05:28:16 | 000,037,909 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/07/19 13:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\radiorentals\AppData\Roaming\mozilla\Extensions
[2013/12/17 19:25:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\radiorentals\AppData\Roaming\mozilla\Firefox\Profiles\lhbi91kq.default\extensions
[2013/10/06 13:05:27 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\radiorentals\AppData\Roaming\mozilla\Firefox\Profiles\lhbi91kq.default\extensions\ffxtlbr@delta.com
[2013/10/06 13:05:38 | 000,000,000 | ---D | M] (news.net) -- C:\Users\radiorentals\AppData\Roaming\mozilla\Firefox\Profiles\lhbi91kq.default\extensions\news@news.net
[2013/12/17 19:25:42 | 000,007,310 | ---- | M] () (No name found) -- C:\Users\radiorentals\AppData\Roaming\mozilla\firefox\profiles\lhbi91kq.default\extensions\{3b232d24-d5de-4194-b4d7-d53b41a09748}.xpi
[2013/07/19 16:02:57 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\radiorentals\AppData\Roaming\mozilla\firefox\profiles\lhbi91kq.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/09/12 00:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/12 00:51:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - Extension: Google Drive = C:\Users\radiorentals\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\radiorentals\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\radiorentals\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\radiorentals\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Users\radiorentals\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\radiorentals\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/07/27 09:26:52 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\ScriptHost64.dll ()
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\ScriptHost.dll ()
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
O2 - BHO: (lucky leap) - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (luckyleap)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CIRAP] C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe (ITE Tech. Inc.)
O4 - HKLM..\Run: [IRApp] C:\Program Files\acerIR\IRListenApp.exe (Corp)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [WCtrlPanel] C:\Windows\SysWOW64\CtrlPanel.exe (Wistron)
O4 - HKCU..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe (International News Network Limited)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\radiorentals\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Users\radiorentals\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.211.1 61.9.211.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0112580E-9F5A-4194-AB87-28B45D9B8CC4}: DhcpNameServer = 61.9.211.1 61.9.211.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{648DDE01-6E41-4669-9DC1-A1EC269CF7CA}: DhcpNameServer = 61.9.211.1 61.9.211.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A98D331D-F5B2-4564-83EA-A938F3F32B6F}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/17 19:08:11 | 000,005,208 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O33 - MountPoints2\{9e33be85-2813-11e3-be8c-2016d83c21d2}\Shell - "" = AutoRun
O33 - MountPoints2\{9e33be85-2813-11e3-be8c-2016d83c21d2}\Shell\AutoRun\command - "" = "E:\setup.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/14 09:49:59 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Childish Gambino -
[2013/12/10 11:51:19 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Kendrick Lamar - Found Myself (MonsterMixtapes.net)
[2013/12/05 11:25:03 | 000,000,000 | R--D | C] -- C:\Users\radiorentals\Documents\Documents
[2013/12/05 11:25:00 | 000,000,000 | R--D | C] -- C:\Users\Public\Documents\Documents
[2013/12/03 20:12:56 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/12/03 20:12:55 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys
[2013/12/03 20:12:49 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/12/03 20:12:47 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/12/03 20:12:46 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2013/12/03 20:12:46 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2013/12/03 20:12:45 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/12/03 20:12:44 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/12/03 20:12:44 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/12/03 20:12:44 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/12/03 20:12:44 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/12/03 20:12:44 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/12/03 20:12:44 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/12/03 20:12:44 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013/12/03 20:12:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/12/03 20:12:43 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/12/03 20:12:43 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/12/03 20:12:42 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/12/03 20:12:42 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/12/03 20:12:42 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/12/03 20:12:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/12/03 20:12:42 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/12/03 20:12:21 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/12/03 20:12:01 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/03 20:11:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/03 20:11:59 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/03 20:11:59 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/03 20:11:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/03 20:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/25 11:02:04 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\The Walking Dead
[2013/11/25 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Workaholics
[2013/11/25 10:56:24 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Lil Wayne - I Am Not A Human Being II [Deluxe Edition] [2013]-CR
[2013/11/25 10:56:19 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Kanye West - Yeezus (Final Release)(320Kbps)(2013)
[2013/11/25 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Ghostpoet - Some Say I So I Say Light (2013) MP3
[2013/11/25 10:56:02 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Eminem - The Marshall Mathers LP 2 [Deluxe Edition] [2013] [2CD] [Mp3-320]-V3nom [GLT]
[2013/11/25 10:55:57 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Chance The Rapper - Acidrap
[2013/11/25 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Tyga - Hotel California (Deluxe Version)
[2013/11/25 10:55:38 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\The Walking Dead S04E06 HDTV x264-2HD[ettv]
[2013/11/25 10:55:19 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\The Walking Dead S04E05 HDTV x264-2HD[ettv]
[2013/11/25 10:54:21 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\The Help DVDRip XviD-DiAMOND
[2013/11/25 10:53:52 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\The Conjuring 2013 R6 WEBRiP XviD-Acesan8s
[2013/11/25 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\radiorentals\Desktop\Lloyd - King of Hearts (Deluxe iTunes Version)
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/17 19:54:59 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/17 19:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/17 19:40:40 | 000,007,660 | ---- | M] () -- C:\Users\radiorentals\AppData\Local\Resmon.ResmonCfg
[2013/12/17 19:19:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/17 19:12:56 | 000,248,650 | RHS- | M] () -- C:\Windows\SysNative\masteraclini.enu
[2013/12/17 19:12:56 | 000,000,116 | R--- | M] () -- C:\Windows\SysNative\masteraclbini.enu
[2013/12/17 19:06:56 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/12/17 19:06:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/14 18:18:03 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/12/11 17:08:20 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/11 17:08:17 | 2479,013,887 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/09 19:24:14 | 000,358,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/07 11:39:07 | 000,597,104 | RH-- | M] () -- C:\Windows\SysNative\ProgramlicenseRequired.exe
[2013/12/05 18:46:55 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/03 20:03:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\reAgentc.Off
[2013/12/03 20:03:31 | 008,007,680 | R--- | M] ( ) -- C:\Windows\SysNative\Microsoft.mshtml.dll
[2013/12/03 20:03:31 | 001,892,464 | RH-- | M] () -- C:\Windows\SysNative\wLins.exe
[2013/12/03 20:03:31 | 001,422,336 | RH-- | M] () -- C:\Windows\SysNative\7z.dll
[2013/12/03 20:03:31 | 000,200,704 | R--- | M] () -- C:\Windows\SysNative\ICSharpCode.SharpZipLib.dll
[2013/12/03 20:03:31 | 000,151,040 | RH-- | M] () -- C:\Windows\SysNative\SevenZipSharp.dll
[2013/12/03 20:03:31 | 000,126,976 | R--- | M] ( ) -- C:\Windows\SysNative\Interop.SHDocVw.dll
[2013/12/03 20:03:31 | 000,096,880 | RHS- | M] () -- C:\Windows\SysNative\bcdboots.exe
[2013/12/03 20:03:31 | 000,061,552 | RH-- | M] () -- C:\Windows\SysNative\msgPop.exe
[2013/12/03 20:03:30 | 001,892,464 | RH-- | M] () -- C:\Windows\SysNative\wLin.exe
[2013/12/03 20:03:29 | 000,001,754 | RHS- | M] () -- C:\Windows\SysNative\masterlock.enu
[2013/12/03 20:03:23 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/12/03 20:03:23 | 000,001,965 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/12/03 20:02:35 | 000,350,832 | RH-- | M] () -- C:\Windows\SysNative\HardwareInfo.exe
[2013/12/03 20:02:35 | 000,004,959 | RHS- | M] () -- C:\Windows\SysNative\{master}(1a)avga.enu
[2013/12/03 20:02:35 | 000,004,821 | RHS- | M] () -- C:\Windows\SysNative\{master}(99)misc.enu
[2013/12/03 20:02:35 | 000,004,688 | RHS- | M] () -- C:\Windows\SysNative\{master}(12)kasp.enu
[2013/12/03 20:02:35 | 000,004,682 | RHS- | M] () -- C:\Windows\SysNative\{master}(2)cas.enu
[2013/12/03 20:02:35 | 000,004,676 | RHS- | M] () -- C:\Windows\SysNative\{master}(9)com.enu
[2013/12/03 20:02:35 | 000,004,674 | RHS- | M] () -- C:\Windows\SysNative\{master}(8)pro.enu
[2013/12/03 20:02:35 | 000,004,625 | RHS- | M] () -- C:\Windows\SysNative\{master}(3)pan.enu
[2013/12/03 20:02:35 | 000,004,607 | RHS- | M] () -- C:\Windows\SysNative\{master}(4)zilla.enu
[2013/12/03 20:02:34 | 000,007,971 | RHS- | M] () -- C:\Windows\SysNative\{master}(00)Msg.enu
[2013/12/03 20:02:34 | 000,005,957 | RHS- | M] () -- C:\Windows\SysNative\{master}(0)nrt.enu
[2013/12/03 20:02:34 | 000,004,502 | RHS- | M] () -- C:\Windows\SysNative\{master}(1)avg.enu
[2013/12/03 20:02:34 | 000,004,403 | RHS- | M] () -- C:\Windows\SysNative\{master}(zz)Template.enu
[2013/12/03 20:02:34 | 000,004,396 | RHS- | M] () -- C:\Windows\SysNative\{master}(1a)avgi.enu
[2013/12/03 20:02:34 | 000,001,406 | RHS- | M] () -- C:\Windows\SysNative\{master}(0}Process.enu
[2013/12/03 20:02:26 | 009,361,520 | RH-- | M] () -- C:\Windows\SysNative\idle-Threads.exe
[2013/12/03 20:02:23 | 009,539,184 | RHS- | M] () -- C:\Windows\SysNative\mutex-Threads.exe
[2013/12/03 20:02:23 | 000,480,880 | -HS- | M] () -- C:\Windows\SysNative\semaphore-Threads.exe
[2013/12/03 20:02:21 | 009,544,304 | RHS- | M] () -- C:\Windows\SysNative\latch-Threads.exe
[2013/12/03 20:02:07 | 000,018,928 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scssifilter64.sys
[2013/12/03 20:02:07 | 000,018,928 | R--- | M] () -- C:\Windows\SysNative\drivers\usbmp364.sys
[2013/12/03 20:02:07 | 000,015,856 | R--- | M] () -- C:\Windows\SysNative\drivers\usbwav64.sys
[2013/12/03 20:02:06 | 000,020,464 | R--- | M] () -- C:\Windows\SysNative\drivers\usbvox64.sys
[2013/11/24 16:23:04 | 007,679,724 | ---- | M] () -- C:\Users\radiorentals\Desktop\01 Life Round Here (feat. Chance The Rapper).mp3
[2013/11/24 16:22:36 | 009,427,996 | ---- | M] () -- C:\Users\radiorentals\Desktop\My Nigga Explicit (ft. Jeezy, Rich Homie Quan).mp3
 
========== Files Created - No Company Name ==========
 
[2013/12/17 19:27:01 | 000,007,660 | ---- | C] () -- C:\Users\radiorentals\AppData\Local\Resmon.ResmonCfg
[2013/12/09 19:24:04 | 000,358,792 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/07 11:39:06 | 000,597,104 | RH-- | C] () -- C:\Windows\SysNative\ProgramlicenseRequired.exe
[2013/12/03 20:03:30 | 001,892,464 | RH-- | C] () -- C:\Windows\SysNative\wLins.exe
[2013/12/03 20:03:30 | 001,892,464 | RH-- | C] () -- C:\Windows\SysNative\wLin.exe
[2013/11/25 11:02:04 | 006,706,793 | ---- | C] () -- C:\Users\radiorentals\Desktop\Bliss N Eso - 09 - Coastal Kids.mp3
[2013/11/24 23:54:02 | 007,679,724 | ---- | C] () -- C:\Users\radiorentals\Desktop\01 Life Round Here (feat. Chance The Rapper).mp3
[2013/11/24 23:53:59 | 009,427,996 | ---- | C] () -- C:\Users\radiorentals\Desktop\My Nigga Explicit (ft. Jeezy, Rich Homie Quan).mp3
[2013/09/17 07:19:08 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/23 00:20:56 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/08/23 00:20:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/21 08:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2012/09/21 08:34:16 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2012/09/21 08:34:12 | 000,618,496 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2012/09/21 08:34:12 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2012/09/21 08:34:12 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2012/09/21 08:34:12 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2012/09/21 08:34:12 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2012/09/21 08:34:12 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2012/09/21 08:34:12 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll
[2012/09/21 08:25:14 | 000,012,384 | ---- | C] () -- C:\Windows\SysWow64\PQAWDrv.sys
[2012/09/21 08:25:14 | 000,000,065 | ---- | C] () -- C:\Windows\SysWow64\CtrlBri.ini
[2012/09/01 04:10:08 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/09/01 04:10:04 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/09/01 04:10:04 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/07/27 12:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/27 12:13:08 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/27 11:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/27 05:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/27 00:37:28 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/27 00:28:30 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/03 18:31:18 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/21 07:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013/07/19 22:20:27 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 16:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 15:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/27 03:57:36 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/27 03:58:04 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/27 03:53:50 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/06 13:05:23 | 000,000,000 | ---D | M] -- C:\Users\radiorentals\AppData\Roaming\BabSolution
[2013/10/06 13:05:26 | 000,000,000 | ---D | M] -- C:\Users\radiorentals\AppData\Roaming\Delta
[2013/10/06 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\radiorentals\AppData\Roaming\Free Sound Recorder
[2013/07/19 13:04:15 | 000,000,000 | ---D | M] -- C:\Users\radiorentals\AppData\Roaming\LibreOffice
[2013/07/19 15:55:49 | 000,000,000 | ---D | M] -- C:\Users\radiorentals\AppData\Roaming\LolClient
[2013/10/05 14:37:38 | 000,000,000 | ---D | M] -- C:\Users\radiorentals\AppData\Roaming\SanDisk SecureAccess
[2013/10/06 12:28:31 | 000,000,000 | ---D | M] -- C:\Users\radiorentals\AppData\Roaming\Spotify
[2013/12/17 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\radiorentals\AppData\Roaming\uTorrent
[2013/07/19 13:08:56 | 000,000,000 | ---D | M] -- C:\Users\radiorentals\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2012/07/27 11:49:04 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7bca26f6f419a854\Explorer.adml
[2012/07/27 11:49:04 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_en-us_7bff382ef3f2006f\Explorer.adml
[2012/07/27 11:49:04 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16726_en-us_7c0d0eaaf3e727f8\Explorer.adml
[2012/07/27 11:49:04 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_en-us_7c89d5440d0eb990\Explorer.adml
[2012/07/27 11:49:04 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20837_en-us_7c8cdbd40d0bfd0a\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2012/07/27 00:21:50 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16384_none_6e8451187a9a1607\Explorer.admx
[2012/07/27 00:21:50 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16420_none_6ec1315e7a6d062c\Explorer.admx
[2012/07/27 00:21:50 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16433_none_6eb962507a726e22\Explorer.admx
[2012/07/27 00:21:50 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20521_none_6f4bce739389bf4d\Explorer.admx
[2012/07/27 00:21:50 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20534_none_6f43ff65938f2743\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2013/06/01 21:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 21:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/08/03 10:12:37 | 000,191,929 | ---- | M] () MD5=1727143EC434BC6ED2C8433C9A7C7CF5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/08/03 10:12:50 | 000,190,101 | ---- | M] () MD5=1CEF1546DCBB255E79A68D0214E7AA6A -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/08/02 08:49:21 | 000,220,310 | ---- | M] () MD5=2103B41B1878A36D44ED886AE09EFA73 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/08/02 08:49:26 | 000,217,360 | ---- | M] () MD5=5929EC2D3DF02827BCF08A88AB5F6C18 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/08/02 08:49:18 | 000,221,955 | ---- | M] () MD5=90F515C3CFFA8F2799B68C73987E1262 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/08/02 08:49:23 | 000,220,321 | ---- | M] () MD5=B8F2498A377EB2B6BCAC1D7389493113 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/08/03 10:12:26 | 000,193,351 | ---- | M] () MD5=CC4023167AB8903336F5E0A3BDDF28E2 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/08/03 10:12:31 | 000,191,911 | ---- | M] () MD5=DC2879EFC84E1911998268EB59F7B436 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/06/01 20:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 20:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2012/07/27 11:48:56 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\en-US\explorer.exe.mui
[2012/07/27 11:48:56 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/27 11:48:56 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/27 11:48:56 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2013/12/14 09:40:05 | 000,309,222 | ---- | M] () MD5=0BAD2255AAAC2CBD2044BB0E82B0375C -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.EXE  >
[2013/02/21 21:11:26 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=0A1FC149D1F01AEE5D66D42953CDD751 -- C:\Windows\SoftwareDistribution\Download\e7d7359e163197c3bb6b9f64b7f5f2b4\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_2b57ad3f3a4a8d28\iexplore.exe
[2013/12/09 21:59:41 | 000,000,383 | ---- | M] () MD5=0BBBFC77692B6FDFFADA960CED87E88A -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16721_none_37d7784cec3dea2b\iexplore.exe
[2013/12/09 22:13:41 | 000,005,022 | ---- | M] () MD5=15285DA4D8C5994C1B41C0564E1683DF -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_2b75d8173a34538a\iexplore.exe
[2013/12/09 22:13:39 | 000,005,080 | ---- | M] () MD5=35A907451398D52B68F195740E3CFF34 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_424e7c2f2084a4a2\iexplore.exe
[2013/12/09 22:13:40 | 000,005,024 | ---- | M] () MD5=3756BBC053446775A3B1E617A95BD474 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_2b74d7cd3a353a33\iexplore.exe
[2013/12/09 21:59:41 | 000,005,635 | ---- | M] () MD5=5902A61FFA2DD774411669DF82C64C8A -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_37f9d1dcec23e2a7\iexplore.exe
[2013/02/21 22:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/02/21 22:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16736_none_37d806aeec3d83a7\iexplore.exe
[2013/02/21 22:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_37da8ff2ec3b1c8f\iexplore.exe
[2013/10/19 09:17:02 | 000,003,063 | ---- | M] () MD5=69EBD0D48B8A75FA3E1C02EFEA7ED3F6 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20831_none_2100020f05ec7f28\iexplore.exe
[2013/12/09 21:59:43 | 000,003,063 | ---- | M] () MD5=797E1B68F4792C1730FA9348F8E3A084 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20848_none_210062e105ec4be6\iexplore.exe
[2013/12/09 21:59:42 | 000,006,230 | ---- | M] () MD5=7B7AC19EAF543CA6A144ACF3EA32FA35 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_21202d7b05d47838\iexplore.exe
[2013/12/09 22:13:38 | 000,005,019 | ---- | M] () MD5=85DE852750B7E18FF94E96B8F901915E -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_424d651d2085a4ec\iexplore.exe
[2013/12/09 21:59:42 | 000,005,624 | ---- | M] () MD5=B6D2CC70828E39EEBD6C0024551CD8AD -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_21212dc505d3918f\iexplore.exe
[2013/12/09 22:13:37 | 000,006,706 | ---- | M] () MD5=C432913671052DFB35E7314E8AB7B401 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_425d1fb32079214f\iexplore.exe
[2013/10/19 09:22:34 | 000,005,039 | ---- | M] () MD5=C519CF38DBB1446DABD8088D7551A04C -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20831_none_2b54ac613a4d4123\iexplore.exe
[2013/12/09 22:13:42 | 000,005,039 | ---- | M] () MD5=C7598F3C041C9774998703BDA9E917F7 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20848_none_2b550d333a4d0de1\iexplore.exe
[2013/12/09 21:59:40 | 000,006,281 | ---- | M] () MD5=CB385845643B4915019458641A5D4218 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_37f8bacaec24e2f1\iexplore.exe
[2013/02/21 21:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/02/21 21:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16736_none_422cb101209e45a2\iexplore.exe
[2013/02/21 21:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_422f3a45209bde8a\iexplore.exe
[2013/02/21 23:13:16 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=E61732C1203A6BCA2FFB91022CA48AC6 -- C:\Windows\SoftwareDistribution\Download\e7d7359e163197c3bb6b9f64b7f5f2b4\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_210302ed05e9cb2d\iexplore.exe
[2013/12/09 21:59:40 | 000,006,786 | ---- | M] () MD5=EBFA172A97D1F456A5A3ABAA432A5110 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_38087560ec185f54\iexplore.exe
[2013/12/09 22:13:39 | 000,000,400 | ---- | M] () MD5=F878D938F23804AA5BBA8C8502CD7A70 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16721_none_422c229f209eac26\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012/07/27 11:49:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/27 11:49:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/27 11:49:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_31b50ad823c5a03b\iexplore.exe.mui
[2012/07/27 11:49:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_3c09b52a58266236\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-7A9337F2.PF  >
[2013/12/11 23:36:40 | 000,080,538 | ---- | M] () MD5=5A4092B1F1D6D6185B97CD326CCFFAAF -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
 
< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF  >
[2013/12/11 23:36:40 | 000,077,260 | ---- | M] () MD5=C412DD7C11AF97D328AF2B69843CA24B -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
 
< MD5 for: SERVICES  >
[2012/07/27 09:26:46 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
 
< MD5 for: SERVICES.EXE  >
[2013/08/02 09:11:53 | 000,001,252 | ---- | M] () MD5=883B95BC5994BA69B5F35948D0F836AE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012/09/20 16:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012/09/20 16:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2013/08/02 09:11:53 | 000,038,189 | ---- | M] () MD5=A6D165BBE1549EED8931DB274463B220 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2012/07/27 11:48:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\SysNative\en-US\services.exe.mui
[2012/07/27 11:48:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2013/07/19 14:25:27 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2012/07/27 11:55:34 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/27 11:56:28 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/27 11:57:06 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/27 11:57:28 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/27 11:57:56 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/09/21 08:48:20 | 000,004,761 | ---- | M] () MD5=9D136FCA750DBB05B52AB77A35D536D6 -- C:\Program Files\WindowsApps\ChaChaSearch.ChaChaPushNotification_1.0.0.32_neutral__62vv7yjt7tgyp\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2012/07/27 00:19:36 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/27 00:19:36 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/27 00:19:36 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2012/06/03 18:35:04 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012/06/03 18:35:04 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
 
< MD5 for: SERVICES.MSC  >
[2012/07/27 11:48:56 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012/07/27 02:56:28 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012/07/27 11:48:56 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/07/27 02:53:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/27 11:48:56 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/07/27 02:56:28 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/07/27 02:53:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/27 11:48:56 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2012/07/27 00:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/27 00:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
 
< MD5 for: SERVICES.RDB  >
[2013/02/01 08:43:26 | 000,181,106 | ---- | M] () MD5=25969B6B8B4649BB92377EE96E90F857 -- C:\Program Files (x86)\LibreOffice 4.0\program\services\services.rdb
[2013/01/31 19:02:04 | 000,008,380 | ---- | M] () MD5=9476D2201F375E09198A790D322F9A68 -- C:\Program Files (x86)\LibreOffice 4.0\URE\misc\services.rdb
 
< MD5 for: WINLOGON.ADML  >
[2012/07/27 11:49:04 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_en-us_edcdb8ec66a62fc0\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2012/07/27 00:21:02 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.2.9200.16384_none_d3d704270306719d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2013/08/03 09:40:34 | 000,053,889 | ---- | M] () MD5=8DA453BB1CD8AD4FB4179F71BBD85504 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2013/08/03 09:40:36 | 000,001,620 | ---- | M] () MD5=B9DE996C016AC10F82E143AEC5451212 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2012/10/11 15:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012/10/11 15:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/08/03 09:40:35 | 000,053,876 | ---- | M] () MD5=C66B22CE54CCDB994A42A7FA7EC61CFD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/08/03 09:40:35 | 000,053,884 | ---- | M] () MD5=E9CA2039AF876323D7C0BA270F922D70 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2012/07/27 11:48:50 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2012/07/27 11:48:50 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-0D9AB72B.PF  >
[2013/12/14 21:31:34 | 000,027,140 | ---- | M] () MD5=7134357FA18E6BDFF0C962794E8C6884 -- C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf
 
< MD5 for: WINLOGON.MFL  >
[2012/07/27 11:48:52 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2012/07/27 11:48:52 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_en-us_81848abaa91301c6\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2012/07/27 00:30:22 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2012/07/27 00:30:22 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.2.9200.16384_none_d9027134ffac135f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/12/17 19:08:11 | 000,005,208 | ---- | M] () -- C:\autoupdate.log
[2013/06/22 06:56:50 | 000,008,755 | -H-- | M] () -- C:\BackupSys.log
[2012/07/27 12:18:42 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2013/10/17 22:52:04 | 000,000,000 | ---- | M] () -- C:\end
[2013/12/11 17:08:17 | 2479,013,887 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/11 17:08:18 | 2080,374,784 | -HS- | M] () -- C:\pagefile.sys
[2013/05/31 12:58:56 | 295,226,697 | RHS- | M] () -- C:\pcRestore.sys
[2012/09/28 08:34:36 | 000,000,000 | ---- | M] () -- C:\Recovery.txt
[2013/12/11 17:08:20 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
 
< %systemroot%\Fonts\*.com >
[2012/09/01 08:33:36 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2012/09/01 08:33:36 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2012/09/01 08:33:36 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/09/01 08:33:36 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2012/07/27 12:13:02 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2012/07/27 12:13:00 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Acer
 Volume Serial Number is 180A-BD8D
 Directory of C:\
22/06/2013  06:55 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
22/06/2013  06:55 AM    <JUNCTION>     Application Data [C:\ProgramData]
22/06/2013  06:55 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
22/06/2013  06:55 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
22/06/2013  06:55 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
22/06/2013  06:55 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
22/06/2013  06:55 AM    <SYMLINKD>     All Users [C:\ProgramData]
22/06/2013  06:55 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
22/06/2013  06:55 AM    <JUNCTION>     Application Data [C:\ProgramData]
22/06/2013  06:55 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
22/06/2013  06:55 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
22/06/2013  06:55 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
22/06/2013  06:55 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
22/06/2013  06:55 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
22/06/2013  06:55 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
22/06/2013  06:55 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
22/06/2013  06:55 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
22/06/2013  06:55 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
22/06/2013  06:55 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/06/2013  06:55 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
22/06/2013  06:55 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
22/06/2013  06:55 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
22/06/2013  06:55 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
22/06/2013  06:55 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
22/06/2013  06:55 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
22/06/2013  06:55 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
22/06/2013  06:55 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
22/06/2013  06:55 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
22/06/2013  06:55 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
22/06/2013  06:55 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
22/06/2013  06:55 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
22/06/2013  06:55 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\radiorentals
22/06/2013  06:55 AM    <JUNCTION>     Application Data [C:\Users\radiorentals\AppData\Roaming]
22/06/2013  06:55 AM    <JUNCTION>     Cookies [C:\Users\radiorentals\AppData\Roaming\Microsoft\Windows\Cookies]
22/06/2013  06:55 AM    <JUNCTION>     Local Settings [C:\Users\radiorentals\AppData\Local]
22/06/2013  06:55 AM    <JUNCTION>     My Documents [C:\Users\radiorentals\Documents]
22/06/2013  06:55 AM    <JUNCTION>     NetHood [C:\Users\radiorentals\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
22/06/2013  06:55 AM    <JUNCTION>     PrintHood [C:\Users\radiorentals\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/06/2013  06:55 AM    <JUNCTION>     Recent [C:\Users\radiorentals\AppData\Roaming\Microsoft\Windows\Recent]
22/06/2013  06:55 AM    <JUNCTION>     SendTo [C:\Users\radiorentals\AppData\Roaming\Microsoft\Windows\SendTo]
22/06/2013  06:55 AM    <JUNCTION>     Start Menu [C:\Users\radiorentals\AppData\Roaming\Microsoft\Windows\Start Menu]
22/06/2013  06:55 AM    <JUNCTION>     Templates [C:\Users\radiorentals\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\radiorentals\AppData\Local
22/06/2013  06:55 AM    <JUNCTION>     Application Data [C:\Users\radiorentals\AppData\Local]
22/06/2013  06:55 AM    <JUNCTION>     History [C:\Users\radiorentals\AppData\Local\Microsoft\Windows\History]
22/06/2013  06:55 AM    <JUNCTION>     Temporary Internet Files [C:\Users\radiorentals\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\radiorentals\Documents
22/06/2013  06:55 AM    <JUNCTION>     My Music [C:\Users\radiorentals\Music]
22/06/2013  06:55 AM    <JUNCTION>     My Pictures [C:\Users\radiorentals\Pictures]
22/06/2013  06:55 AM    <JUNCTION>     My Videos [C:\Users\radiorentals\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser
22/06/2013  06:55 AM    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Roaming]
22/06/2013  06:55 AM    <JUNCTION>     Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
22/06/2013  06:55 AM    <JUNCTION>     Local Settings [C:\Users\UpdatusUser\AppData\Local]
22/06/2013  06:55 AM    <JUNCTION>     My Documents [C:\Users\UpdatusUser\Documents]
22/06/2013  06:55 AM    <JUNCTION>     NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
22/06/2013  06:55 AM    <JUNCTION>     PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/06/2013  06:55 AM    <JUNCTION>     Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
22/06/2013  06:55 AM    <JUNCTION>     SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
22/06/2013  06:55 AM    <JUNCTION>     Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
22/06/2013  06:55 AM    <JUNCTION>     Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\AppData\Local
22/06/2013  06:55 AM    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Local]
22/06/2013  06:55 AM    <JUNCTION>     History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
22/06/2013  06:55 AM    <JUNCTION>     Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\Documents
22/06/2013  06:55 AM    <JUNCTION>     My Music [C:\Users\UpdatusUser\Music]
22/06/2013  06:55 AM    <JUNCTION>     My Pictures [C:\Users\UpdatusUser\Pictures]
22/06/2013  06:55 AM    <JUNCTION>     My Videos [C:\Users\UpdatusUser\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              64 Dir(s)  141,024,362,496 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/05/30 04:04:56 | 000,000,223 | -HS- | M] () -- C:\Users\radiorentals\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
 
Extras.Txt:
 

OTL Extras logfile created on: 17/12/2013 7:54:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\radiorentals\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
7.89 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 76.75% Memory free
9.82 Gb Paging File | 7.11 Gb Available in Paging File | 72.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.95 Gb Total Space | 131.93 Gb Free Space | 29.00% Space Free | Partition Type: NTFS
Drive D: | 455.63 Gb Total Space | 455.48 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: RR | User Name: radiorentals | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092AAE9C-8DCD-4572-B579-2FC05C5D8787}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0BFFE5D6-0A52-4E0F-B51A-A32F316013A9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1B8FCF44-BC61-4AD6-A6C4-C2FA0EE2D00B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1CE97ED8-BE0F-4498-AE34-2CC405B2BD4A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1D7FB720-219B-46CD-A65A-4BAB313783A4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{37EBA3E0-EC8F-476C-B90B-603DA98F9C47}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4534038C-F99C-4CC9-9839-AC81DE0B3C7A}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{473616AB-13CA-40B7-AB75-E32A5F9F54F3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4F122EA2-B7B7-467C-8094-AC3262C4750A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{568ACEEC-9ECD-489D-BB38-4F11CAF5414C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{58DB42D8-E1C4-477E-A425-04CC5BE87AE1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{75DEA031-E1F8-4AED-90D1-97800506E277}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B31EC707-00F9-4FD1-A23C-02B59E6E0567}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B97BE606-2560-46D9-9C01-200495991912}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C392A2C5-E111-4A68-A576-7745D00B02CC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C8E6B86A-9BC6-4A98-BC59-1F5E1A6ED434}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D7287703-4A56-422C-BA48-2FDC17DAE1E5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | 
"{DEC68C17-A065-48F4-95B2-A89B5C4B76C7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E2DDFAFD-31F5-4398-ABC1-C20298A63268}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E89C5F06-A8C2-484C-B28A-ACCA66456254}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EB24FB8A-A03B-4C30-8F19-543475422F76}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EB2DC6C7-A14F-48C3-B1E0-64DAA5146E7E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FC9C19E1-443A-4898-8CAB-7361E402F330}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031C6EDF-5718-4912-9E40-0988B7172A49}" = protocol=17 | dir=in | app=c:\users\radiorentals\appdata\roaming\utorrent\utorrent.exe | 
"{0469CAD7-187B-4F4F-B45F-9429377FCB4A}" = dir=out | name=chacha | 
"{06830D49-1863-4CAB-9E94-F39F002A6876}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{09854C07-E3C1-4C6D-BAE9-3F4DC468264C}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{0C53692A-F96E-433F-869B-A0066926F22F}" = dir=out | name=ebay | 
"{0E1C4B55-A8F1-4FD7-A06C-4702F23B8397}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{11C5734D-E0C5-486D-9CC3-D232345FCE16}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{12767F6B-C670-4852-B03F-BC37D91CEDD9}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | 
"{129F5899-1898-42E0-8880-5EBCEA4BE596}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{17CCFA90-D870-418F-AE06-5ABDBEE381DB}" = dir=out | name=acer explorer | 
"{1B81D413-8152-4A0C-A667-50E5F4418FCC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1C7C01DB-D8B9-4C96-8352-D0A2681C2B47}" = dir=in | name=kindle | 
"{1D8F55C0-6250-4A09-97B4-15B9B6605BD4}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{23AC80E4-67DA-4BA9-924B-A67A167F9F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | 
"{287D1487-4DB8-4793-A8A0-400A3CFB8FBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{28A8673B-3DFB-41CF-BDAB-CA21BDE6C5D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{2C3233CD-CFAD-458F-BB90-970AE6D47249}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | 
"{2D2186C1-5AE6-468C-8DDE-61B69E7EFDF0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3217FA65-50A0-4E9C-BE47-A6B6D4B55544}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{388D9511-8844-44C4-93BA-098089137B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{3EF1B6D2-3CF3-4356-A666-3AD08F3913AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\godmode\bin\godmode.exe | 
"{3F3F99AB-47F0-4B4A-B0C8-4F968A28CBA9}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{489167B9-4654-4C88-B474-113C0D45B5BD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{48F21782-2950-4D69-B43C-B1EB12EAEB9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{4A6EE324-ED3A-4A42-B769-5BF003889E74}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{4C25B2E5-5430-4BDD-870C-98AF81F72E58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4D1A0A1E-1CDA-4D51-A30A-F002A77822E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\godmode\bin\godmode.exe | 
"{4E8D657A-C313-4602-8442-F15D044E2648}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{50E37391-0560-4429-B2F2-0F25F93E0E27}" = dir=out | name=icookbook se | 
"{5F414391-3807-4FA3-B77C-5026905AA3BC}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{6025482B-0764-4339-9E8F-B10FAA8B2685}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{6114FE27-7636-425F-8064-46D903F8F934}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | 
"{6182D285-51D0-410B-8B6A-382C8C8F8FF4}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{624E9E2F-310D-467C-A61F-4A44F7284D19}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{65A994A2-BDCA-4312-A311-A39A64EEB233}" = dir=out | name=newsxpresso metro | 
"{68E0867D-C893-4D0F-9A03-120E9FF63E28}" = dir=out | name=skitch | 
"{68FA3151-0B78-4403-84FB-D95C16E3BD9F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{6B514138-9316-4199-82B7-4F6D9642A281}" = dir=out | name=encyclopaedia britannica | 
"{6BBFB87F-BF92-4BF4-810A-C8FD21933E70}" = dir=in | name=amazon for windows | 
"{6D49D253-980A-400C-9FDE-3454C0E5C527}" = dir=out | name=microsoft mahjong | 
"{6F4D2484-E18A-46B1-9C8B-2167342CFB6F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6F52FAD1-3720-4E29-9C87-022BC3B42DA1}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{73CB82DC-E698-4200-99F6-0460BB2BCA0A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{781CDAEC-555B-48C2-9606-E38C430C4121}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{790305B0-63A5-41CB-A915-90ABF9F37906}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{7FA0BA77-0A75-46E9-99F6-9B8332AE525F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe | 
"{7FDC2DC5-D1F0-4477-BE07-16FA59CCB740}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{826964F0-0758-40EC-9D1D-3ED43056F462}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{838EF8F6-A62B-4833-A2CF-1CD435D9A773}" = dir=out | name=taptiles | 
"{8857F330-1D45-4633-BA3B-B2DFD91AF838}" = dir=out | name=kindle | 
"{8D285CAB-760E-435B-A122-3580DAA237C8}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{8F3FFAAB-99B8-4B52-8613-3ED4A5F45AE1}" = dir=in | name=skype | 
"{9027C0EB-264A-42CB-8C84-D550868ACA26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{91D2B542-EFCD-47AA-9FB9-101FF0AD2693}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{94984112-B8D6-4E3C-8818-11C3371C9085}" = dir=out | name=amazon for windows | 
"{9AF985B7-EEE5-468A-8B07-1F49FF8D04DA}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{9FAB56B5-AB73-4B60-A125-0DA1B9F7171F}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{A0C3D60C-F1D8-49D1-B049-6BBA6D98D7C9}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{A228C2B6-7F82-4D70-AC67-41D98D6EAC2C}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | 
"{A3678D5E-B880-480F-BB66-7EE6CE56D495}" = dir=in | name=evernote | 
"{A431D5C5-C966-44ED-8288-5E5C6EE94CE1}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{ADE2C9E6-011D-4070-A1D9-FABE3E33A5ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | 
"{AEB9CD6F-DBCD-43D2-A1EB-475E011575C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | 
"{AF961704-6EAC-43E2-8A78-23E4E09FD577}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe | 
"{B21E2DDF-68CE-4B96-8C2D-3452DFE4BE11}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{B37C4411-B211-456A-AECA-2CF6CF6FCA10}" = dir=out | name=skype | 
"{B3C3283A-268A-46A1-A4C7-D1BA634FFAD5}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{B8756CCC-33D6-4A21-9B2C-2BB20BF82BAC}" = dir=out | name=evernote | 
"{B8E5A620-2A2D-448F-B344-BA3AF972EFCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{BAF8ABD4-D837-47EB-953A-1666C2E90644}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | 
"{BBA26386-88A4-4330-9DE2-AE2F56A80B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{BBB18081-6EE6-48C0-9018-2CB7CE8EBF5D}" = dir=out | name=stumbleupon | 
"{BC89A05F-74A7-4C62-B9BA-EE7E35155D0F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{BD5E1335-449C-4E81-8785-B8C3F14FAB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{BDCA1E58-BD32-48CC-B591-15BCBB1FD955}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{BDFB1380-BB3F-4214-B7A6-B07CCC4A687A}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{C01848ED-BF64-483B-9DB3-D791F3451C13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{C1CCD1C2-E8D2-4E66-91B5-D7058F7D444A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{C35CD997-5AE9-47DC-B035-BF08FF7C434A}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{C4A2885E-867F-4F35-BC67-156620AF6EDA}" = dir=in | name=ebay | 
"{C51BC4BF-BACB-42B6-A989-1252C1CA1F48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C86925EB-B769-4E30-9093-4B87A72339BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{CA3783B5-435F-4202-AA91-3BC50C402DEF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{D1A11C0D-CD0C-420F-B9AB-E7A8AF1D90C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{D60E133E-6355-429A-9365-695BFC8B92AB}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{D71A462E-D422-4216-8363-C262AF2C1BCE}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{D7E794FD-420D-4B05-8C90-AF7D5FE0FB69}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{D81923FF-8F77-4EB3-A475-1A3C4855D438}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DA4D6209-8A01-4834-9BA3-D8808042AA86}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DA8AA6CA-871A-4F7A-AF7F-8C99C70AA8A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DAAD4191-73C7-4336-8C9B-731742D1DDF7}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{DE8EC374-F381-4385-AC90-B3CA4C29C2DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{DED2A2EA-BA93-4136-91BC-E58EC510FA64}" = dir=out | name=weatherbug | 
"{E6457560-378C-48C4-BA52-4EE7B48B8703}" = protocol=6 | dir=in | app=c:\users\radiorentals\appdata\roaming\utorrent\utorrent.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E854B449-4E04-4282-8492-90489986E868}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E868050A-3E2E-455D-8B1F-7357606F1438}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{E8A3C85D-D885-42B8-951F-00641A34CC18}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F0EF1C8D-9027-4B92-B51D-096B5ACF63FD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{F22C5610-E746-4A94-816B-E3D1558B67CA}" = dir=out | name=tunein radio | 
"{F3E6744B-5AD4-4379-9A3E-80C3F6663E27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{F56ABFB1-76F6-467A-9577-401DEAC1B851}" = dir=out | name=7digital music store | 
"{F63FCF2E-620E-41E1-A9C4-0D6B5CCF6C5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{F7BB4CE1-A529-4BC9-96AD-9A9E8491E659}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FA95115A-CA6F-414A-A99E-7F53C7BC31F2}" = dir=out | name=windows_ie_ac_001 | 
"TCP Query User{2A7C0266-F588-4822-9B86-8E9EBA054CE4}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{56A40565-4138-4951-B96C-7A23FE7BA64D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{829C7202-8ADD-424B-B2BB-C569444AE509}C:\users\radiorentals\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\radiorentals\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{A097E0C9-946A-4AA7-A40B-698A9C69DE4E}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"TCP Query User{A9CEB0FC-5D4C-4CC4-AA02-1CFFF351BB3B}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{CD5D0DD0-9017-4525-8BCF-98EA50500ADD}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{EC10AE13-5303-4019-8452-C7D0D43FCDF6}C:\program files (x86)\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\saints row iv\saintsrowiv.exe | 
"UDP Query User{376081E0-1AC9-4AA8-A4C8-436E0326030E}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{3FF069DE-DF16-411F-BC4D-3173F04B7B99}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"UDP Query User{8F1FA73A-03D7-4704-A2B8-6C31A630CBFA}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{94C36BCE-723E-4028-9208-1DCA1F410EE5}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{9DFEA123-07A8-40CC-99A0-31FE068C57D7}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{CAC101AC-EE18-42CF-B57A-5FB3556F2220}C:\users\radiorentals\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\radiorentals\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{CB517EA2-EEB9-4ACB-83D3-FC4D3054EAF5}C:\program files (x86)\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\saints row iv\saintsrowiv.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 305.46
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 305.46
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"CCleaner" = CCleaner
"lucky leap" = lucky leap 1.0.0
"McAfee Security Scan" = McAfee Security Scan Plus
"WinRAR archiver" = WinRAR 5.00 beta 8 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B145183-E986-4585-ADDF-0C73DB575112}" = PointGrab Hand Gesture Control
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = IR App
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{85DDD163-47A4-4751-A9F7-61CC86F8EE9C}" = CtrlPanel
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}" = LibreOffice 4.0.0.3
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{92586A21-3E08-4055-B413-8ACCAAB50A42}" = PointGrab Hand Gesture Control Tutorial
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99C28455-E285-4639-B4C6-9F747C0C3D4C}" = DayZ Commander
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}" = Nero 12 Essentials OEM.a01
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A6DC88AD-501A-44BC-884D-57435F972E2C}" = Hotkey Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}" = AVerMedia TV Player
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVerMedia A373 MiniCard Dual DVB-T" = AVerMedia A373 MiniCard Dual DVB-T 2.3.64.23
"BattlEye for OA" = BattlEye for OA Uninstall
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Google Chrome" = Google Chrome
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{4B145183-E986-4585-ADDF-0C73DB575112}" = PointGrab Hand Gesture Control
"InstallShield_{92586A21-3E08-4055-B413-8ACCAAB50A42}" = PointGrab Hand Gesture Control Tutorial
"InstallShield_{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}" = AVerMedia TV Player
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"LOLReplay" = LOLReplay
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NARA" = Norton Online Backup ARA
"News.net" = News.net
"PunkBusterSvc" = PunkBuster Services
"Razer Game Booster_is1" = Razer Game Booster
"Razer Surround" = Razer Surround
"Spotify" = Spotify
"Steam App 218620" = PAYDAY 2
"Steam App 220240" = Far Cry® 3
"Steam App 22380" = Fallout: New Vegas
"Steam App 227480" = God Mode
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 42910" = Magicka
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 91310" = Dead Island
"U2FpbnRzUm93SVY=_is1" = Saints Row IV
"Uplay" = Uplay
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 2.0.7
"Wajam" = Wajam
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-0684cde1-b228-4522-b2df-7ac0ce1ad347" = Plants vs. Zombies - Game of the Year
"WTA-10c7a8c5-17d3-42e9-97fc-ec237fcd179b" = Delicious: Emily's True Love Premium Edition
"WTA-380d4b1a-49b1-4964-baec-411bca7c41f2" = Zuma's Revenge
"WTA-8898e2b7-7e0d-465d-9fa4-6f8aa37e0620" = Agatha Christie - Death on the Nile
"WTA-96d6d974-189b-4255-a915-96624f514165" = Aloha TriPeaks
"WTA-9ad1694b-a366-4fba-8d30-05d37b88a7a9" = Penguins!
"WTA-a5eb0a21-4adc-43de-b70a-614649dca5ac" = Jewel Match 3
"WTA-b213a91b-e8cd-4ebc-ab9d-ef7185a38e88" = John Deere Drive Green
"WTA-c59479fb-475f-4f08-85e5-aeed1b8884ff" = Polar Bowler
"WTA-e1e82c43-e8bf-4f32-9059-f467c8f2cb18" = Governor of Poker 2 Premium Edition
"WTA-ef15111c-01d2-4dbf-9294-529b7d5e9fd3" = Magic Academy
"WTA-f07811f7-037e-4d69-8298-46cf1c9e3303" = Tales of Lagoona
"WTA-fac4bfbf-37ee-4463-a08e-9397d70a076a" = Final Drive: Nitro
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/12/2013 3:36:41 AM | Computer Name = rr | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1250
 
Error - 6/12/2013 2:50:36 AM | Computer Name = rr | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.2.9200.16579, time
 stamp: 0x516361b1  Faulting module name: libfftw3-3.dll, version: 0.0.0.0, time stamp:
 0x4a5b30dc  Exception code: 0xc0000005  Fault offset: 0x000000000000327c  Faulting process
 id: 0x498  Faulting application start time: 0x01cef1a1dd18ecd7  Faulting application
 path: C:\Windows\system32\AUDIODG.EXE  Faulting module path: C:\Windows\system32\libfftw3-3.dll
Report
 Id: b54db0d8-5e42-11e3-be95-2016d83c21d2  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 7/12/2013 1:08:44 AM | Computer Name = rr | Source = System Restore | ID = 8193
Description = 
 
Error - 9/12/2013 7:47:30 AM | Computer Name = rr | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files\WinZip\adxloader.dll.Manifest".Error
 in manifest or policy file "c:\program files\WinZip\adxloader.dll.Manifest" on 
line 2.  The manifest file root element must be assembly.
 
Error - 9/12/2013 7:49:16 AM | Computer Name = rr | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files\WinZip\adxloader.dll.Manifest".Error
 in manifest or policy file "c:\program files\WinZip\adxloader.dll.Manifest" on 
line 2.  The manifest file root element must be assembly.
 
Error - 9/12/2013 1:10:31 PM | Computer Name = rr | Source = System Restore | ID = 8193
Description = 
 
Error - 11/12/2013 1:04:17 PM | Computer Name = rr | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files\WinZip\adxloader.dll.Manifest".Error
 in manifest or policy file "c:\program files\WinZip\adxloader.dll.Manifest" on 
line 2.  The manifest file root element must be assembly.
 
Error - 12/12/2013 1:01:03 PM | Computer Name = rr | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files\WinZip\adxloader.dll.Manifest".Error
 in manifest or policy file "c:\program files\WinZip\adxloader.dll.Manifest" on 
line 2.  The manifest file root element must be assembly.
 
Error - 12/12/2013 1:01:49 PM | Computer Name = rr | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files\WinZip\adxloader.dll.Manifest".Error
 in manifest or policy file "c:\program files\WinZip\adxloader.dll.Manifest" on 
line 2.  The manifest file root element must be assembly.
 
Error - 13/12/2013 11:32:34 AM | Computer Name = rr | Source = System Restore | ID = 8193
Description = 
 
[ PG Log Events ]
Error - 5/10/2013 2:43:45 PM | Computer Name = rr | Source = Hand Gesture Control | ID = 0
Description = PGPanel (timerPGProcLauncher_Tick): [radiorentals] System.InvalidOperationException:
 Couldn't get process information from performance counter. ---> System.ComponentModel.Win32Exception:
 Unknown error (0xc0000017)     --- End of inner exception stack trace ---     at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
 
   at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)     at
 System.Diagnostics.Process.GetProcesses(String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName, String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName)     at PGSetup.PGSetupForm.timerPGProcLauncher_Tick(Object sender, EventArgs
 e)
 
Error - 5/10/2013 4:01:21 PM | Computer Name = rr | Source = Hand Gesture Control | ID = 0
Description = PGPanel (timerPGProcLauncher_Tick): [radiorentals] System.InvalidOperationException:
 Couldn't get process information from performance counter. ---> System.ComponentModel.Win32Exception:
 Unknown error (0xc0000017)     --- End of inner exception stack trace ---     at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
 
   at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)     at
 System.Diagnostics.Process.GetProcesses(String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName, String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName)     at PGSetup.PGSetupForm.timerPGProcLauncher_Tick(Object sender, EventArgs
 e)
 
Error - 5/10/2013 5:10:24 PM | Computer Name = rr | Source = Hand Gesture Control | ID = 0
Description = PGPanel (timerPGProcLauncher_Tick): [radiorentals] System.InvalidOperationException:
 Couldn't get process information from performance counter. ---> System.ComponentModel.Win32Exception:
 Unknown error (0xc0000017)     --- End of inner exception stack trace ---     at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
 
   at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)     at
 System.Diagnostics.Process.GetProcesses(String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName, String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName)     at PGSetup.PGSetupForm.timerPGProcLauncher_Tick(Object sender, EventArgs
 e)
 
Error - 5/10/2013 7:00:22 PM | Computer Name = rr | Source = Hand Gesture Control | ID = 0
Description = PGPanel (timerPGProcLauncher_Tick): [radiorentals] System.InvalidOperationException:
 Couldn't get process information from performance counter. ---> System.ComponentModel.Win32Exception:
 Unknown error (0xc0000017)     --- End of inner exception stack trace ---     at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
 
   at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)     at
 System.Diagnostics.Process.GetProcesses(String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName, String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName)     at PGSetup.PGSetupForm.timerPGProcLauncher_Tick(Object sender, EventArgs
 e)
 
Error - 5/10/2013 7:28:25 PM | Computer Name = rr | Source = Hand Gesture Control | ID = 0
Description = PGPanel (timerPGProcLauncher_Tick): [radiorentals] System.InvalidOperationException:
 Couldn't get process information from performance counter. ---> System.ComponentModel.Win32Exception:
 Unknown error (0xc0000017)     --- End of inner exception stack trace ---     at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
 
   at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)     at
 System.Diagnostics.Process.GetProcesses(String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName, String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName)     at PGSetup.PGSetupForm.timerPGProcLauncher_Tick(Object sender, EventArgs
 e)
 
Error - 5/10/2013 8:09:08 PM | Computer Name = rr | Source = Hand Gesture Control | ID = 0
Description = PGPanel (timerPGProcLauncher_Tick): [radiorentals] System.InvalidOperationException:
 Couldn't get process information from performance counter. ---> System.ComponentModel.Win32Exception:
 Unknown error (0xc0000017)     --- End of inner exception stack trace ---     at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
 
   at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)     at
 System.Diagnostics.Process.GetProcesses(String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName, String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName)     at PGSetup.PGSetupForm.timerPGProcLauncher_Tick(Object sender, EventArgs
 e)
 
Error - 5/10/2013 9:18:41 PM | Computer Name = rr | Source = Hand Gesture Control | ID = 0
Description = PGPanel (timerPGProcLauncher_Tick): [radiorentals] System.InvalidOperationException:
 Couldn't get process information from performance counter. ---> System.ComponentModel.Win32Exception:
 Unknown error (0xc0000017)     --- End of inner exception stack trace ---     at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
 
   at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)     at
 System.Diagnostics.Process.GetProcesses(String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName, String machineName)     at System.Diagnostics.Process.GetProcessesByName(String
 processName)     at PGSetup.PGSetupForm.timerPGProcLauncher_Tick(Object sender, EventArgs
 e)
 
[ System Events ]
Error - 6/12/2013 2:55:03 AM | Computer Name = rr | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the RzMaelstromVADStreamingService service.
 
Error - 6/12/2013 9:41:07 PM | Computer Name = rr | Source = Service Control Manager | ID = 7041
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   Logon failure:
 the user has not been granted the requested logon type at this computer.     Service:
 nvUpdatusService   Domain and account: .\UpdatusUser     This service account does not
 have the required user right "Log on as a service."     User Action     Assign "Log on 
as a service" to the service account on this computer. You can use Local Security
 Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check
 that this user right is assigned to the Cluster service account on all nodes in
 the cluster.     If you have already assigned this user right to the service account,
 and the user right appears to be removed, check with your domain administrator 
to find out if a Group Policy object associated with this node might be removing
 the right.
 
Error - 6/12/2013 9:41:07 PM | Computer Name = rr | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 9/12/2013 5:26:33 AM | Computer Name = rr | Source = Service Control Manager | ID = 7041
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   Logon failure:
 the user has not been granted the requested logon type at this computer.     Service:
 nvUpdatusService   Domain and account: .\UpdatusUser     This service account does not
 have the required user right "Log on as a service."     User Action     Assign "Log on 
as a service" to the service account on this computer. You can use Local Security
 Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check
 that this user right is assigned to the Cluster service account on all nodes in
 the cluster.     If you have already assigned this user right to the service account,
 and the user right appears to be removed, check with your domain administrator 
to find out if a Group Policy object associated with this node might be removing
 the right.
 
Error - 9/12/2013 5:26:33 AM | Computer Name = rr | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 11/12/2013 3:10:33 AM | Computer Name = rr | Source = Service Control Manager | ID = 7041
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   Logon failure:
 the user has not been granted the requested logon type at this computer.     Service:
 nvUpdatusService   Domain and account: .\UpdatusUser     This service account does not
 have the required user right "Log on as a service."     User Action     Assign "Log on 
as a service" to the service account on this computer. You can use Local Security
 Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check
 that this user right is assigned to the Cluster service account on all nodes in
 the cluster.     If you have already assigned this user right to the service account,
 and the user right appears to be removed, check with your domain administrator 
to find out if a Group Policy object associated with this node might be removing
 the right.
 
Error - 11/12/2013 3:10:33 AM | Computer Name = rr | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 13/12/2013 4:34:10 PM | Computer Name = rr | Source = DCOM | ID = 10010
Description = 
 
Error - 17/12/2013 5:20:27 AM | Computer Name = rr | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 17/12/2013 5:20:27 AM | Computer Name = rr | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
 
< End of report >
 

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 26 December 2013 - 12:25 PM

Hi shonofthedead,

Sorry for the delay. If you still need assistance please follow the steps outlined below.


My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 & 8 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"

=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:


  • uTorrent

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

bullseye2_zpse2245433.png Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Wajam
  • Lucky Leap
  • Delta toolbar
  • Delta Chrome Toolbar
  • News.net

=========================

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...120684&tsp=5027
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...120684&tsp=5027
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/07/11 05:28:16 | 000,037,909 | ---- | M] ()
    [2013/10/06 13:05:27 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\radiorentals\AppData\Roaming\mozilla\Firefox\Profiles\lhbi91kq.default\extensions\ffxtlbr@delta.com
    FF - prefs.js..browser.startup.homepage: "http://www.news.net/...hp?referid=118"
    O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
    O2 - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\ScriptHost.dll ()
    O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
    O2 - BHO: (lucky leap) - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (luckyleap)
    O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
    O4 - HKCU..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe (International News Network Limited)
    
    :Files
    C:\Program Files (x86)\lucky leap
    
    :Services
    WajamUpdater
    Util lucky leap
    Update lucky leap
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:


  • OTL fix log
  • aswMBR.txt
  • Fresh OTL.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 shonofthedead

shonofthedead

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 28 December 2013 - 01:28 AM

Hi OCD. No worries on the delay. I can't really complain when you guys are willing to help free of charge.

 

I've uninstalled the programs you listed. When I run the custom fix in OTL the program just stops responding.



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 December 2013 - 11:36 AM

Hi shonofthedead,

I've changed the script a little, please retry. If OTL hangs again just continue with the other steps and let me know in your next post.

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...120684&tsp=5027
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...120684&tsp=5027
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/07/11 05:28:16 | 000,037,909 | ---- | M] ()
    [2013/10/06 13:05:27 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\radiorentals\AppData\Roaming\mozilla\Firefox\Profiles\lhbi91kq.default\extensions\ffxtlbr@delta.com
    FF - prefs.js..browser.startup.homepage: "http://www.news.net/...hp?referid=118"
    O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
    O2 - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\ScriptHost.dll ()
    O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
    O2 - BHO: (lucky leap) - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (luckyleap)
    O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
    O4 - HKCU..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe (International News Network Limited)
    
    :Files
    C:\Program Files (x86)\lucky leap
    
    :Services
    WajamUpdater
    Util lucky leap
    Update lucky leap
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

  • OTL fix log
  • aswMBR.txt
  • Fresh OTL.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 December 2013 - 11:33 AM

Hi shonofthedead,

Just checking in to see if you still need assistance?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 January 2014 - 06:33 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users