Page 1 of 5 123 ... LastLast
Results 1 to 10 of 42
  1. #1
    Member
    Join Date
    Jul 2009
    Location
    UK
    Posts
    98
    Points
    2

    Default malwarebyte keeps finding PUP.Optional.Conduit.A even after it's quarantined

    dear all
    please can you help and do i need to be concerned. how can i get rid of it, could it have come on my computer with spotify??? here are the logs

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 10/07/2014
    Scan Time: 16:47:03
    Logfile: Malwarebytes log 100714.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.10.04
    Rootkit Database: v2014.07.09.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Fionagee10

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 277167
    Time Elapsed: 10 min, 0 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2229240954-3130237763-575997410-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, Quarantined, [0cd0732ae398b68027645db6c63e7789],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 4
    PUP.Optional.Conduit.A, C:\Users\Fionagee10\AppData\Local\Temp\nsi9F5A.exe, Quarantined, [fce0900d651646f09070deab29d89a66],
    PUP.Optional.Conduit.A, C:\Users\Fionagee10\AppData\Local\Temp\nskFB4A.exe, Quarantined, [e0fc009da8d3c76f34ccf198d52c7987],
    PUP.Optional.Conduit.A, C:\Users\Fionagee10\AppData\Local\Temp\nsnA9BC.exe, Quarantined, [f5e72a73adce23138b75246501009a66],
    PUP.Optional.Conduit.A, C:\Users\Fionagee10\AppData\Local\Temp\nsz7BE.exe, Quarantined, [8755306d5625072f0af67118f80940c0],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 07/10/2014 at 05:33 PM

    Application Version : 5.7.1026

    Core Rules Database Version : 11361
    Trace Rules Database Version: 9173

    Scan type : Complete Scan
    Total Scan Time : 00:07:37

    Operating System Information
    65 Edition 64-bit (Build 6.02.9200)
    UAC On - Limited User

    Memory items scanned : 601
    Memory threats detected : 0
    Registry items scanned : 65543
    Registry threats detected : 0
    File items scanned : 10343
    File threats detected : 3

    Adware.Tracking Cookie
    .doubleclick.net [ C:\USERS\FIONAGEE10\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FVG0L2RG.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\FIONAGEE10\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FVG0L2RG.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\FIONAGEE10\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FVG0L2RG.DEFAULT\COOKIES.SQLITE ]



    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 19:06:04, on 10/07/2014
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v10.0 (10.00.9200.16537)

    FIREFOX: 29.0.1 (en-GB)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Fionagee10\Downloads\HijackThis(2).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
    O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Fionagee10\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Fionagee10\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee AP Service (McAPExe) - Unknown owner - C:\Program Files\McAfee\MSC\McAPExe.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8608 bytes


    hope you can help
    thanks fiona

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    We need a more thorough scan,

    Please proceed and post 2 log files.


    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

  3. #3
    Member
    Join Date
    Jul 2009
    Location
    UK
    Posts
    98
    Points
    2

    Default

    hi zep,
    i can't get any results sent, i've tried from a different computer and nothing seems to be going through, i've spent a few hours trying to get through, is the help2go site down?
    regards
    fiona

  4. #4
    Member
    Join Date
    Jul 2009
    Location
    UK
    Posts
    98
    Points
    2

    Default

    obviously not as that just went through, maybe i'll try sending the results separately

  5. #5
    Member
    Join Date
    Jul 2009
    Location
    UK
    Posts
    98
    Points
    2

    Default

    hi,
    having real difficulty sending this as my computer seems to be blocking it and timing out, fingers crossed it goes this time


    OTL logfile created on: 11/07/2014 12:00:32 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fionagee10\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.17028)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.89 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 74.42% Memory free
    4.58 Gb Paging File | 3.53 Gb Available in Paging File | 77.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 279.45 Gb Total Space | 229.71 Gb Free Space | 82.20% Space Free | Partition Type: NTFS
    Drive D: | 398.07 Gb Total Space | 397.92 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

    Computer Name: ASUS | User Name: Fionagee10 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/07/11 11:58:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fionagee10\Downloads\OTL.exe
    PRC - [2014/07/10 16:02:49 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/07/10 16:02:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/09/23 13:29:48 | 000,019,256 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    PRC - [2013/08/19 18:35:26 | 000,055,368 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    PRC - [2013/08/16 15:29:08 | 000,183,408 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    PRC - [2013/03/08 16:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2012/10/26 15:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2012/10/17 20:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2012/10/05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2012/09/18 13:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    PRC - [2012/09/14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2012/08/31 20:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
    PRC - [2012/08/22 10:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/06/27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    PRC - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    PRC - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/07/10 16:02:50 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/07/10 16:02:49 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
    MOD - [2013/08/19 18:16:48 | 000,015,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
    MOD - [2013/08/16 11:03:12 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
    SRV:64bit: - [2014/07/10 16:02:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2014/05/30 00:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2014/03/29 09:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2013/10/10 23:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2013/08/16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2013/06/24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2013/06/01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2013/05/04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2013/05/04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2013/04/26 08:54:44 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2013/04/26 08:13:52 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2012/07/26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV - [2014/05/07 03:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/19 07:10:38 | 000,072,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe -- (Asus WebStorage Windows Service)
    SRV - [2012/12/13 23:14:24 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/10/05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2012/09/13 04:59:08 | 002,466,448 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2012/07/26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/06/27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
    SRV - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
    SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/07/10 16:03:04 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsp.sys -- (aswSP)
    DRV:64bit: - [2014/07/10 16:02:52 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2014/07/10 16:02:52 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswstm.sys -- (aswStm)
    DRV:64bit: - [2014/07/10 16:02:51 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsnx.sys -- (aswSnx)
    DRV:64bit: - [2014/07/10 16:02:51 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2014/07/10 16:02:51 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2014/07/10 16:02:51 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2014/07/10 16:02:51 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswHwid.sys -- (aswHwid)
    DRV:64bit: - [2014/03/28 20:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2014/03/23 23:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2013/10/10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2013/10/05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2013/10/02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2013/09/23 13:30:02 | 000,070,416 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
    DRV:64bit: - [2013/08/16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2013/08/10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2013/07/09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2013/07/02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2013/07/02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2013/06/29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2013/06/01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2013/04/26 08:54:44 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2013/04/26 08:49:58 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2013/04/26 08:46:00 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2013/04/26 08:43:00 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2013/04/26 08:21:13 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2013/04/26 08:19:03 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2013/04/26 08:13:22 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2013/04/26 08:13:22 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2013/03/02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2013/01/09 03:26:24 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2012/12/13 23:14:20 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/11/19 00:57:58 | 003,728,384 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
    DRV:64bit: - [2012/10/24 19:18:32 | 000,723,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
    DRV:64bit: - [2012/10/08 10:47:42 | 000,298,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
    DRV:64bit: - [2012/09/18 13:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
    DRV:64bit: - [2012/09/14 06:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/02 04:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/06/02 15:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2012/06/02 15:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2012/06/02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
    DRV:64bit: - [2012/05/31 04:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
    DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2229240954-3130237763-575997410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKU\S-1-5-21-2229240954-3130237763-575997410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-2229240954-3130237763-575997410-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2229240954-3130237763-575997410-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2229240954-3130237763-575997410-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.33
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/10 16:02:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2014/04/17 10:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fionagee10\AppData\Roaming\Mozilla\Extensions
    [2014/07/10 17:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fionagee10\AppData\Roaming\Mozilla\Firefox\Profiles\fvg0l2rg.default\extensions
    [2014/05/13 19:12:38 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\Fionagee10\AppData\Roaming\Mozilla\Firefox\Profiles\fvg0l2rg.default\extensions\the-addon-bar@GeekInTraining-GiT.xpi
    [2014/07/10 16:22:22 | 000,158,775 | ---- | M] () (No name found) -- C:\Users\Fionagee10\AppData\Roaming\Mozilla\Firefox\Profiles\fvg0l2rg.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi
    [2014/07/10 17:16:28 | 000,538,443 | ---- | M] () (No name found) -- C:\Users\Fionagee10\AppData\Roaming\Mozilla\Firefox\Profiles\fvg0l2rg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2014/05/13 16:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/05/13 16:34:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2014/07/10 16:02:53 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

    O1 HOSTS File: ([2014/04/15 21:20:55 | 000,450,639 | R--- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 [广场舞老婆最大恰恰,广场舞民族舞,云裳广场舞桃花运恰恰],2014首页
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben&#46;com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 博彩通,博彩网,金宝博188,博彩通评级,百家乐,奥妙百家乐
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15467 more lines...
    O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe (ASUS Cloud Corporation)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-2229240954-3130237763-575997410-1001..\Run: [Spotify] C:\Users\Fionagee10\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    O4 - HKU\S-1-5-21-2229240954-3130237763-575997410-1001..\Run: [Spotify Web Helper] C:\Users\Fionagee10\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.24.202.69 62.24.139.9
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38FB6C69-B012-4A99-AF38-458BB234A465}: DhcpNameServer = 62.24.202.69 62.24.139.9
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E797A57A-5B54-47A3-A944-48A40856AB81}: DhcpNameServer = 192.168.72.1
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (sdnclean64.exe)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/07/10 21:07:54 | 000,703,968 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/07/10 21:07:54 | 000,105,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/07/10 21:05:55 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
    [2014/07/10 16:34:45 | 003,246,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2014/07/10 16:34:45 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2014/07/10 16:34:37 | 001,440,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
    [2014/07/10 16:34:36 | 001,557,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
    [2014/07/10 16:34:13 | 001,301,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
    [2014/07/10 16:33:28 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
    [2014/07/10 16:33:13 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
    [2014/07/10 16:33:13 | 000,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
    [2014/07/10 16:33:10 | 001,281,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2014/07/10 16:31:58 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/07/10 16:31:58 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
    [2014/07/10 16:31:58 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
    [2014/07/10 16:31:58 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
    [2014/07/10 16:31:22 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
    [2014/07/10 16:28:06 | 000,000,000 | ---D | C] -- C:\Users\Fionagee10\AppData\Local\BBC
    [2014/07/10 16:08:59 | 006,974,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2014/07/10 16:08:59 | 001,023,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
    [2014/07/10 16:08:58 | 001,824,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2014/07/10 16:08:57 | 000,693,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
    [2014/07/10 16:08:57 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
    [2014/07/10 16:08:57 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
    [2014/07/10 16:08:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
    [2014/07/10 16:08:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    [2014/07/10 16:08:56 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
    [2014/07/10 16:08:43 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2014/07/10 16:08:43 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2014/07/10 16:08:39 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/07/10 16:08:34 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/07/10 16:08:31 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/07/10 16:08:31 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/07/10 16:08:27 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/07/10 16:08:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/07/10 16:08:19 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
    [2014/07/10 16:08:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/07/10 16:08:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/07/10 16:08:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2014/07/10 16:08:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2014/07/10 16:08:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/07/10 16:08:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/07/10 16:08:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/07/10 16:08:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
    [2014/07/10 16:08:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
    [2014/07/10 16:08:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/07/10 16:08:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/07/10 16:08:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/07/10 16:08:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/07/10 16:08:05 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
    [2014/07/10 16:08:04 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
    [2014/07/10 16:02:51 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

    ========== Files Created - No Company Name ==========

    [2014/07/10 23:38:35 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/05/11 13:03:13 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
    [2014/04/19 15:01:42 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
    [2014/04/14 16:33:58 | 000,000,074 | ---- | C] () -- C:\Users\Fionagee10\AppData\Roaming\sp_data.sys
    [2013/09/26 10:59:45 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
    [2013/09/26 10:59:44 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2013/09/26 10:59:43 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
    [2013/04/26 00:15:21 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
    [2013/04/26 00:15:21 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
    [2013/04/26 00:15:21 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
    [2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2012/07/25 21:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
    [2012/07/25 21:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin

    ========== ZeroAccess Check ==========


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 09:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 07:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >

  6. #6
    Member
    Join Date
    Jul 2009
    Location
    UK
    Posts
    98
    Points
    2

    Default

    OTL Extras logfile created on: 11/07/2014 12:00:32 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fionagee10\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.17028)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.89 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 74.42% Memory free
    4.58 Gb Paging File | 3.53 Gb Available in Paging File | 77.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 279.45 Gb Total Space | 229.71 Gb Free Space | 82.20% Space Free | Partition Type: NTFS
    Drive D: | 398.07 Gb Total Space | 397.92 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

    Computer Name: ASUS | User Name: Fionagee10 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2229240954-3130237763-575997410-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{08DF9207-336B-4D4F-B1FD-122BC45D324B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{CACDB418-5466-44CB-97EB-234638B11E8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{010DD732-4B49-48A9-9472-240B408531BB}" = dir=out | name=windows_ie_ac_001 |
    "{0A76A7C8-76DB-4433-A88E-B8569D71AD5B}" = protocol=17 | dir=in | app=c:\users\fionagee10\appdata\roaming\spotify\spotify.exe |
    "{15A084D0-F313-4577-9F2A-848CD09F671E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{22895497-D0BA-4BDB-9E2F-9EA209A30D9B}" = protocol=6 | dir=in | app=c:\users\fionagee10\appdata\roaming\spotify\spotify.exe |
    "{22B1550E-4DF2-4C8B-97B6-CC26F9FE62A4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{2DE22B00-1E0F-4A07-8BAC-DF3A53ED77D9}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{2EF63B09-7501-4697-BE49-02D9491DBD8A}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{37E2F6B6-816C-47A7-8DA6-13D8D22A70F0}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{3AB3F81C-4037-4AA2-AA38-919F8633C165}" = dir=out | name=fresh paint |
    "{3DF7A4C8-B86A-402E-A199-AC7B9A18F1E5}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{3E97CA48-4024-492A-AF38-33928D6DF604}" = dir=in | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{44418A6C-C996-4A5D-9B04-F1A532860B83}" = dir=in | name=skype |
    "{4F99DAD3-9918-43A1-880C-D60D9E517C67}" = dir=out | name=@{magix.musicmakerjam_2.0.1023.6_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
    "{60B78CF9-1102-4B96-9CB2-F7E786F76008}" = dir=in | name=@{magix.musicmakerjam_2.0.1023.6_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
    "{635F8FD0-0D06-4082-8E48-23CA7F4856B4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{68E179C2-AFA8-458A-BD88-118860836333}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{6BFDC969-5A62-4448-976D-B7F98386FFE8}" = dir=in | name=pinball fx2 |
    "{6E2E265B-2645-4113-9ADA-E85ED5620323}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "{70F7772E-C4E7-414B-9952-CFA2A037F509}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{7B29237E-C24E-4231-B001-4E4B67448F57}" = dir=out | name=skype |
    "{7CD5B408-9FC1-43CB-A67D-3E3FF0E2CB04}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{800C7320-F131-47CB-8273-BA1B6A0C1957}" = dir=out | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{84FB1519-390F-4560-A57C-B5A9E2DF0D9A}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{8AE2E977-0278-4B9E-8F04-9B4442093DE1}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
    "{8F742722-EB63-4B60-8280-435B83C49A8F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{9534A4EE-63A1-468F-A7AD-E6EF4C928C18}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{95F0BCDB-6174-439F-8A04-75C3D469C279}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
    "{974E6910-3392-4819-BE91-A281C896BFD5}" = dir=out | name=- games app - |
    "{99AB5382-1059-45AC-AAEB-E32736E99DF9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{A0AEA317-B9CD-41EA-A673-7061A4D12A27}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{A88059CC-86E1-4FD0-A71D-3403B27AED04}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{B7BCF329-D531-4DB3-A5FB-17740B9987EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BFF9C9C4-7F0B-461F-BD94-23D1C6DC5794}" = dir=out | name=pinball fx2 |
    "{C740A406-9340-4200-8B23-570EF97D4954}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D3B75E3B-2140-4550-B623-00F75846743A}" = dir=out | name=@{microsoft.zunevideo_1.5.802.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
    "{DC134CDA-AEB2-436E-94E5-D8F407E5AFC9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{E1336A37-4D0A-445F-839F-1E5A2DDBD3F9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{E26A97FE-8CD5-46D7-9980-85F5A0078C65}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{EF3F4064-66D4-49C9-A258-5D46CB898AD1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{F0941CC8-508C-4E2C-AD2A-2BBE83EBF4E4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{F15D786D-F3AB-451E-BCB5-0449DCAF26EA}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{FF685904-0E32-4C0B-A090-A5109B575D02}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "TCP Query User{8C26E880-7050-47DC-8157-98824E0D8DE1}C:\users\fionagee10\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\fionagee10\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{20E71965-6649-483E-82F8-3AD9ED59A3F1}C:\users\fionagee10\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\fionagee10\appdata\roaming\spotify\spotify.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}" = ASUS Screen Saver
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
    "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
    "{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel Trusted Connect Service Client
    "D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A" = Windows Driver Package - ASUS (ATP) Mouse (09/17/2013 1.0.0.186)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
    "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
    "{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
    "{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
    "{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
    "{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
    "{60094A87-D184-4616-9538-F111C02042F8}" = BBC iPlayer Downloads
    "{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
    "{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus" = WildTangent Games App
    "{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
    "{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
    "{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
    "{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
    "{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.10) MUI
    "{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
    "{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
    "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
    "{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
    "{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
    "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
    "{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
    "{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
    "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "Asus Vibe2.0" = AsusVibe2.0
    "ASUS WebStorage" = ASUS WebStorage Sync Agent
    "Avast" = avast! Free Antivirus
    "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.11.35.514
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "Mozilla Firefox 29.0.1 (x86 en-GB)" = Mozilla Firefox 29.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyBitCast" = MyBitCast 2.0
    "VLC media player" = VLC media player 2.1.3
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0eda17f7-fdf1-44cd-87c0-caf591ca3a2e" = Penguins!
    "WTA-4ac01422-47f4-450d-be29-dd2c93505f68" = Peggle
    "WTA-874d1d57-0527-4e80-adaa-bce83e1a070b" = Azteca
    "WTA-cf23f5a3-be59-42a3-91d4-7147cb84c427" = Bejeweled 3
    "WTA-d927468d-46de-4206-b527-35d00680ffb7" = Tales of Lagoona
    "WTA-f9eaaca9-82be-44ea-8a23-da50b5803b42" = Cut the Rope

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2229240954-3130237763-575997410-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 17/06/2014 15:05:49 | Computer Name = Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 14253468

    Error - 19/06/2014 20:31:21 | Computer Name = Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 19/06/2014 20:31:21 | Computer Name = Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 14253109

    Error - 19/06/2014 20:31:21 | Computer Name = Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 14253109

    Error - 02/07/2014 12:09:24 | Computer Name = Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 02/07/2014 12:09:24 | Computer Name = Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1594

    Error - 02/07/2014 12:09:24 | Computer Name = Asus | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1594

    Error - 10/07/2014 07:36:19 | Computer Name = Asus | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
    Description = App Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps did not launch within
    its allotted time.

    Error - 10/07/2014 07:36:52 | Computer Name = Asus | Source = Application Hang | ID = 1002
    Description = The program Map.exe version 1.6.1821.2624 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 8f8 Start
    Time: 01cf9c3321a7b6fc Termination Time: 4294967295 Application Path: C:\Program
    Files\WindowsApps\Microsoft.BingMaps_1.6.1821.2624_x64__8wekyb3d8bbwe\Map.exe Report
    Id: 6a8dabe3-0826-11e4-be92-e03f49d8a697 Faulting package full name: Microsoft.BingMaps_1.6.1821.2624_x64__8wekyb3d8bbwe

    Faulting
    package-relative application ID: AppexMaps

    Error - 10/07/2014 07:36:52 | Computer Name = Asus | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
    Description = Activation of application Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps
    failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log
    for additional information.

    [ System Events ]
    Error - 10/07/2014 11:04:59 | Computer Name = Asus | Source = Microsoft-Windows-Kernel-General | ID = 6
    Description =

    Error - 10/07/2014 11:05:23 | Computer Name = Asus | Source = Service Control Manager | ID = 7003
    Description = The McAfee AP Service service depends on the following service: mfevtp.
    This service might not be installed.

    Error - 10/07/2014 12:09:43 | Computer Name = Asus | Source = Microsoft-Windows-Kernel-General | ID = 6
    Description =

    Error - 10/07/2014 12:10:17 | Computer Name = Asus | Source = Service Control Manager | ID = 7003
    Description = The McAfee AP Service service depends on the following service: mfevtp.
    This service might not be installed.

    Error - 10/07/2014 16:06:32 | Computer Name = Asus | Source = Microsoft-Windows-Kernel-General | ID = 6
    Description =

    Error - 10/07/2014 16:07:30 | Computer Name = Asus | Source = Service Control Manager | ID = 7003
    Description = The McAfee AP Service service depends on the following service: mfevtp.
    This service might not be installed.

    Error - 10/07/2014 18:38:23 | Computer Name = Asus | Source = Microsoft-Windows-Kernel-General | ID = 6
    Description =

    Error - 10/07/2014 18:39:13 | Computer Name = Asus | Source = Service Control Manager | ID = 7003
    Description = The McAfee AP Service service depends on the following service: mfevtp.
    This service might not be installed.

    Error - 11/07/2014 06:55:44 | Computer Name = Asus | Source = Microsoft-Windows-Kernel-General | ID = 6
    Description =

    Error - 11/07/2014 06:56:16 | Computer Name = Asus | Source = Service Control Manager | ID = 7003
    Description = The McAfee AP Service service depends on the following service: mfevtp.
    This service might not be installed.


    < End of report >

  7. #7
    Member
    Join Date
    Jul 2009
    Location
    UK
    Posts
    98
    Points
    2

    Default

    success... phew

  8. #8
    Member
    Join Date
    Jul 2009
    Location
    UK
    Posts
    98
    Points
    2

    Default

    my sound on the computer went completely last night and when i went into troubleshooting they told me to go back to a previous restore point which i did. i also uninstalled spotify as avast said it was trying to download an unrecognised program which was rare and could be a problem. hope that doesn't hinder your help.
    all the best fiona

  9. #9
    Member
    Join Date
    Jul 2009
    Location
    UK
    Posts
    98
    Points
    2

    Default

    hi zep
    here is todays superantispyware log which found some nasties on my laptop

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 07/13/2014 at 01:03 PM

    Application Version : 5.7.1026

    Core Rules Database Version : 11364
    Trace Rules Database Version: 9176

    Scan type : Complete Scan
    Total Scan Time : 00:06:43

    Operating System Information
    65 Edition 64-bit (Build 6.02.9200)
    UAC On - Limited User

    Memory items scanned : 557
    Memory threats detected : 0
    Registry items scanned : 65543
    Registry threats detected : 0
    File items scanned : 9559
    File threats detected : 7

    Adware.Tracking Cookie
    C:\Users\Fionagee10\AppData\Roaming\Microsoft\Windows\Cookies\Low\C4GYJI57.txt [ /tribalfusion.com ]
    C:\Users\Fionagee10\AppData\Roaming\Microsoft\Windows\Cookies\Low\JVBQC672.txt [ /www.googleadservices.com ]
    .doubleclick.net [ C:\USERS\FIONAGEE10\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FVG0L2RG.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\FIONAGEE10\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FVG0L2RG.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\FIONAGEE10\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FVG0L2RG.DEFAULT\COOKIES.SQLITE ]

    Trojan.Agent/Gen-Hamweq
    C:\USERS\FIONAGEE10\DOWNLOADS\SPOTIFYSETUP(1).EXE
    C:\Windows\Prefetch\SPOTIFYSETUP(1).EXE-3F609776.pf

  10. #10
    Member
    Join Date
    Jul 2009
    Location
    UK
    Posts
    98
    Points
    2

    Default

    just looking through the otl logfiles and noticed the red highlighted stuff. how would sex websites and porn sites get on my computer when i don't visit any of those places??? and no-one else has used my laptop, it's fairly new.....

Page 1 of 5 123 ... LastLast