Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Video Codec installation disabled anti-virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Video Codec installation disabled anti-virus

Unread postby pgmigg » July 19th, 2015, 12:01 am

Hello madmurph,

-Other than for program installations, computer remains disconnected from the Internet until MBAM and McAfee issues are resolved.
If you could installed Avast Free properly, you can be connected to Internet as usual - the MBAM is good but optional scanner.

Do I understand correctly that Step 4 was run completely and successfully?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 1:07 am

Yes, Step 4 was run completely and successfully.
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby pgmigg » July 19th, 2015, 11:28 am

Hello madmurph,

Yes, Step 4 was run completely and successfully.
Very good! :D It means that your computer has active defense program and you are protected.
In such case, I would like to ask you, before going to start to run all steps below, to connect your computer to Internet as usual!

Step 1.
Download ComboFix Image
  1. Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
    If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.
  2. The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
    You will not have Internet access when you execute ComboFix.
  3. Close all open application windows.

Step 2.
Disable your Avast Free
  1. Right click on Avast round orange icon in the system tray at right bottom corner and select Avast shields control. There will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.
  2. Please select "Disable until the computer is restarted".

Step 3.
Run ComboFix Image
  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press I Agree to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the [b]ComboFix window, as this may cause the program to stall or crash!
    ComboFix may reboot your computer allow this and follow all directions given.
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.


Step 42.
Check and Enable your Avast Free
  1. If your see that Avast round orange icon in the system tray at right bottom corner has small white crest on the red background, please run paragraphs 2 and 3 here. Otherwise do nothing.
  2. Right click on Avast round orange icon in the system tray at right bottom corner and select Avast shields control. There will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently, as well as enable all shields.
  3. Please select "Enable all shields".

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ComboFix.txt log file
  3. Do you see any changes in computer behavior?


Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 12:34 pm

A. Mid-way through the ComboFix process, I have received a warning message that the program is "Unable to create a backup of the current registry file: C:\Windows\System32\config\system! Continue restoration of this file?" I have stopped operations until advised as how to proceed. Awaiting your response. Thank you.
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby pgmigg » July 19th, 2015, 1:17 pm

Hello madmurph,

Mid-way through the ComboFix process, I have received a warning message that the program is "Unable to create a backup of the current registry file: C:\Windows\System32\config\system! Continue restoration of this file?" I have stopped operations until advised as how to proceed. Awaiting your response.
When you wrote "I have stopped operations", is it meansthat you killed ComboFix or just waiting for my answer?

OK.

  1. If you killed ComboFix already, please restart you computer and run the whole set of steps again.
    1. On the questions like "Continue restoration of this file?" please select "Yes".
    2. If you will have any questions please don't kill ComboFx and ask me - I will be near computer today at least within next 8 hours...
  2. If the ComdoFix is running and waiting for his answer, please select "Yes"...


Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ComboFix.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 1:42 pm

Hi pgmigg -

Thank you for your prompt response and attention to my problems and guestions.

A. In the implementation of ComboFix, I did not kill the process when confronted with the unexpected warning window(s) - it turned out there were several; I waited for a response from you as to how to proceed, as this issue was not addressed in your initial instructions or the ComboFix online instructions. An awareness, in advance, for the potential of these informational screens and the appropriate response would be helpful in the future in expediting repair instructions seamlessly. No other problems encountered afterwards.

B. log file included in this post.

C. computer seems to be running fine. All icons, other than USB, have disappeared from the system tray...including the Avast tray icon referred to in your instructions. I was able to verify Avast is running through the normal program Start Menu.

Thank you for your help in solving my computer problems, it is greatly appreciated...mm
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 1:43 pm

ComboFix log:
ComboFix 15-07-18.01 - Tommy 07/19/2015 9:23.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16330.12919 [GMT -7:00]
Running from: e:\users\Tommy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\7433cdb324b04dd5e3c3db213381216c7c539baa
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
((((((((((((((((((((((((( Files Created from 2015-06-19 to 2015-07-19 )))))))))))))))))))))))))))))))
.
.
2015-07-18 20:59 . 2015-07-18 20:59 -------- d-----w- c:\users\Tommy\AppData\Roaming\AVAST Software
2015-07-18 20:58 . 2015-07-18 20:58 -------- d-----w- c:\program files\Google
2015-07-18 20:58 . 2015-07-18 20:58 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-18 20:58 . 2015-07-18 20:58 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-18 20:58 . 2015-07-18 20:58 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-18 20:58 . 2015-07-18 20:58 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-07-18 20:58 . 2015-07-18 20:58 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-18 20:58 . 2015-07-18 20:58 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-18 20:58 . 2015-07-18 20:58 150160 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-18 20:58 . 2015-07-18 20:58 1048856 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-18 20:58 . 2015-07-18 20:58 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-07-18 20:58 . 2015-07-18 20:58 43112 ----a-w- c:\windows\avastSS.scr
2015-07-18 20:57 . 2015-07-18 20:57 -------- d-----w- c:\program files\AVAST Software
2015-07-18 20:57 . 2015-07-18 20:57 -------- d-----w- c:\programdata\AVAST Software
2015-07-18 20:56 . 2015-07-18 20:56 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-07-15 12:29 . 2015-07-15 12:30 -------- d-----w- C:\MGADiagToolOutput
2015-07-15 12:29 . 2015-07-15 12:29 -------- d-----w- c:\programdata\Office Genuine Advantage
2015-07-14 13:57 . 2015-07-16 05:43 -------- d-sh--w- c:\programdata\157313
2015-06-22 22:09 . 2015-05-19 03:29 46768 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-06-22 22:09 . 2015-05-19 03:14 57520 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-19 16:18 . 2015-01-03 17:50 1048576 ----a-w- c:\windows\PE_Rom.dll
2015-07-18 22:08 . 2013-08-18 22:46 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-07-18 22:08 . 2013-12-13 21:43 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-07-18 22:08 . 2013-12-13 21:43 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-07-11 06:18 . 2013-08-19 15:25 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-11 06:18 . 2013-08-19 15:25 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-18 23:47 . 2013-11-06 22:13 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-06-18 23:47 . 2013-08-18 06:27 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-06-18 23:47 . 2013-08-18 06:27 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-06-18 15:41 . 2014-08-05 16:20 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 15:41 . 2014-08-05 16:20 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 15:41 . 2013-09-06 22:36 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:27 . 2014-08-05 16:20 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-17 09:10 . 2015-01-23 18:13 15866992 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-06-17 09:10 . 2013-08-18 00:10 112784 ----a-w- c:\windows\system32\OpenCL.dll
2015-06-17 09:10 . 2013-08-18 00:10 105288 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-06-17 09:10 . 2013-08-18 00:08 3395648 ----a-w- c:\windows\system32\nvapi64.dll
2015-06-17 09:10 . 2013-08-18 00:08 17724600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-06-17 09:10 . 2013-08-18 00:08 1567576 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-06-17 09:10 . 2013-08-18 00:08 12855416 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-06-17 06:48 . 2013-08-18 00:10 937616 ----a-w- c:\windows\system32\nvvsvc.exe
2015-06-17 06:48 . 2014-12-16 19:01 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-06-17 06:48 . 2013-08-18 00:10 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-06-17 06:48 . 2013-08-18 00:10 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-06-17 06:48 . 2013-08-18 00:10 6873232 ----a-w- c:\windows\system32\nvcpl.dll
2015-06-17 06:48 . 2013-08-18 00:10 3492168 ----a-w- c:\windows\system32\nvsvc64.dll
2015-06-11 18:41 . 2013-08-19 02:27 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-03 21:04 . 2014-08-01 15:07 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-06-03 21:04 . 2014-01-26 14:47 1320304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-06-03 21:04 . 2014-08-01 15:07 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-06-03 21:04 . 2014-01-26 14:47 1571696 ----a-w- c:\windows\system32\nvspcap64.dll
2015-06-02 14:11 . 2013-08-18 00:10 4421614 ----a-w- c:\windows\system32\nvcoproc.bin
2015-06-01 19:16 . 2015-06-11 18:40 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-11 18:40 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-14 14:07 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-14 14:07 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:23 . 2015-06-14 14:07 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:21 . 2015-06-14 14:07 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-14 14:07 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-14 14:07 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-14 14:07 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-14 14:07 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-14 14:07 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-14 14:07 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-14 14:07 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-14 14:07 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-14 14:07 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-14 14:07 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-14 14:07 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-14 14:07 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-14 14:07 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-14 14:07 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-14 14:07 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-14 14:07 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-14 14:07 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-14 14:07 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-14 14:07 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-14 14:07 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-14 14:07 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-14 14:07 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-14 14:07 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-14 14:07 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-14 14:07 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-14 14:07 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-14 14:07 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-14 14:07 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-14 14:07 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-14 14:07 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-14 14:07 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-14 14:07 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-14 14:07 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-14 14:07 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-14 14:07 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-14 14:07 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-14 14:07 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-14 14:07 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-14 14:07 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-14 14:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-10-18 2678784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-21 60712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-07-02 2303152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-18 6109776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-0000-0000000FF1CE}"="del" [X]
"{90140000-0018-0409-0000-0000000FF1CE}"="del" [X]
.
c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe /noballoononstart [2013-9-1 333088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys;c:\windows\SYSNATIVE\DRIVERS\dccmtr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-18 20:58 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05 00:49]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05 00:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-18 20:58 777544 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-08 6827664]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-08-06 1215632]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-03 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-06-03 1571696]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-05-26 500936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-07 169768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.yahoo.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\y98vf7h5.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@Allowed: (Read) (RestrictedCode)
@=hex:26,6a,f6,6c,43,db,ce,01
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_203_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_203_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:11,5e,6a,0a,dc,9d,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:5c,a9,2d,ed,db,9d,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:7f,d8,47,ed,db,9d,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:6f,0a,ac,eb,db,9d,ce,01
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2015-07-19 10:23:02 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-19 17:23
.
Pre-Run: 135,494,230,016 bytes free
Post-Run: 134,621,298,688 bytes free
.
- - End Of File - - 030E873201A0D1CC6D3CC4A139248695
A36C5E4F47E84449FF07ED3517B43A31
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby pgmigg » July 19th, 2015, 3:18 pm

Hello madmurph,

Congratulations! :D Let continue our treatment...

C. computer seems to be running fine. All icons, other than USB, have disappeared from the system tray...including the Avast tray icon referred to in your instructions. I was able to verify Avast is running through the normal program Start Menu.
Please do the following:
  1. You need to find "Show hidden icons" icon in the system tray - it looks like white triangle pointed top.
  2. Left click on that icin and select Customize....
  3. In the opened window please find avast! Antivirus in the left list of Icons, then in the according menu from right Behaviors list please select Show icon and notifications.
By the way, you can customize any other icons you would like to see or hide in the system tray...

Step 1.
SystemLook
  1. You should still have SystemLook_x64.exe on your desktop.
  2. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  3. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *Malwarebytes*
    *McAfee*
    
    :folderfind
    *Malwarebytes*
    *McAfee*
    
    :Regfind
    Malwarebytes
    McAfee
    
  4. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  5. Please post the contents of the SystemLook.txt file in your next reply.

Step 2.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the SystemLook.txt log file
  3. Contents of the ESETScan.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 7:51 pm

A. no problems executing instructions or programs.
B. contents of SystemLook.txt log file as follows:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:00 on 19/07/2015 by Tommy
Administrator - Elevation successful

========== filefind ==========

Searching for "*Malwarebytes*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk --a---- 1124 bytes [16:20 05/08/2014] [21:02 11/05/2015] 394CA27129DA6D41DC7A4DA742EC239C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk --a---- 1148 bytes [16:20 05/08/2014] [21:02 11/05/2015] E6DB911F1E027C266E0A58F916030EAD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk --a---- 1419 bytes [16:20 05/08/2014] [21:02 11/05/2015] 2910C88E9CE92713671AFBCB74ADE06A
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk --a---- 1124 bytes [16:20 05/08/2014] [21:02 11/05/2015] 394CA27129DA6D41DC7A4DA742EC239C
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk --a---- 1148 bytes [16:20 05/08/2014] [21:02 11/05/2015] E6DB911F1E027C266E0A58F916030EAD
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk --a---- 1419 bytes [16:20 05/08/2014] [21:02 11/05/2015] 2910C88E9CE92713671AFBCB74ADE06A
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk --a---- 1106 bytes [22:36 06/09/2013] [21:02 11/05/2015] 035A2D404A95AA6E041485A55B591BCC
C:\Users\Tommy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KNBQBCO2\www.malwarebytes[1].xml --a---- 162 bytes [14:16 14/07/2015] [14:16 14/07/2015] 2692473E02D8140E543C39B8C1F2EFB7

Searching for "*McAfee*"
C:\Windows\Microsoft.NET\assembly\GAC_64\McAfee.CSP.ClientAPI\v4.0_1.3.374.0__a63667ab4267742d\McAfee.CSP.ClientAPI.dll --a---- 12664 bytes [18:14 12/06/2015] [18:14 12/06/2015] DE5EED986D5E822AEA6F17D3208041CA

========== folderfind ==========

Searching for "*Malwarebytes*"
C:\Program Files (x86)\Malwarebytes Anti-Malware d------ [16:20 05/08/2014]
C:\Program Files (x86)\Malwarebytes' Anti-Malware d------ [22:36 06/09/2013]
C:\ProgramData\Malwarebytes d------ [22:36 06/09/2013]
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware d------ [16:20 05/08/2014]
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware d------ [22:36 06/09/2013]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware d------ [16:20 05/08/2014]
C:\Users\All Users\Malwarebytes d------ [22:36 06/09/2013]
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware d------ [16:20 05/08/2014]
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware d------ [22:36 06/09/2013]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware d------ [16:20 05/08/2014]
C:\Users\Tommy\AppData\Roaming\Malwarebytes d------ [22:37 06/09/2013]

Searching for "*McAfee*"
C:\Program Files\McAfee d------ [23:53 17/08/2013]
C:\Program Files (x86)\McAfee d------ [23:53 17/08/2013]
C:\ProgramData\McAfee d------ [23:47 17/08/2013]
C:\Users\All Users\McAfee d------ [23:47 17/08/2013]
C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee d------ [02:09 18/07/2015]
C:\Windows\Microsoft.NET\assembly\GAC_64\McAfee.CSP.ClientAPI d------ [18:14 12/06/2015]

========== Regfind ==========

Searching for "Malwarebytes"
[HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Malwarebytes Anti-Malware]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Malwarebytes Anti-Malware]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"="Malwarebytes Anti-Malware "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
"Path"="C:\Program Files (x86)\Malwarebytes Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
"Inno Setup: App Path"="C:\Program Files (x86)\Malwarebytes Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
"InstallLocation"="C:\Program Files (x86)\Malwarebytes Anti-Malware\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
"Inno Setup: Icon Group"="Malwarebytes Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
"DisplayName"="Malwarebytes Anti-Malware version 2.1.6.1022"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
"DisplayIcon"="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
"UninstallString"=""C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
"QuietUninstallString"=""C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
"Publisher"="Malwarebytes Corporation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
"URLInfoAbout"="http://www.malwarebytes.org"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
"Path"="C:\Program Files (x86)\Malwarebytes Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Malwarebytes' Anti-Malware]
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Malwarebytes Anti-Malware]
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Malwarebytes Anti-Malware]
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"="Malwarebytes Anti-Malware "
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"="Malwarebytes Anti-Malware "

Searching for "McAfee"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1776651a_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\PROGRA~2\McAfee\MSC\mchlp32.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a1f3f401_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\Program Files (x86)\McAfee\MSC\mchlp32.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Documents\stinger64-epo\stinger.exe"="McAfee Stinger"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\Virus\MCPR.exe"="McAfee ESD Package"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\x64\MCSACO~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F936876-EB3C-4C5B-810D-05E1F36CB130}\InprocServer32]
@="c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{861CEB0E-B6F3-4DA8-A7E7-DBC43D335628}\InProcServer32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DFD2991-CE6C-403C-B287-94E7F0D5BA07}\InProcServer32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCspCorePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}\LocalServer32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPService.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B62A9F7D-4F97-4740-9EEE-3554F2AD2E4B}\InprocServer32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}]
@="McAfee Host SA Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}\InprocServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\sasshmod.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\844C97FE649617D41843300487880C45\SourceList]
"LastUsedSource"="n;1;C:\PROGRA~2\McAfee\Temp\qxz193A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\844C97FE649617D41843300487880C45\SourceList\Net]
"1"="C:\PROGRA~2\McAfee\Temp\qxz193A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPService.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCspCorePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32]
@="c:\PROGRA~2\mcafee\SITEAD~1\saui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR]
@="c:\PROGRA~2\mcafee\SITEAD~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\MCSACO~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{601D72B9-326F-46CD-815E-12D5D15761BA}\LocalServer32]
@=""c:\PROGRA~2\mcafee\SITEAD~1\saui.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPService.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCspCorePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32]
@="c:\PROGRA~2\mcafee\SITEAD~1\saui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR]
@="c:\PROGRA~2\mcafee\SITEAD~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"path"="C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
@="C:\Program Files (x86)\McAfee\SiteAdvisor\siteadvisor.mcafee.chrome.extension.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}]
"AppPath"="c:\Program Files (x86)\McAfee\SiteAdvisor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
"Contact"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
"InstallSource"="C:\PROGRA~2\McAfee\Temp\qxz193A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
"Publisher"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
"Contact"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
"InstallSource"="C:\PROGRA~2\McAfee\Temp\qxz193A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
"Publisher"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ASUS\AI-SUITE_II\Network iControl\Rules]
"Full_App_Name_6"="C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"path"="C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
@="C:\Program Files (x86)\McAfee\SiteAdvisor\siteadvisor.mcafee.chrome.extension.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}]
"AppPath"="c:\Program Files (x86)\McAfee\SiteAdvisor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\MCSACO~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{601D72B9-326F-46CD-815E-12D5D15761BA}\LocalServer32]
@=""c:\PROGRA~2\mcafee\SITEAD~1\saui.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPService.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCspCorePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32]
@="c:\PROGRA~2\mcafee\SITEAD~1\saui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR]
@="c:\PROGRA~2\mcafee\SITEAD~1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC\0000]
"DeviceDesc"="McAfee Inc. mfencbdc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCRK\0000]
"DeviceDesc"="McAfee Inc. mfencrk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mfencrk]
"DisplayName"="McAfee Inc. mfencrk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mfencrk]
"Description"="McAfee Content driver Copyright (C) 2013 McAfee, Inc. All Rights Reserved."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E4A0D53E-7B37-4B82-9A38-C6120EBF5424}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EBE71763-4189-4D3F-B1C1-6D8E29527809}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC\0000]
"DeviceDesc"="McAfee Inc. mfencbdc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCRK\0000]
"DeviceDesc"="McAfee Inc. mfencrk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\mfencrk]
"DisplayName"="McAfee Inc. mfencrk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\mfencrk]
"Description"="McAfee Content driver Copyright (C) 2013 McAfee, Inc. All Rights Reserved."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E4A0D53E-7B37-4B82-9A38-C6120EBF5424}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EBE71763-4189-4D3F-B1C1-6D8E29527809}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC\0000]
"DeviceDesc"="McAfee Inc. mfencbdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCRK\0000]
"DeviceDesc"="McAfee Inc. mfencrk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfencrk]
"DisplayName"="McAfee Inc. mfencrk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfencrk]
"Description"="McAfee Content driver Copyright (C) 2013 McAfee, Inc. All Rights Reserved."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E4A0D53E-7B37-4B82-9A38-C6120EBF5424}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EBE71763-4189-4D3F-B1C1-6D8E29527809}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1776651a_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\PROGRA~2\McAfee\MSC\mchlp32.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a1f3f401_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\Program Files (x86)\McAfee\MSC\mchlp32.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Documents\stinger64-epo\stinger.exe"="McAfee Stinger"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\Virus\MCPR.exe"="McAfee ESD Package"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Documents\stinger64-epo\stinger.exe"="McAfee Stinger"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\Virus\MCPR.exe"="McAfee ESD Package"
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

-= EOF =-
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 7:57 pm

C. results of ESETScan.txt log file as follows:

E:\Users\Tommy\Documents\CrystalDiskMark3_0_1c-en.exe Win32/OpenCandy potentially unsafe application
E:\Users\Tommy\Documents\Computer Programs\CrystalDiskMark3_0_1c-en.exe Win32/OpenCandy potentially unsafe application
E:\Users\Tommy\Documents\Thumbit Files\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
E:\Users\Tommy\Documents\Thumbit Files\CrystalDiskMark3_0_1c-en.exe Win32/OpenCandy potentially unsafe application


D. computer seems to be functioning well.

Thank you! Please advise of further necessary remedies. Should I update Windows Defender? Is the Windows firewall active, or is that handled by Avast? Are you going to recommend keeping the Avast program over McAfee? Thanks, again, for your attention to these questions. mm
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby pgmigg » July 19th, 2015, 8:51 pm

Hello madmurph,

Please advise of further necessary remedies. Should I update Windows Defender? Is the Windows firewall active, or is that handled by Avast? Are you going to recommend keeping the Avast program over McAfee?
Yes, the Avast Free will be your major antivirus application - no more McAfee! I don't recommend to use Windows Firewall, but Windows Defender is good and should be updated as well as Windows itself. But we will talk about it later.

You're a little bit in a hurry - we're still not finished our treatment... :D

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
    C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    C:\Users\Tommy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KNBQBCO2\www.malwarebytes[1].xml
    C:\Windows\Microsoft.NET\assembly\GAC_64\McAfee.CSP.ClientAPI\v4.0_1.3.374.0__a63667ab4267742d\McAfee.CSP.ClientAPI.dll
    C:\Program Files (x86)\Malwarebytes Anti-Malware
    C:\Program Files (x86)\Malwarebytes' Anti-Malware
    C:\ProgramData\Malwarebytes
    C:\ProgramData\Malwarebytes\Malwarebytes
    C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    C:\Users\All Users\Malwarebytes
    C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware
    C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    C:\Users\Tommy\AppData\Roaming\Malwarebytes
    C:\Program Files\McAfee
    C:\Program Files (x86)\McAfee
    C:\ProgramData\McAfee
    C:\Users\All Users\McAfee
    C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee
    C:\Windows\Microsoft.NET\assembly\GAC_64\McAfee.CSP.ClientAPI
    E:\Users\Tommy\Documents\CrystalDiskMark3_0_1c-en.exe
    E:\Users\Tommy\Documents\Computer Programs\CrystalDiskMark3_0_1c-en.exe
    E:\Users\Tommy\Documents\Thumbit Files\ccsetup323.exe
    E:\Users\Tommy\Documents\Thumbit Files\CrystalDiskMark3_0_1c-en.exe
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0]
    @=""
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Malwarebytes Anti-Malware]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Malwarebytes Anti-Malware]
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
    "Path"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
    "Path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
    @=""
    [-HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Malwarebytes' Anti-Malware]
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0]
    @=""
    [-HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Malwarebytes Anti-Malware]
    [-HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Malwarebytes Anti-Malware]
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"=-
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1776651a_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a1f3f401_0]
    @=""
    [-HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\McAfee Trust]
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Documents\stinger64-epo\stinger.exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Desktop\Virus\MCPR.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    "LocalService"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F936876-EB3C-4C5B-810D-05E1F36CB130}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{861CEB0E-B6F3-4DA8-A7E7-DBC43D335628}\InProcServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DFD2991-CE6C-403C-B287-94E7F0D5BA07}\InProcServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B62A9F7D-4F97-4740-9EEE-3554F2AD2E4B}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\844C97FE649617D41843300487880C45\SourceList]
    "LastUsedSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\844C97FE649617D41843300487880C45\SourceList\Net]
    "1"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{601D72B9-326F-46CD-815E-12D5D15761BA}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
    "path"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}]
    "AppPath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
    "Contact"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
    "InstallSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
    "Contact"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
    "InstallSource"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
    "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ASUS\AI-SUITE_II\Network iControl\Rules]
    "Full_App_Name_6"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
    "path"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}]
    "AppPath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\McAfee Trust]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
    "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{601D72B9-326F-46CD-815E-12D5D15761BA}\LocalServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    "LocalService"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC01\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC02\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCRK\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]
    "DeviceDesc"="-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mfencrk]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mfencrk]
    "Description"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{E4A0D53E-7B37-4B82-9A38-C6120EBF5424}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EBE71763-4189-4D3F-B1C1-6D8E29527809}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC01\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC02\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCRK\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\mfencrk]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\mfencrk]
    "Description"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{E4A0D53E-7B37-4B82-9A38-C6120EBF5424}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EBE71763-4189-4D3F-B1C1-6D8E29527809}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC01\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC02\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCRK\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000]
    "DeviceDesc"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfencrk]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfencrk]
    "Description"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{E4A0D53E-7B37-4B82-9A38-C6120EBF5424}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EBE71763-4189-4D3F-B1C1-6D8E29527809}"=-
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
    [-HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1776651a_0]
    @=""
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a1f3f401_0]
    @=""
    [-HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\SystemCertificates\McAfee Trust]
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Documents\stinger64-epo\stinger.exe"=-
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Desktop\Virus\MCPR.exe"=-
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Documents\stinger64-epo\stinger.exe"=-
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Desktop\Virus\MCPR.exe"=-
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *Codec_Installer*
    
    :folderfind
    *Codec_Installer*
    
    :Regfind
    Codec_Installer
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 3.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Processes ---> All
    • Services ---> All
    • Modules ---> All
    • Drivers ---> None
    • Extra Registry ---> Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Contents of a OTL.txt log file after OTL fresh scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 10:28 pm

Thank you for such complete and easy to follow directions; no problem following or implementing.

B. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk not found.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk not found.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk not found.
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk moved successfully.
C:\Users\Tommy\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KNBQBCO2\www.malwarebytes[1].xml moved successfully.
C:\Windows\Microsoft.NET\assembly\GAC_64\McAfee.CSP.ClientAPI\v4.0_1.3.374.0__a63667ab4267742d\McAfee.CSP.ClientAPI.dll moved successfully.
C:\Program Files (x86)\Malwarebytes Anti-Malware\Plugins folder moved successfully.
Folder move failed. C:\Program Files (x86)\Malwarebytes Anti-Malware\Languages scheduled to be moved on reboot.
C:\Program Files (x86)\Malwarebytes Anti-Malware\imageformats folder moved successfully.
Folder move failed. C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows scheduled to be moved on reboot.
C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon folder moved successfully.
C:\Program Files (x86)\Malwarebytes Anti-Malware\accessible folder moved successfully.
Folder move failed. C:\Program Files (x86)\Malwarebytes Anti-Malware scheduled to be moved on reboot.
C:\Program Files (x86)\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs folder moved successfully.
Folder move failed. C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration scheduled to be moved on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
File\Folder C:\ProgramData\Malwarebytes\Malwarebytes not found.
File\Folder C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware folder moved successfully.
File\Folder C:\Users\All Users\Malwarebytes not found.
File\Folder C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware not found.
File\Folder C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware not found.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware not found.
C:\Users\Tommy\AppData\Roaming\Malwarebytes folder moved successfully.
C:\Program Files\McAfee\Raptor\RaptorQuarantine folder moved successfully.
C:\Program Files\McAfee\Raptor folder moved successfully.
C:\Program Files\McAfee folder moved successfully.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxzA87A scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxzA713 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxzA501 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxzA291 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxzA214 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz88E9 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz87EF scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz837D scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz82E1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz8264 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz81E7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz8189 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz80FD scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz8080 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz7F0A scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz7DF1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz7D36 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz7C0D scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz7AC6 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz53F4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz5156 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz5066 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz4DEC scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz4A94 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\McAfee\Temp\qxz118C scheduled to be moved on reboot.
C:\Program Files (x86)\McAfee\Temp folder moved successfully.
C:\Program Files (x86)\McAfee folder moved successfully.
Folder move failed. C:\ProgramData\McAfee\WinCore scheduled to be moved on reboot.
C:\ProgramData\McAfee\VirusScan\Quarantine\quarantine folder moved successfully.
C:\ProgramData\McAfee\VirusScan\Quarantine folder moved successfully.
Folder move failed. C:\ProgramData\McAfee\VirusScan\Logs scheduled to be moved on reboot.
C:\ProgramData\McAfee\VirusScan folder moved successfully.
Folder move failed. C:\ProgramData\McAfee\Update scheduled to be moved on reboot.
C:\ProgramData\McAfee\Uninstall.exe folder moved successfully.
Folder move failed. C:\ProgramData\McAfee\Telemetry scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\McAfee\SiteAdvisor scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\McAfee\Proxy scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\McAfee\MSC scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\McAfee\MQS scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\McAfee\MHN scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\McAfee\HackerWatch scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\McAfee\Gkp scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\McAfee\dspwrp scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\McAfee\CSP scheduled to be moved on reboot.
C:\ProgramData\McAfee folder moved successfully.
File\Folder C:\Users\All Users\McAfee not found.
C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee\SiteAdvisor\mcbrwctl.dll folder moved successfully.
C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee\SiteAdvisor folder moved successfully.
C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\McAfee folder moved successfully.
C:\Windows\Microsoft.NET\assembly\GAC_64\McAfee.CSP.ClientAPI\v4.0_1.5.450.0__a63667ab4267742d folder moved successfully.
C:\Windows\Microsoft.NET\assembly\GAC_64\McAfee.CSP.ClientAPI\v4.0_1.3.374.0__a63667ab4267742d folder moved successfully.
C:\Windows\Microsoft.NET\assembly\GAC_64\McAfee.CSP.ClientAPI folder moved successfully.
E:\Users\Tommy\Documents\CrystalDiskMark3_0_1c-en.exe moved successfully.
E:\Users\Tommy\Documents\Computer Programs\CrystalDiskMark3_0_1c-en.exe moved successfully.
E:\Users\Tommy\Documents\Thumbit Files\ccsetup323.exe moved successfully.
E:\Users\Tommy\Documents\Thumbit Files\CrystalDiskMark3_0_1c-en.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0\\@|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Malwarebytes Anti-Malware\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Malwarebytes Anti-Malware\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe\\Path deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe\\Path not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Malwarebytes' Anti-Malware\ not found.
HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0\\@|"" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Malwarebytes Anti-Malware\ not found.
Registry key HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Malwarebytes Anti-Malware\ not found.
Registry value HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe not found.
Registry value HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1776651a_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a1f3f401_0\\@|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\McAfee Trust\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Documents\stinger64-epo\stinger.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Desktop\Virus\MCPR.exe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}\\LocalService deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F936876-EB3C-4C5B-810D-05E1F36CB130}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{861CEB0E-B6F3-4DA8-A7E7-DBC43D335628}\InProcServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DFD2991-CE6C-403C-B287-94E7F0D5BA07}\InProcServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B62A9F7D-4F97-4740-9EEE-3554F2AD2E4B}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}\InprocServer32\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\844C97FE649617D41843300487880C45\SourceList\\LastUsedSource deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\844C97FE649617D41843300487880C45\SourceList\Net\\1 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{601D72B9-326F-46CD-815E-12D5D15761BA}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho\\path deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}\\AppPath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}\\Contact not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}\\InstallSource not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}\\Publisher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ASUS\AI-SUITE_II\Network iControl\Rules\\Full_App_Name_6 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho\\path not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}\\AppPath not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\McAfee Trust\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{601D72B9-326F-46CD-815E-12D5D15761BA}\LocalServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}\\LocalService not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC01\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCRK\0000\\DeviceDesc scheduled to be deleted on reboot.
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000\\"DeviceDesc"|"- /E!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mfencrk\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mfencrk\\Description deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4A0D53E-7B37-4B82-9A38-C6120EBF5424} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4A0D53E-7B37-4B82-9A38-C6120EBF5424}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EBE71763-4189-4D3F-B1C1-6D8E29527809} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE71763-4189-4D3F-B1C1-6D8E29527809}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC01\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCRK\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\mfencrk\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\mfencrk\\Description deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4A0D53E-7B37-4B82-9A38-C6120EBF5424} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4A0D53E-7B37-4B82-9A38-C6120EBF5424}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EBE71763-4189-4D3F-B1C1-6D8E29527809} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE71763-4189-4D3F-B1C1-6D8E29527809}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC01\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCRK\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfencrk\\DisplayName not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfencrk\\Description not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4A0D53E-7B37-4B82-9A38-C6120EBF5424} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4A0D53E-7B37-4B82-9A38-C6120EBF5424}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B06F1DF6-C0C3-4A22-9EE0-8A68076B3D66}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EBE71763-4189-4D3F-B1C1-6D8E29527809} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE71763-4189-4D3F-B1C1-6D8E29527809}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee\ not found.
HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1776651a_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a1f3f401_0\\@|"" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\SystemCertificates\McAfee Trust\ not found.
Registry value HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Documents\stinger64-epo\stinger.exe not found.
Registry value HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Desktop\Virus\MCPR.exe not found.
Registry value HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Documents\stinger64-epo\stinger.exe not found.
Registry value HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Desktop\Virus\MCPR.exe not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tommy
->Temp folder emptied: 1936296 bytes
->Temporary Internet Files folder emptied: 59945456 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 10905081 bytes
->Flash cache emptied: 492 bytes

User: Vanessa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5976 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 69.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07192015_181420

Files\Folders moved on Reboot...
C:\Program Files (x86)\Malwarebytes Anti-Malware\Languages folder moved successfully.
File\Folder C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows not found!
C:\Program Files (x86)\Malwarebytes Anti-Malware folder moved successfully.
File\Folder C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxzA87A not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxzA713 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxzA501 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxzA291 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxzA214 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz88E9 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz87EF not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz837D not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz82E1 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz8264 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz81E7 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz8189 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz80FD not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz8080 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz7F0A not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz7DF1 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz7D36 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz7C0D not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz7AC6 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz53F4 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz5156 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz5066 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz4DEC not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz4A94 not found!
File\Folder C:\Program Files (x86)\McAfee\Temp\qxz118C not found!
File\Folder C:\ProgramData\McAfee\WinCore not found!
File\Folder C:\ProgramData\McAfee\VirusScan\Logs not found!
File\Folder C:\ProgramData\McAfee\Update not found!
File\Folder C:\ProgramData\McAfee\Telemetry not found!
File\Folder C:\ProgramData\McAfee\SiteAdvisor not found!
File\Folder C:\ProgramData\McAfee\Proxy not found!
File\Folder C:\ProgramData\McAfee\MSC not found!
File\Folder C:\ProgramData\McAfee\MQS not found!
File\Folder C:\ProgramData\McAfee\MHN not found!
File\Folder C:\ProgramData\McAfee\HackerWatch not found!
File\Folder C:\ProgramData\McAfee\Gkp not found!
File\Folder C:\ProgramData\McAfee\dspwrp not found!
File\Folder C:\ProgramData\McAfee\CSP not found!
C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC01\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCRK\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC01\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCRK\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC01\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC02\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCRK\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000\\DeviceDesc scheduled to be deleted on reboot.

***********************
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 10:38 pm

C. Contents of the SystemLook.txt log file:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:55 on 19/07/2015 by Tommy
Administrator - Elevation successful

========== filefind ==========

Searching for "*Codec_Installer*"
No files found.

========== folderfind ==========

Searching for "*Codec_Installer*"
No folders found.

========== Regfind ==========

Searching for "Codec_Installer"
No data found.

-= EOF =-

D. Contents of a OTL.txt log file after OTL fresh scan:

OTL logfile created on: 7/19/2015 6:58:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Users\Tommy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17914)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.42 Gb Available Physical Memory | 84.14% Memory free
31.89 Gb Paging File | 29.33 Gb Available in Paging File | 91.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.37 Gb Total Space | 125.42 Gb Free Space | 52.62% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 65.67 Gb Free Space | 7.05% Space Free | Partition Type: NTFS

Computer Name: MURPH-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2015/07/18 13:58:29 | 006,109,776 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/07/18 13:58:28 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/07/18 09:45:09 | 000,245,576 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
PRC - [2015/07/15 22:13:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\Tommy\Desktop\OTL.exe
PRC - [2015/07/02 15:37:48 | 002,266,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
PRC - [2015/06/13 14:16:56 | 031,404,192 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2015/06/03 14:06:12 | 002,754,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/06/03 14:06:06 | 001,893,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/03/31 21:54:06 | 001,011,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/21 00:26:26 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/04/09 18:48:13 | 001,473,664 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
PRC - [2012/03/13 13:34:12 | 002,935,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2012/02/16 23:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
PRC - [2012/02/08 14:11:24 | 008,241,767 | ---- | M] ( ) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
PRC - [2012/02/02 02:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
PRC - [2012/01/10 10:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2011/10/28 18:59:26 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2011/10/18 09:01:24 | 002,678,784 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2011/09/08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2011/05/12 08:33:44 | 000,249,856 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/13 10:33:46 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (All) ==========

MOD - [2015/07/19 17:06:58 | 000,446,400 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\defs\15071902\aswCmnBS.dll
MOD - [2015/07/19 17:06:58 | 000,439,160 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\defs\15071902\aswCmnIS.dll
MOD - [2015/07/19 17:06:58 | 000,128,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\defs\15071902\aswCmnOS.dll
MOD - [2015/07/19 17:06:58 | 000,059,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\defs\15071902\uiext.dll
MOD - [2015/07/18 13:59:00 | 000,701,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\burger_client.dll
MOD - [2015/07/18 13:58:29 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/07/18 13:58:29 | 006,109,776 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
MOD - [2015/07/18 13:58:29 | 004,456,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\mfc110u.dll
MOD - [2015/07/18 13:58:29 | 001,262,592 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\AVAST Software\Avast\libeay32.dll
MOD - [2015/07/18 13:58:29 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\msvcr110.dll
MOD - [2015/07/18 13:58:29 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\msvcp110.dll
MOD - [2015/07/18 13:58:29 | 000,297,472 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\AVAST Software\Avast\ssleay32.dll
MOD - [2015/07/18 13:58:28 | 003,422,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\CommonRes.dll
MOD - [2015/07/18 13:58:28 | 002,172,592 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\AVAST Software\Avast\aswAra.dll
MOD - [2015/07/18 13:58:28 | 001,714,832 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MOD - [2015/07/18 13:58:28 | 001,080,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\AVAST Software\Avast\dbghelp.dll
MOD - [2015/07/18 13:58:28 | 000,978,864 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashBase.dll
MOD - [2015/07/18 13:58:28 | 000,941,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAux.dll
MOD - [2015/07/18 13:58:28 | 000,857,848 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswData.dll
MOD - [2015/07/18 13:58:28 | 000,591,584 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\CommChannel.dll
MOD - [2015/07/18 13:58:28 | 000,544,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MOD - [2015/07/18 13:58:28 | 000,399,480 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTask.dll
MOD - [2015/07/18 13:58:28 | 000,383,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2015/07/18 13:58:28 | 000,378,880 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MOD - [2015/07/18 13:58:28 | 000,356,744 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MOD - [2015/07/18 13:58:28 | 000,300,088 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
MOD - [2015/07/18 13:58:28 | 000,295,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MOD - [2015/07/18 13:58:28 | 000,293,408 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswLog.dll
MOD - [2015/07/18 13:58:28 | 000,290,848 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MOD - [2015/07/18 13:58:28 | 000,182,680 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswUtil.dll
MOD - [2015/07/18 13:58:28 | 000,128,584 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MOD - [2015/07/18 13:58:28 | 000,123,976 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/07/18 13:58:28 | 000,103,352 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
MOD - [2015/07/18 13:58:28 | 000,102,864 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/07/18 13:58:28 | 000,078,632 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastIP.dll
MOD - [2015/07/18 13:58:28 | 000,064,224 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MOD - [2015/07/18 13:58:28 | 000,063,664 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1033\Base.dll
MOD - [2015/07/17 05:00:56 | 001,357,240 | ---- | M] (NVIDIA Corporation) -- C:\Users\Tommy\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll
MOD - [2015/07/15 22:13:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\Tommy\Desktop\OTL.exe
MOD - [2015/07/13 03:09:59 | 003,171,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\HTMLayout.dll
MOD - [2015/07/04 10:48:36 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2015/07/03 10:55:42 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2015/07/02 15:37:48 | 002,266,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
MOD - [2015/07/02 15:06:58 | 001,384,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\AppsPanel\AppsPanelIL.dll
MOD - [2015/07/02 15:06:56 | 002,679,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\AppsPanel\AppsPanelBL.dll
MOD - [2015/07/02 14:48:14 | 002,010,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\ContainerBL.dll
MOD - [2015/07/02 13:50:52 | 002,279,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2015/07/02 13:19:35 | 012,855,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
MOD - [2015/07/02 12:55:35 | 001,310,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2015/07/01 13:30:37 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2015/07/01 13:30:33 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
MOD - [2015/07/01 13:30:21 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2015/07/01 13:30:21 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll
MOD - [2015/07/01 13:29:34 | 000,665,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2015/07/01 13:29:34 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2015/06/19 10:15:43 | 001,951,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2015/06/19 04:39:20 | 003,485,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncPlugins\ExchangePlugin\ExManCoreLib\ExManCoreLibCoreSync.dll
MOD - [2015/06/19 04:39:20 | 001,956,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncPlugins\ExchangePlugin\ExManCoreLib\ExManZxpSign.dll
MOD - [2015/06/19 04:39:20 | 001,178,280 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncPlugins\ExchangePlugin\ExManCoreLib\libeay32.dll
MOD - [2015/06/19 04:39:20 | 001,129,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncPlugins\ExchangePlugin\ExchangePlugin.dll
MOD - [2015/06/19 04:39:20 | 000,276,648 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncPlugins\ExchangePlugin\ExManCoreLib\ssleay32.dll
MOD - [2015/06/17 10:37:03 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2015/06/15 14:43:35 | 002,364,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2015/06/13 14:17:04 | 001,202,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\gude.dll
MOD - [2015/06/13 14:16:58 | 000,818,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\VulcanMessage5.dll
MOD - [2015/06/13 14:16:56 | 031,404,192 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2015/06/13 09:33:56 | 000,337,072 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Core\Core.dll
MOD - [2015/06/10 00:06:30 | 001,515,688 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\P7Native.dll
MOD - [2015/06/09 23:58:08 | 000,161,968 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncPlugins\CCSyncPlugin\CCSyncPlugin.dll
MOD - [2015/06/09 23:27:12 | 000,802,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncPlugins\LiveType\livetype.dll
MOD - [2015/06/09 23:16:20 | 001,590,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\IMSLib.dll
MOD - [2015/06/09 23:15:54 | 002,935,440 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\adobe_oobelib.dll
MOD - [2015/06/09 22:38:28 | 000,812,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\TCC\adobe_caps.dll
MOD - [2015/06/09 22:38:26 | 000,274,608 | ---- | M] (Adobe System Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\TCC\VulcanWrapper.dll
MOD - [2015/06/09 22:38:24 | 000,818,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\TCC\VulcanMessage5.dll
MOD - [2015/06/09 22:38:22 | 000,694,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\TCC\VulcanControl.dll
MOD - [2015/06/09 22:38:20 | 000,340,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\TCC\CmdCntr.dll
MOD - [2015/06/09 22:38:16 | 001,070,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\SignInApp\SignInAppBL.dll
MOD - [2015/06/09 22:38:10 | 001,897,648 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\SPanel\SPanelBL.dll
MOD - [2015/06/09 22:38:04 | 001,923,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Notifications\TrayNotificationManager.dll
MOD - [2015/06/09 22:38:02 | 000,783,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Notifications\NotificationManager.dll
MOD - [2015/06/09 22:38:00 | 001,280,688 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Notifications\ANSClient.dll
MOD - [2015/06/09 22:37:56 | 002,088,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\MarketPanel\MarketPanelBL.dll
MOD - [2015/06/09 22:37:50 | 001,326,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HomePanel\HomePanelBL.dll
MOD - [2015/06/09 22:37:26 | 002,094,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\FontsPanel\FontsPanelBL.dll
MOD - [2015/06/09 22:37:20 | 002,297,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\FilesPanel\FilesPanelBL.dll
MOD - [2015/06/09 22:37:16 | 000,492,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\ElevationManager.dll
MOD - [2015/06/09 22:37:02 | 001,204,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CoreExt\PrefsManager.dll
MOD - [2015/06/09 22:37:00 | 000,322,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CoreExt\LocManager.dll
MOD - [2015/06/09 22:36:58 | 000,385,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CoreExt\Analytics.dll
MOD - [2015/06/09 22:36:32 | 001,906,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\BehancePanel\BehancePanelBL.dll
MOD - [2015/06/09 22:36:28 | 000,186,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\AssetsPanel\AssetsPanelBL.dll
MOD - [2015/06/03 14:06:12 | 002,754,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
MOD - [2015/06/03 14:06:11 | 000,011,920 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2015/05/25 11:04:08 | 001,310,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2015/05/25 11:01:41 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2015/05/25 11:01:39 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2015/05/25 11:01:17 | 000,641,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2015/05/25 10:59:51 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2015/05/25 10:59:51 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2015/05/15 14:22:10 | 000,339,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncPlugins\SynKit\SynKit.dll
MOD - [2015/05/15 10:58:41 | 001,625,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4\GdiPlus.dll
MOD - [2015/04/24 10:56:58 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
MOD - [2015/04/24 10:54:13 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
MOD - [2015/03/31 21:54:06 | 001,011,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
MOD - [2015/03/31 21:54:06 | 000,552,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\adobe_caps.dll
MOD - [2015/03/26 16:11:04 | 000,883,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncPlugins\DesignLibraryPlugin\DesignLibraryPlugin.dll
MOD - [2015/03/13 20:04:46 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2015/03/09 20:08:26 | 001,237,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
MOD - [2015/03/03 21:10:53 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2015/02/12 22:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2015/02/02 20:12:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2015/02/02 20:12:42 | 001,230,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2015/02/02 20:12:14 | 001,174,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2015/02/02 20:12:14 | 001,005,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptui.dll
MOD - [2015/02/02 20:12:14 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
MOD - [2015/02/02 20:12:14 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2015/01/28 20:02:08 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2015/01/16 19:30:42 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2014/12/05 20:50:19 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2014/11/25 20:32:05 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2014/08/26 16:27:16 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
MOD - [2014/08/26 16:27:16 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MOD - [2014/08/26 16:27:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MOD - [2014/08/26 16:27:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
MOD - [2014/08/26 16:27:16 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
MOD - [2014/08/26 16:27:16 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
MOD - [2014/08/26 16:27:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
MOD - [2014/08/26 16:27:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
MOD - [2014/08/26 16:27:16 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
MOD - [2014/07/16 18:40:03 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2014/04/24 19:06:17 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2014/03/26 07:27:50 | 001,389,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
MOD - [2013/10/18 18:36:59 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2013/10/11 19:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2013/10/05 02:38:22 | 000,970,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr120.dll
MOD - [2013/10/05 02:38:22 | 000,455,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp120.dll
MOD - [2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2013/08/28 09:13:09 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2013/08/28 09:13:09 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2013/07/25 18:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2012/11/06 03:20:52 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr110.dll
MOD - [2012/11/06 03:20:52 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp110.dll
MOD - [2012/10/09 10:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2012/07/17 14:49:00 | 000,145,648 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
MOD - [2012/07/04 14:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
MOD - [2012/05/21 00:26:26 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
MOD - [2012/05/21 00:24:22 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
MOD - [2012/04/12 18:46:28 | 001,124,352 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
MOD - [2012/04/11 19:37:34 | 001,015,808 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\CpuFrequency.dll
MOD - [2012/04/05 18:59:56 | 001,518,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\FanXpert2\FanXpert2.dll
MOD - [2012/04/05 12:38:34 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2012/03/21 13:07:44 | 000,972,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2012/03/13 13:34:12 | 002,935,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
MOD - [2012/03/01 15:20:30 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2012/02/24 12:49:32 | 000,867,328 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\USB Charger+\Charger.dll
MOD - [2012/02/08 14:11:24 | 008,241,767 | ---- | M] ( ) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
MOD - [2012/02/07 14:59:26 | 012,977,947 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll
MOD - [2012/02/07 14:59:26 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll
MOD - [2012/02/07 14:59:26 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll
MOD - [2012/02/07 14:59:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll
MOD - [2012/02/07 14:59:26 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll
MOD - [2012/02/07 14:59:26 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSRegistrationPlugin16724.dll
MOD - [2012/02/07 14:59:26 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSPluginVersionPlugin16724.dll
MOD - [2012/02/07 14:59:25 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll
MOD - [2012/02/07 14:59:25 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll
MOD - [2012/02/07 12:20:10 | 001,237,504 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\System Information\SystemInfo.dll
MOD - [2012/02/03 17:03:44 | 000,998,912 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\BIOSFLK.dll
MOD - [2012/02/02 14:51:54 | 000,106,496 | ---- | M] (Datacolor) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\dccmtr.dll
MOD - [2012/01/19 10:39:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
MOD - [2012/01/10 10:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
MOD - [2011/12/16 00:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2011/12/05 17:10:00 | 000,221,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\AsMultiLang.dll
MOD - [2011/11/16 22:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
MOD - [2011/10/18 09:01:24 | 002,678,784 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
MOD - [2011/10/14 21:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011/09/26 19:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011/09/19 21:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011/09/08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
MOD - [2011/08/30 23:05:02 | 000,121,704 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MOD - [2011/08/26 21:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2011/08/01 09:52:20 | 000,626,688 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
MOD - [2011/07/21 10:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2011/07/12 20:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2011/05/24 03:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2011/05/24 03:40:05 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll
MOD - [2011/05/24 03:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2011/03/10 22:33:59 | 001,137,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc42.dll
MOD - [2011/03/02 22:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2011/02/28 11:32:22 | 000,208,896 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
MOD - [2010/11/20 20:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2010/11/20 20:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2010/11/20 20:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2010/11/20 20:24:28 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll
MOD - [2010/11/20 20:24:28 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched32.dll
MOD - [2010/11/20 20:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
MOD - [2010/11/20 20:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2010/11/20 20:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
MOD - [2010/11/20 20:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2010/11/20 20:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2010/11/20 20:24:16 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\logoncli.dll
MOD - [2010/11/20 20:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2010/11/20 20:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2010/11/20 20:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2010/11/20 20:24:14 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msftedit.dll
MOD - [2010/11/20 20:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2010/11/20 20:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2010/11/20 20:24:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll
MOD - [2010/11/20 20:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll
MOD - [2010/11/20 20:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2010/11/20 20:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2010/11/20 20:24:01 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\odbc32.dll
MOD - [2010/11/20 20:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2010/11/20 20:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2010/11/20 20:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2010/11/20 20:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2010/11/20 20:23:51 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2010/11/20 20:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2010/11/20 20:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2010/11/20 20:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2010/10/05 09:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2010/10/05 09:22:50 | 000,221,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsMultiLang.dll
MOD - [2010/10/05 09:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2010/09/23 12:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll
MOD - [2010/09/08 22:25:44 | 000,221,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\USB Charger+\AsMultiLang.dll
MOD - [2010/09/08 22:25:32 | 000,221,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\AsMultiLang.dll
MOD - [2010/08/22 19:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
MOD - [2010/08/12 08:52:52 | 000,677,376 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\asacpiex.dll
MOD - [2010/08/09 22:33:40 | 000,108,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\AI Suite II\AsAcpi.dll
MOD - [2010/07/01 13:49:06 | 000,143,360 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsFtp.dll
MOD - [2010/06/29 00:41:14 | 000,028,672 | R--- | M] (ASUSTek Computer Inc.) -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2010/06/03 20:04:00 | 000,221,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\FanXpert2\AsMultiLang.dll
MOD - [2010/03/08 18:11:56 | 000,221,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsMultiLang.dll
MOD - [2010/03/08 18:11:56 | 000,221,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\AsMultiLang.dll
MOD - [2010/03/08 18:11:56 | 000,221,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\AsMultiLang.dll
MOD - [2010/03/08 18:11:56 | 000,221,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AsMultiLang.dll
MOD - [2010/02/25 15:01:30 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsZip.dll
MOD - [2009/08/12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
MOD - [2009/07/13 18:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll
MOD - [2009/07/13 18:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009/07/13 18:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009/07/13 18:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009/07/13 18:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009/07/13 18:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/07/13 18:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
MOD - [2009/07/13 18:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
MOD - [2009/07/13 18:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009/07/13 18:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shfolder.dll
MOD - [2009/07/13 18:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009/07/13 18:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009/07/13 18:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009/07/13 18:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009/07/13 18:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll
MOD - [2009/07/13 18:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009/07/13 18:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009/07/13 18:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009/07/13 18:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009/07/13 18:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll
MOD - [2009/07/13 18:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll
MOD - [2009/07/13 18:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll
MOD - [2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009/07/13 18:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009/07/13 18:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009/07/13 18:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll
MOD - [2009/07/13 18:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll
MOD - [2009/07/13 18:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FirewallAPI.dll
MOD - [2009/07/13 18:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009/07/13 18:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009/07/13 18:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009/07/13 18:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/13 18:14:10 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\hhctrl.ocx
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009/07/13 18:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll
MOD - [2009/07/13 18:09:14 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\odbcint.dll
MOD - [2009/07/13 18:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/11/13 10:33:46 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
MOD - [2008/11/13 10:27:08 | 000,052,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcherLOC.dll


========== Services (All) ==========

SRV:64bit: - [2015/07/18 13:58:28 | 000,146,600 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/07/01 13:47:38 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (VaultSvc)
SRV:64bit: - [2015/07/01 13:47:38 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2015/07/01 13:47:38 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV:64bit: - [2015/07/01 13:47:38 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:64bit: - [2015/07/01 13:47:38 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2015/07/01 13:47:38 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (EFS)
SRV:64bit: - [2015/06/20 12:34:46 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/06/16 23:48:17 | 000,937,616 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysNative\nvvsvc.exe -- (nvsvc)
SRV:64bit: - [2015/06/15 14:45:34 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2015/06/15 14:44:47 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV:64bit: - [2015/06/03 14:06:06 | 001,152,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2015/06/03 14:06:03 | 023,007,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2015/05/25 11:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/05/08 20:27:37 | 002,589,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2015/04/19 20:17:07 | 001,179,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2015/04/07 00:28:50 | 000,643,880 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2015/03/03 21:41:26 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2015/02/02 20:31:04 | 000,188,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\pcasvc.dll -- (PcaSvc)
SRV:64bit: - [2015/02/02 20:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2015/02/02 20:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2015/02/02 20:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/02/02 20:30:54 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2015/01/20 00:30:38 | 000,077,128 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device Service)
SRV:64bit: - [2015/01/08 20:14:27 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiSystemHost)
SRV:64bit: - [2015/01/08 20:14:27 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiServiceHost)
SRV:64bit: - [2014/12/18 20:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2014/12/05 21:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2014/10/13 19:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\termsrv.dll -- (TermService)
SRV:64bit: - [2014/10/02 19:12:23 | 002,020,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WsmSvc.dll -- (WinRM)
SRV:64bit: - [2014/01/27 19:32:46 | 000,228,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2013/10/11 19:29:21 | 000,859,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IKEEXT.DLL -- (IKEEXT)
SRV:64bit: - [2013/08/19 08:16:04 | 001,255,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2013/07/04 05:57:22 | 000,259,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WebClnt.dll -- (WebClient)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/03 10:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iphlpsvc.dll -- (iphlpsvc)
SRV:64bit: - [2012/07/25 20:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WUDFSvc.dll -- (wudfsvc)
SRV:64bit: - [2012/07/17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2012/01/23 22:30:22 | 000,233,328 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)
SRV:64bit: - [2011/11/09 17:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2011/08/30 23:05:32 | 000,462,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2011/05/03 22:19:28 | 000,591,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2010/11/20 20:25:14 | 001,504,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2010/11/20 20:25:14 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2010/11/20 20:25:10 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService)
SRV:64bit: - [2010/11/20 20:25:07 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2010/11/20 20:25:05 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2010/11/20 20:24:52 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum)
SRV:64bit: - [2010/11/20 20:24:51 | 000,232,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2010/11/20 20:24:51 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 20:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/11/20 20:24:41 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2010/11/20 20:24:36 | 001,743,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sysmain.dll -- (SysMain)
SRV:64bit: - [2010/11/20 20:24:36 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcncsvc.dll -- (wcncsvc)
SRV:64bit: - [2010/11/20 20:24:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2010/11/20 20:24:33 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SessEnv.dll -- (SessionEnv)
SRV:64bit: - [2010/11/20 20:24:32 | 000,777,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\gpsvc.dll -- (gpsvc)
SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 20:24:16 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dps.dll -- (DPS)
SRV:64bit: - [2010/11/20 20:24:16 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\KMSVC.DLL -- (hkmsvc)
SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2010/11/20 20:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc)
SRV:64bit: - [2010/11/20 20:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 20:24:00 | 001,389,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pla.dll -- (pla)
SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2010/11/20 20:23:56 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2010/11/20 20:23:56 | 000,444,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\winhttp.dll -- (WinHttpAutoProxySvc)
SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 20:23:51 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vds.exe -- (vds)
SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2010/11/20 20:23:48 | 000,476,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV:64bit: - [2009/09/13 22:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2009/07/13 18:41:57 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpcsvc.dll -- (WPCSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,381,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\w32time.dll -- (W32Time)
SRV:64bit: - [2009/07/13 18:41:56 | 000,353,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\upnphost.dll -- (upnphost)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2009/07/13 18:41:56 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wecsvc.dll -- (Wecsvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:56 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wercplsupport.dll -- (wercplsupport)
SRV:64bit: - [2009/07/13 18:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WcsPlugInService.dll -- (WcsPlugInService)
SRV:64bit: - [2009/07/13 18:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\uxsms.dll -- (UxSms)
SRV:64bit: - [2009/07/13 18:41:55 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks)
SRV:64bit: - [2009/07/13 18:41:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tbssvc.dll -- (TBS)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:54 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ssdpsrv.dll -- (SSDPSRV)
SRV:64bit: - [2009/07/13 18:41:54 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sstpsvc.dll -- (SstpSvc)
SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\p2psvc.dll -- (p2psvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qwave.dll -- (QWAVE)
SRV:64bit: - [2009/07/13 18:41:53 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SCardSvr.dll -- (SCardSvr)
SRV:64bit: - [2009/07/13 18:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Sens.dll -- (SENS)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:28 | 000,368,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtckrm.dll -- (KtmRm)
SRV:64bit: - [2009/07/13 18:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (THREADORDER)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:18 | 000,300,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lltdsvc.dll -- (lltdsvc)
SRV:64bit: - [2009/07/13 18:41:18 | 000,023,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lmhsvc.dll -- (lmhosts)
SRV:64bit: - [2009/07/13 18:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 18:41:09 | 000,101,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPBusEnum.dll -- (IPBusEnum)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:40:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FDResPub.dll -- (FDResPub)
SRV:64bit: - [2009/07/13 18:40:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\fdPHost.dll -- (fdPHost)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:39:55 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV:64bit: - [2009/07/13 18:39:48 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\UI0Detect.exe -- (UI0Detect)
SRV:64bit: - [2009/07/13 18:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV:64bit: - [2009/07/13 18:39:21 | 000,141,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtc.exe -- (MSDTC)
SRV:64bit: - [2009/07/13 18:39:15 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Locator.exe -- (RpcLocator)
SRV:64bit: - [2009/07/13 18:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dllhost.exe -- (COMSysApp)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV - [2015/07/18 13:58:58 | 000,194,032 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2015/06/15 14:42:49 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2015/06/03 14:06:06 | 001,893,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/03/09 20:22:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/02/02 20:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV - [2015/01/08 19:48:18 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost)
SRV - [2015/01/08 19:48:18 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/10/02 18:45:03 | 001,177,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM)
SRV - [2014/06/30 15:24:49 | 000,859,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2014/03/20 15:50:31 | 000,090,776 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/04 17:49:18 | 000,116,648 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2014/02/04 17:49:18 | 000,116,648 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2013/07/04 04:57:28 | 000,205,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient)
SRV - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/09 18:48:13 | 001,473,664 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2012/02/16 23:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/02/02 02:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2011/10/28 18:59:26 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/12 08:33:44 | 000,249,856 | R--- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/05/03 21:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2010/11/20 20:25:10 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 20:24:52 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2010/11/20 20:24:49 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wcncsvc.dll -- (wcncsvc)
SRV - [2010/11/20 20:24:42 | 000,696,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 20:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla)
SRV - [2010/11/20 20:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWow64\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 20:24:03 | 000,194,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 20:23:55 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/13 18:39:09 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 18:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/13 18:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009/07/13 18:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost)
SRV - [2009/07/13 18:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\Sens.dll -- (SENS)
SRV - [2009/07/13 18:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV - [2009/07/13 18:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/13 18:14:28 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost)
SRV - [2009/07/13 18:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\dllhost.exe -- (COMSysApp)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Standard Registry (SafeList) ==========


...TBC
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 10:41 pm

part 2... previous submission:

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://news.google.com/nwshp?hl=e [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 3F D4 72 A3 9B CE 01 [binary data]
IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.7.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/07/18 13:58:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/03/24 11:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Extensions
[2015/07/11 15:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\y98vf7h5.default\extensions
[2015/03/09 20:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/03/09 20:22:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\
CHR - Extension: No name found = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\

O1 HOSTS File: ([2015/07/19 10:21:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\RunOnce: [OTL] E:\Users\Tommy\Desktop\OTL.exe (OldTimer Tools)
O4 - HKU\.DEFAULT..\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.6.2.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F297420-75CB-40A7-884C-B60B6650206E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/07/19 17:14:09 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/07/19 17:14:09 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/07/19 17:14:07 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/07/19 17:14:07 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/07/19 17:14:07 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/07/19 17:14:07 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/07/19 17:14:07 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/07/19 17:14:07 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/07/19 17:14:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/07/19 17:14:07 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/07/19 17:14:07 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/07/19 17:14:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/07/19 17:14:06 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/07/19 17:14:06 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/07/19 17:14:06 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/07/19 17:14:06 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/07/19 17:14:06 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/07/19 17:14:06 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/07/19 17:14:06 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/07/19 17:14:06 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/07/19 17:14:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/07/19 17:14:05 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/07/19 17:14:05 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/07/19 17:14:05 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/07/19 17:14:05 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/07/19 17:14:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/07/19 17:14:04 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/07/19 17:14:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/07/19 17:14:04 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/07/19 17:14:04 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/07/19 17:14:04 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/07/19 17:14:04 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/07/19 17:14:04 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/07/19 17:14:03 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/07/19 17:14:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/07/19 17:14:03 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/07/19 17:14:02 | 007,077,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2015/07/19 17:14:02 | 006,131,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2015/07/19 17:14:02 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2015/07/19 17:14:01 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/07/19 17:14:01 | 001,057,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2015/07/19 17:14:01 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2015/07/19 17:14:01 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/07/19 17:14:01 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/07/19 17:14:01 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2015/07/19 17:14:01 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2015/07/19 17:14:00 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/07/19 17:14:00 | 001,216,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2015/07/19 17:14:00 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/07/19 17:14:00 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/07/19 17:14:00 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/07/19 17:14:00 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/07/19 17:14:00 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/07/19 17:14:00 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/07/19 17:14:00 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/07/19 17:14:00 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/07/19 17:14:00 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/07/19 17:14:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/07/19 17:14:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2015/07/19 17:14:00 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/07/19 17:14:00 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/07/19 17:13:58 | 002,087,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2015/07/19 17:13:58 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2015/07/19 17:13:58 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cewmdm.dll
[2015/07/19 17:13:58 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cewmdm.dll
[2015/07/19 17:13:57 | 003,242,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2015/07/19 17:13:57 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2015/07/19 17:13:57 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2015/07/19 17:13:57 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2015/07/19 17:13:57 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2015/07/19 17:13:57 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2015/07/19 17:13:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2015/07/19 17:13:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2015/07/19 17:13:08 | 000,372,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015/07/19 17:13:08 | 000,299,008 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015/07/19 17:13:08 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2015/07/19 17:13:08 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2015/07/19 17:13:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015/07/19 17:13:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2015/07/19 17:13:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015/07/19 17:13:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2015/07/19 15:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2015/07/19 10:21:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/07/19 09:22:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015/07/19 09:22:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015/07/19 09:22:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015/07/19 09:22:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015/07/19 09:22:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015/07/19 09:20:11 | 005,633,411 | R--- | C] (Swearware) -- E:\Users\Tommy\Desktop\ComboFix.exe
[2015/07/18 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\AVAST Software
[2015/07/18 13:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/07/18 13:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2015/07/18 13:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2015/07/18 13:58:30 | 001,048,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2015/07/18 13:58:30 | 000,447,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/07/18 13:58:30 | 000,274,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/07/18 13:58:30 | 000,150,160 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/07/18 13:58:30 | 000,093,528 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/07/18 13:58:30 | 000,090,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/07/18 13:58:30 | 000,065,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/07/18 13:58:30 | 000,028,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/07/18 13:58:29 | 000,378,880 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/07/18 13:58:28 | 000,043,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/07/18 13:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/07/18 13:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/07/18 13:56:28 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2015/07/18 13:30:24 | 003,480,040 | ---- | C] (McAfee, Inc.) -- E:\Users\Tommy\Desktop\MCPR.exe
[2015/07/18 13:29:23 | 005,685,544 | ---- | C] (AVAST Software) -- E:\Users\Tommy\Desktop\avast_free_antivirus_setup_online.exe
[2015/07/18 13:28:43 | 024,345,872 | ---- | C] (Malwarebytes Corporation ) -- E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe
[2015/07/18 13:27:48 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Desktop\Virus
[2015/07/17 19:04:05 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Documents\DJAMS - comp b-u 07-15-2015
[2015/07/17 07:34:24 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Desktop\V-2
[2015/07/15 22:51:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Users\Tommy\Desktop\OTL.exe
[2015/07/15 05:29:52 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2015/07/15 05:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2015/07/15 05:28:10 | 000,509,440 | ---- | C] (Tech Support Guy System) -- E:\Users\Tommy\Desktop\SysInfo.exe
[2015/07/15 05:28:02 | 002,031,992 | ---- | C] (Microsoft Corporation) -- E:\Users\Tommy\Desktop\MGADiag.exe
[2015/07/14 07:59:57 | 000,688,992 | R--- | C] (Swearware) -- E:\Users\Tommy\Desktop\dds.scr
[2015/07/14 06:57:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\157313
[2015/06/30 11:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2015/06/30 06:17:52 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Documents\Vapecase
[2015/06/28 20:15:23 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Desktop\foothills sunset 06-28-15
[2015/06/27 13:18:55 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Desktop\SCParis
[2015/06/27 12:56:48 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Desktop\gumwall
[2015/06/25 18:00:00 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Desktop\LL
[2015/06/24 01:29:00 | 001,217,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FM20.DLL
[2015/06/22 15:41:28 | 030,481,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015/06/22 15:41:28 | 022,947,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015/06/22 15:41:28 | 016,145,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015/06/22 15:41:28 | 015,224,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2015/06/22 15:41:28 | 014,497,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015/06/22 15:41:28 | 013,263,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015/06/22 15:41:28 | 011,831,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015/06/22 15:41:28 | 002,997,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2015/06/22 15:41:28 | 002,932,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015/06/22 15:41:28 | 002,599,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015/06/22 15:41:28 | 001,898,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6435330.dll
[2015/06/22 15:41:28 | 001,557,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6435330.dll
[2015/06/22 15:41:28 | 001,099,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015/06/22 15:41:28 | 001,060,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015/06/22 15:41:28 | 001,050,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015/06/22 15:41:28 | 000,982,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015/06/22 15:41:28 | 000,975,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015/06/22 15:41:28 | 000,938,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015/06/22 15:41:28 | 000,503,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2015/06/22 15:41:28 | 000,408,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2015/06/22 15:41:28 | 000,407,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2015/06/22 15:41:28 | 000,364,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2015/06/22 15:41:28 | 000,204,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2015/06/22 15:41:28 | 000,176,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015/06/22 15:41:28 | 000,155,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015/06/22 15:41:28 | 000,150,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015/06/22 15:41:28 | 000,128,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015/06/22 15:41:28 | 000,040,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2015/06/22 15:09:58 | 000,057,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2015/06/22 15:09:58 | 000,046,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2015/06/21 22:02:59 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Desktop\best
[2015/06/21 20:56:28 | 000,000,000 | ---D | C] -- E:\Users\Tommy\Desktop\06-21-15 JrM and stuff

========== Files - Modified Within 30 Days ==========

[2015/07/19 18:55:17 | 000,031,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/07/19 18:55:17 | 000,031,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/07/19 18:54:21 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/07/19 18:54:21 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/07/19 18:54:21 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/07/19 18:52:50 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx
[2015/07/19 18:50:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/07/19 18:47:48 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2015/07/19 18:47:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/07/19 18:47:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/07/19 18:47:26 | 4252,254,206 | -HS- | M] () -- C:\hiberfil.sys
[2015/07/19 18:09:43 | 000,165,376 | ---- | M] () -- E:\Users\Tommy\Desktop\SystemLook_x64.exe
[2015/07/19 17:31:25 | 000,408,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/07/19 16:54:50 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/07/19 10:21:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/07/19 08:57:38 | 005,633,411 | R--- | M] (Swearware) -- E:\Users\Tommy\Desktop\ComboFix.exe
[2015/07/18 14:00:28 | 000,002,283 | ---- | M] () -- C:\Users\Tommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/07/18 13:59:01 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/07/18 13:58:29 | 000,447,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/07/18 13:58:29 | 000,378,880 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/07/18 13:58:29 | 000,274,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/07/18 13:58:29 | 000,150,160 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/07/18 13:58:29 | 000,093,528 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/07/18 13:58:29 | 000,090,968 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/07/18 13:58:29 | 000,065,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/07/18 13:58:29 | 000,028,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/07/18 13:58:28 | 001,048,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2015/07/18 13:58:28 | 000,043,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/07/17 23:09:20 | 003,480,040 | ---- | M] (McAfee, Inc.) -- E:\Users\Tommy\Desktop\MCPR.exe
[2015/07/17 23:08:26 | 024,345,872 | ---- | M] (Malwarebytes Corporation ) -- E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe
[2015/07/17 23:04:57 | 005,685,544 | ---- | M] (AVAST Software) -- E:\Users\Tommy\Desktop\avast_free_antivirus_setup_online.exe
[2015/07/17 07:37:45 | 000,001,546 | ---- | M] () -- E:\Users\Tommy\Desktop\V-1 - Shortcut.lnk
[2015/07/17 07:24:28 | 000,005,404 | ---- | M] () -- E:\Users\Tommy\Documents\Fwd_ Fw_ What George said.eml
[2015/07/17 07:24:27 | 000,005,043 | ---- | M] () -- E:\Users\Tommy\Documents\OCRegister - Kingston Mention donation.eml
[2015/07/17 07:24:27 | 000,002,968 | ---- | M] () -- E:\Users\Tommy\Documents\Welcome to Roxio_com!.eml
[2015/07/17 07:24:27 | 000,002,106 | ---- | M] () -- E:\Users\Tommy\Documents\Question from eBay Member.eml
[2015/07/17 07:24:27 | 000,001,979 | ---- | M] () -- E:\Users\Tommy\Documents\Registration Confirmation.eml
[2015/07/17 07:24:27 | 000,000,766 | ---- | M] () -- E:\Users\Tommy\Documents\melia ss#.eml
[2015/07/17 07:24:26 | 000,002,082 | ---- | M] () -- E:\Users\Tommy\Documents\Your New Account with ReserveUSA.eml
[2015/07/15 22:13:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\Tommy\Desktop\OTL.exe
[2015/07/15 06:54:11 | 000,002,258 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[2015/07/14 21:53:05 | 000,509,440 | ---- | M] (Tech Support Guy System) -- E:\Users\Tommy\Desktop\SysInfo.exe
[2015/07/14 21:52:46 | 000,468,480 | ---- | M] () -- E:\Users\Tommy\Desktop\CKScanner.exe
[2015/07/14 21:52:18 | 002,031,992 | ---- | M] (Microsoft Corporation) -- E:\Users\Tommy\Desktop\MGADiag.exe
[2015/07/14 07:55:11 | 000,688,992 | R--- | M] (Swearware) -- E:\Users\Tommy\Desktop\dds.scr
[2015/07/13 19:13:39 | 006,168,455 | ---- | M] () -- E:\Users\Tommy\Desktop\_DSC6627a-2.jpg
[2015/07/13 17:56:16 | 005,889,449 | ---- | M] () -- E:\Users\Tommy\Desktop\_DSC6627as.jpg
[2015/07/13 17:55:58 | 053,763,559 | ---- | M] () -- E:\Users\Tommy\Desktop\_DSC6627.psd
[2015/07/13 17:35:12 | 005,882,340 | ---- | M] () -- E:\Users\Tommy\Desktop\_DSC6627a.jpg
[2015/07/10 23:18:15 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/07/10 23:18:15 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/07/10 23:18:02 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2015/07/04 11:07:11 | 002,087,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2015/07/03 11:05:54 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2015/07/03 11:05:43 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2015/07/03 11:05:34 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2015/07/03 11:05:26 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015/07/03 10:56:59 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2015/07/03 10:56:52 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015/07/03 09:52:31 | 000,372,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015/07/03 09:42:38 | 000,299,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015/07/02 13:46:34 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/07/02 13:12:26 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/07/01 13:49:45 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/07/01 13:49:45 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/07/01 13:49:42 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/07/01 13:49:41 | 001,216,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2015/07/01 13:49:23 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/07/01 13:49:11 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/07/01 13:48:34 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2015/07/01 13:47:18 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/07/01 13:43:51 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/07/01 13:43:37 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/07/01 13:39:24 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/07/01 13:29:46 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/07/01 13:27:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/07/01 13:26:52 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/07/01 13:24:59 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/06/30 11:38:48 | 000,001,040 | ---- | M] () -- E:\Users\Tommy\Desktop\Adobe Photoshop CC 2015.lnk
[2015/06/26 19:47:11 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/06/26 19:43:26 | 005,923,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/06/26 18:58:17 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/06/24 01:29:00 | 001,217,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FM20.DLL
[2015/06/20 13:06:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/06/20 12:50:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/06/20 12:49:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/06/20 12:49:09 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/06/20 12:49:08 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/06/20 12:48:29 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/06/20 12:39:43 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/06/20 12:34:46 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/06/20 12:34:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/06/20 12:34:42 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/06/20 12:25:28 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/06/20 12:21:39 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/06/20 12:13:07 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/06/20 12:08:16 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/06/20 12:07:37 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/06/20 12:05:03 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/06/20 11:48:40 | 000,720,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/06/20 11:48:26 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/06/20 11:46:53 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/06/20 11:46:48 | 002,125,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/06/20 11:02:50 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/06/20 07:49:43 | 004,969,273 | ---- | M] () -- E:\Users\Tommy\Desktop\_DSC6627.JPG

========== Files Created - No Company Name ==========

[2015/07/19 18:09:43 | 000,165,376 | ---- | C] () -- E:\Users\Tommy\Desktop\SystemLook_x64.exe
[2015/07/19 09:22:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015/07/19 09:22:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015/07/19 09:22:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015/07/19 09:22:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015/07/19 09:22:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015/07/18 13:59:01 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/07/18 13:58:49 | 000,002,283 | ---- | C] () -- C:\Users\Tommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/07/17 07:37:32 | 000,001,546 | ---- | C] () -- E:\Users\Tommy\Desktop\V-1 - Shortcut.lnk
[2015/07/15 05:27:59 | 000,468,480 | ---- | C] () -- E:\Users\Tommy\Desktop\CKScanner.exe
[2015/07/13 19:13:37 | 006,168,455 | ---- | C] () -- E:\Users\Tommy\Desktop\_DSC6627a-2.jpg
[2015/07/13 17:50:29 | 005,889,449 | ---- | C] () -- E:\Users\Tommy\Desktop\_DSC6627as.jpg
[2015/07/13 17:35:08 | 005,882,340 | ---- | C] () -- E:\Users\Tommy\Desktop\_DSC6627a.jpg
[2015/07/13 16:51:39 | 053,763,559 | ---- | C] () -- E:\Users\Tommy\Desktop\_DSC6627.psd
[2015/07/13 16:47:05 | 006,135,241 | ---- | C] () -- E:\Users\Tommy\Desktop\DSC_0369.jpg
[2015/06/30 11:38:48 | 000,001,040 | ---- | C] () -- E:\Users\Tommy\Desktop\Adobe Photoshop CC 2015.lnk
[2015/06/30 05:10:19 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
[2015/06/22 15:41:28 | 042,729,104 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2015/06/22 15:41:28 | 037,748,880 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2015/06/20 07:42:35 | 004,969,273 | ---- | C] () -- E:\Users\Tommy\Desktop\_DSC6627.JPG
[2015/02/12 07:58:08 | 000,001,544 | ---- | C] () -- C:\ProgramData\tempimage.bmp
[2015/01/13 17:23:04 | 000,000,112 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\JP2K CS6 Prefs
[2015/01/03 10:50:57 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2015/01/03 10:45:43 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2015/01/03 10:45:43 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2014/07/21 08:22:32 | 000,000,042 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\mbam.context.scan
[2014/05/02 09:38:34 | 000,003,584 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/24 11:21:37 | 000,000,167 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\WB.CFG
[2013/09/08 17:23:21 | 000,000,080 | ---- | C] () -- C:\Users\Tommy\AppData\Local\CrystalDiskMark30.ini
[2013/08/19 17:15:48 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/08/19 17:15:45 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/08/18 17:21:47 | 000,049,519 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/08/18 15:09:24 | 000,000,094 | ---- | C] () -- C:\Windows\EPSPR2000.ini
[2013/08/17 17:10:01 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/17 16:19:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 22:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 22:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 869 bytes -> E:\Users\Tommy\Documents\Your MUSICMATCH Jukebox Key.eml:OECustomProperty
@Alternate Data Stream - 837 bytes -> E:\Users\Tommy\Documents\Your New Account with ReserveUSA.eml:OECustomProperty
@Alternate Data Stream - 797 bytes -> E:\Users\Tommy\Documents\Registration Confirmation.eml:OECustomProperty
@Alternate Data Stream - 761 bytes -> E:\Users\Tommy\Documents\Question from eBay Member.eml:OECustomProperty
@Alternate Data Stream - 713 bytes -> E:\Users\Tommy\Documents\Welcome to Roxio_com!.eml:OECustomProperty
@Alternate Data Stream - 713 bytes -> E:\Users\Tommy\Documents\melia ss#.eml:OECustomProperty
@Alternate Data Stream - 2085 bytes -> E:\Users\Tommy\Documents\OCRegister - Kingston Mention donation.eml:OECustomProperty
@Alternate Data Stream - 1085 bytes -> E:\Users\Tommy\Documents\Fwd_ Fw_ What George said.eml:OECustomProperty

< End of report >

E. At implementation of OTL Fix, I received a pop-up window message from Avast indicating 55 MBAM files remained to be removed from the removed MBAM program. I did not respond.
You're a little bit in a hurry - we're still not finished our treatment... :D
...lol ... yes, aren't we all? Your help is appreciated, patience notwithstanding :lol:
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby pgmigg » July 19th, 2015, 10:57 pm

Hello madmurph,

We have a few things which are not resolved yet.

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2496106504-3139724863-1530680669-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    HR - Extension: No name found = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
    CHR - Extension: No name found = C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.6.2.cab (DLM Control)
    
    :Files
    @E:\Users\Tommy\Documents\Your MUSICMATCH Jukebox Key.eml:OECustomProperty
    @E:\Users\Tommy\Documents\Your New Account with ReserveUSA.eml:OECustomProperty
    @E:\Users\Tommy\Documents\Registration Confirmation.eml:OECustomProperty
    @E:\Users\Tommy\Documents\Question from eBay Member.eml:OECustomProperty
    @E:\Users\Tommy\Documents\Welcome to Roxio_com!.eml:OECustomProperty
    @E:\Users\Tommy\Documents\melia ss#.eml:OECustomProperty
    @E:\Users\Tommy\Documents\OCRegister - Kingston Mention donation.eml:OECustomProperty
    @E:\Users\Tommy\Documents\Fwd_ Fw_ What George said.eml:OECustomProperty
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
SystemLook
  1. You should still have SystemLook_x64.exe on your desktop.
  2. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  3. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *Malwarebytes*
    *McAfee*
    
    :folderfind
    *Malwarebytes*
    *McAfee*
    
    :Regfind
    Malwarebytes
    McAfee
    
  4. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  5. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 126 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware