Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got the "this file contained a virus and was deleted" thing [S

Started by Lyanheart , Jul 13 2013 08:09 AM

  • This topic is locked This topic is locked

#1
Lyanheart
Posted 13 July 2013 - 08:09 AM

Lyanheart

    Member

  • Member
  • PipPipPip
  • 136 posts
This is what I get for coming in to the office on a Saturday!! :-)

Any time I download a file, I get the "this file contained a virus and was deleted" message, obviously bogus. I have read some instructions on how to fix it, but have had no luck. This forum has helps me tremendously before, so I'm back again.

Please notice down in the OTL log, there was a section that was nothing but a huge block of asian characters that I could not copy/paste... it crashed my browser trying to do so.

Thank you very much for your time and help, once again!

OTL Log:
OTL logfile created on: 7/13/2013 9:52:10 AM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 51.33% Memory free
7.93 Gb Paging File | 6.04 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 379.15 Gb Free Space | 83.57% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/06 23:57:24 | 019,676,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/27 14:36:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
PRC - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/13 09:45:07 | 001,175,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._core_.pyd
MOD - [2013/07/13 09:45:07 | 001,153,024 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_ssl.pyd
MOD - [2013/07/13 09:45:07 | 001,022,416 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\windows._cacheinvalidation.pyd
MOD - [2013/07/13 09:45:07 | 000,811,008 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._windows_.pyd
MOD - [2013/07/13 09:45:07 | 000,805,888 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._gdi_.pyd
MOD - [2013/07/13 09:45:07 | 000,735,232 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._misc_.pyd
MOD - [2013/07/13 09:45:07 | 000,711,680 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_hashlib.pyd
MOD - [2013/07/13 09:45:07 | 000,557,056 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\pysqlite2._sqlite.pyd
MOD - [2013/07/13 09:45:07 | 000,364,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\pythoncom27.dll
MOD - [2013/07/13 09:45:07 | 000,320,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32com.shell.shell.pyd
MOD - [2013/07/13 09:45:07 | 000,128,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_elementtree.pyd
MOD - [2013/07/13 09:45:07 | 000,122,368 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._wizard.pyd
MOD - [2013/07/13 09:45:07 | 000,119,808 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32file.pyd
MOD - [2013/07/13 09:45:07 | 000,110,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\PyWinTypes27.dll
MOD - [2013/07/13 09:45:07 | 000,108,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32security.pyd
MOD - [2013/07/13 09:45:07 | 000,098,816 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32api.pyd
MOD - [2013/07/13 09:45:07 | 000,087,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_ctypes.pyd
MOD - [2013/07/13 09:45:07 | 000,070,656 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._html2.pyd
MOD - [2013/07/13 09:45:07 | 000,044,032 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_socket.pyd
MOD - [2013/07/13 09:45:07 | 000,035,840 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32process.pyd
MOD - [2013/07/13 09:45:07 | 000,026,624 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_multiprocessing.pyd
MOD - [2013/07/13 09:45:07 | 000,025,600 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32pdh.pyd
MOD - [2013/07/13 09:45:07 | 000,022,528 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32ts.pyd
MOD - [2013/07/13 09:45:07 | 000,017,408 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32profile.pyd
MOD - [2013/07/13 09:45:07 | 000,011,264 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32crypt.pyd
MOD - [2013/07/13 09:45:06 | 001,062,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._controls_.pyd
MOD - [2013/07/13 09:45:06 | 000,686,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\unicodedata.pyd
MOD - [2013/07/13 09:45:06 | 000,127,488 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\pyexpat.pyd
MOD - [2013/07/13 09:45:06 | 000,038,912 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32inet.pyd
MOD - [2013/07/13 09:45:06 | 000,018,432 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32event.pyd
MOD - [2013/07/13 09:45:06 | 000,010,240 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\select.pyd
MOD - [2013/07/11 11:23:22 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\83cfe0422e7e54f3f00107c15a63f1b4\System.ServiceProcess.ni.dll
MOD - [2013/07/11 11:23:02 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\8c23da04a46a1025bea8e421fe424a85\System.Management.ni.dll
MOD - [2013/07/11 11:21:52 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\6fc582264153b30739f7c797734ae1e6\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 11:21:44 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6da2afd0e57708d41892d9d3e32ba5a3\System.Xaml.ni.dll
MOD - [2013/07/11 11:19:33 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\76a252e7a04bef4c81c5199d477d117f\IAStorUtil.ni.dll
MOD - [2013/07/11 07:24:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 07:24:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/11 07:24:27 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/11 07:24:16 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/11 07:24:12 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 07:24:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/11 07:24:08 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 07:24:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 12:09:32 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f3770f9a13d7516e4c03f23dbd319cba\PresentationFramework.ni.dll
MOD - [2013/07/10 12:09:21 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4572de8445038600e4552429b18fbe32\PresentationCore.ni.dll
MOD - [2013/07/10 12:09:17 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b756ddf227abba4dd83b3210c01093bd\System.Windows.Forms.ni.dll
MOD - [2013/07/10 12:09:10 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\112f6448b7434699af4bcc05f25ce12b\WindowsBase.ni.dll
MOD - [2013/07/10 12:09:10 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea0e4a85154e5d8bbd6940f96581d47a\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 12:09:09 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\da851a56e2eb6cc239c4f018a57eb147\System.Drawing.ni.dll
MOD - [2013/07/10 12:09:06 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\64b92e2a22bb8c1e86486bd22828acc5\System.Core.ni.dll
MOD - [2013/07/10 12:09:05 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\c1c41a9e1a25999e74defafecb2aa0bc\System.Xml.ni.dll
MOD - [2013/07/10 12:09:02 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7546a01feb9d477570b883eec56cc673\System.Configuration.ni.dll
MOD - [2013/07/10 12:09:01 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\89445d5b924ad94744d00f1b6cd2285d\System.ni.dll
MOD - [2013/07/10 12:01:27 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/07/27 15:54:26 | 000,115,137 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2013/07/13 08:11:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 13:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/10 04:03:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/04 03:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 03:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/03 10:17:50 | 000,018,272 | ---- | M] (Fructel AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtfilter.sys -- (gtfilter)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 16:46:02 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/21 01:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 01:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 01:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 08:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKCU\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\28.0.1500.71\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

O1 HOSTS File: ([2013/05/13 15:38:52 | 000,446,960 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts:

**** At this point in the OTL log, there is a HUGE block of asain characters that won't copy/paste *****

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/13 08:13:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{733351A7-B194-41F8-B9FF-DC67E443F1EA}
[2013/07/12 08:41:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{DE941E53-8AC0-4B14-BB37-0F1B2A6FEBFB}
[2013/07/12 08:08:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{98A866DD-DF18-4C30-A2D5-BAB9BA41FFFE}
[2013/07/11 08:38:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AF277FF7-0343-4652-92E7-B4CDC53B60FD}
[2013/07/10 08:13:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8324BED9-0159-4C23-9248-336421A854F0}
[2013/07/09 09:40:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{90324D3B-DAD1-4F6B-B51F-97CBFAEFB0D0}
[2013/07/08 09:26:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8E0B937C-FA5A-475F-B7AE-0A62BA7318BB}
[2013/07/08 08:14:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{78324EE4-89FC-40F2-AE46-180A317745C5}
[2013/07/05 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Pinball
[2013/07/05 15:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Pinball
[2013/07/05 08:52:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{89B68618-5166-44D2-9083-FA5859F83A1C}
[2013/07/03 07:41:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{452CE914-BE72-4F6E-B6AC-8FBD5D30117C}
[2013/07/02 07:35:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{40F7B465-3E57-4F35-9F51-B0A1E968F4D0}
[2013/07/01 08:00:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{0401DC35-BA4D-43B2-9FD8-5B78E3324EBD}
[2013/06/28 10:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soul's Software
[2013/06/28 10:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Soul's Software
[2013/06/28 09:14:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{EC7C5B74-E524-4903-B91C-A12940E0EB57}
[2013/06/27 07:41:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7B188A85-14FA-43A2-9293-0CDBEA57C4B3}
[2013/06/26 12:12:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FECF88C8-0F95-4F36-8E0E-8CF894EE9FC6}
[2013/06/26 12:05:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1179013F-C549-4A33-B848-FECC15DCC902}
[2013/06/25 08:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{054EF4BE-7674-476F-81BD-A4E7933460E2}
[2013/06/24 08:03:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C803208C-5748-4FB3-967D-46FD452D9B3C}
[2013/06/21 08:37:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{DD75556F-F92C-4238-BA29-52A86DB3FCED}
[2013/06/20 09:19:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FAAE65F8-0B06-41F7-BE9B-B10803A73D61}
[2013/06/19 08:01:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{88723C14-A99E-4A8E-8A3D-D983B828C8C2}
[2013/06/18 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D884AE3D-F25C-44D1-8785-04DDAE35124B}
[2013/06/17 07:41:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{700BB207-6C24-4D30-B273-ACC08D8BB1D6}
[2013/06/14 07:49:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{799E7647-D0EB-464E-9186-A48C6D387FD2}

========== Files - Modified Within 30 Days ==========

[2013/07/13 09:53:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2013/07/13 09:51:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/13 09:51:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/13 09:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/13 09:45:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/13 09:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/13 09:44:24 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/13 09:24:42 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/13 09:05:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/13 08:56:37 | 000,002,390 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2013/07/12 14:53:04 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2013/07/11 07:22:32 | 000,296,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 12:07:54 | 000,744,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/10 12:07:54 | 000,627,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/10 12:07:54 | 000,107,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/05 15:14:55 | 000,002,036 | ---- | M] () -- C:\Users\Ryan2011\Desktop\VPinball_9_0_2.lnk
[2013/07/05 15:14:55 | 000,001,994 | ---- | M] () -- C:\Users\Ryan2011\Desktop\VPinball.lnk
[2013/07/03 10:46:17 | 001,665,550 | ---- | M] () -- C:\Users\Ryan2011\Documents\3g601665550.gif
[2013/06/24 15:17:16 | 000,001,443 | ---- | M] () -- C:\Users\Ryan2011\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/07/05 15:14:55 | 000,002,036 | ---- | C] () -- C:\Users\Ryan2011\Desktop\VPinball_9_0_2.lnk
[2013/07/05 15:14:55 | 000,001,994 | ---- | C] () -- C:\Users\Ryan2011\Desktop\VPinball.lnk
[2013/07/03 10:46:42 | 001,665,550 | ---- | C] () -- C:\Users\Ryan2011\Documents\3g601665550.gif
[2013/06/24 15:17:16 | 000,001,375 | ---- | C] () -- C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/02/04 11:20:38 | 000,119,951 | ---- | C] () -- C:\Users\Ryan2011\2377WilliamPenn.jpg
[2013/02/04 11:16:32 | 014,954,926 | ---- | C] () -- C:\Users\Ryan2011\house ad.psd
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip

========== LOP Check ==========

[2012/07/20 16:27:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Amazon
[2013/02/06 10:56:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Celeris
[2013/03/06 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\com.amazon.music.uploader
[2013/07/13 09:48:58 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Dropbox
[2013/06/20 12:05:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle Casino
[2013/05/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle FaceCreator
[2012/07/24 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Mp3tag
[2011/02/01 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\PureEdge
[2012/07/17 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Samsung
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Thunderbird
[2011/06/07 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Unity
[2011/02/21 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Windows Live Writer
[2012/08/23 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\WinFellow
[2011/04/26 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Wizards of the Coast
[2013/07/13 09:44:39 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 13 July 2013 - 08:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will very quickly need you to run OTL again please. There will be just one log this time

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Lyanheart
Posted 13 July 2013 - 08:23 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Good to see you've taken my case, Essexboy. You saved my butt a time last year...

OTL log that I was shown this time (again, with a huge block of asian letters I could not copy):

OTL logfile created on: 7/13/2013 10:14:47 AM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.59% Memory free
7.93 Gb Paging File | 6.38 Gb Available in Paging File | 80.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 379.15 Gb Free Space | 83.57% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/06 23:57:24 | 019,676,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/27 14:36:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
PRC - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/13 09:45:07 | 001,175,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._core_.pyd
MOD - [2013/07/13 09:45:07 | 001,153,024 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_ssl.pyd
MOD - [2013/07/13 09:45:07 | 001,022,416 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\windows._cacheinvalidation.pyd
MOD - [2013/07/13 09:45:07 | 000,811,008 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._windows_.pyd
MOD - [2013/07/13 09:45:07 | 000,805,888 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._gdi_.pyd
MOD - [2013/07/13 09:45:07 | 000,735,232 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._misc_.pyd
MOD - [2013/07/13 09:45:07 | 000,711,680 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_hashlib.pyd
MOD - [2013/07/13 09:45:07 | 000,557,056 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\pysqlite2._sqlite.pyd
MOD - [2013/07/13 09:45:07 | 000,364,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\pythoncom27.dll
MOD - [2013/07/13 09:45:07 | 000,320,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32com.shell.shell.pyd
MOD - [2013/07/13 09:45:07 | 000,128,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_elementtree.pyd
MOD - [2013/07/13 09:45:07 | 000,122,368 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._wizard.pyd
MOD - [2013/07/13 09:45:07 | 000,119,808 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32file.pyd
MOD - [2013/07/13 09:45:07 | 000,110,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\PyWinTypes27.dll
MOD - [2013/07/13 09:45:07 | 000,108,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32security.pyd
MOD - [2013/07/13 09:45:07 | 000,098,816 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32api.pyd
MOD - [2013/07/13 09:45:07 | 000,087,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_ctypes.pyd
MOD - [2013/07/13 09:45:07 | 000,070,656 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._html2.pyd
MOD - [2013/07/13 09:45:07 | 000,044,032 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_socket.pyd
MOD - [2013/07/13 09:45:07 | 000,035,840 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32process.pyd
MOD - [2013/07/13 09:45:07 | 000,026,624 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\_multiprocessing.pyd
MOD - [2013/07/13 09:45:07 | 000,025,600 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32pdh.pyd
MOD - [2013/07/13 09:45:07 | 000,022,528 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32ts.pyd
MOD - [2013/07/13 09:45:07 | 000,017,408 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32profile.pyd
MOD - [2013/07/13 09:45:07 | 000,011,264 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32crypt.pyd
MOD - [2013/07/13 09:45:06 | 001,062,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\wx._controls_.pyd
MOD - [2013/07/13 09:45:06 | 000,686,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\unicodedata.pyd
MOD - [2013/07/13 09:45:06 | 000,127,488 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\pyexpat.pyd
MOD - [2013/07/13 09:45:06 | 000,038,912 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32inet.pyd
MOD - [2013/07/13 09:45:06 | 000,018,432 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\win32event.pyd
MOD - [2013/07/13 09:45:06 | 000,010,240 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI28682\select.pyd
MOD - [2013/07/11 11:23:22 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\83cfe0422e7e54f3f00107c15a63f1b4\System.ServiceProcess.ni.dll
MOD - [2013/07/11 11:23:02 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\8c23da04a46a1025bea8e421fe424a85\System.Management.ni.dll
MOD - [2013/07/11 11:21:52 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\6fc582264153b30739f7c797734ae1e6\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 11:21:44 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6da2afd0e57708d41892d9d3e32ba5a3\System.Xaml.ni.dll
MOD - [2013/07/11 11:19:33 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\76a252e7a04bef4c81c5199d477d117f\IAStorUtil.ni.dll
MOD - [2013/07/11 07:24:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 07:24:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/11 07:24:27 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/11 07:24:16 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/11 07:24:12 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 07:24:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/11 07:24:08 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 07:24:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 12:09:32 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f3770f9a13d7516e4c03f23dbd319cba\PresentationFramework.ni.dll
MOD - [2013/07/10 12:09:21 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4572de8445038600e4552429b18fbe32\PresentationCore.ni.dll
MOD - [2013/07/10 12:09:17 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b756ddf227abba4dd83b3210c01093bd\System.Windows.Forms.ni.dll
MOD - [2013/07/10 12:09:10 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\112f6448b7434699af4bcc05f25ce12b\WindowsBase.ni.dll
MOD - [2013/07/10 12:09:10 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea0e4a85154e5d8bbd6940f96581d47a\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 12:09:09 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\da851a56e2eb6cc239c4f018a57eb147\System.Drawing.ni.dll
MOD - [2013/07/10 12:09:06 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\64b92e2a22bb8c1e86486bd22828acc5\System.Core.ni.dll
MOD - [2013/07/10 12:09:05 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\c1c41a9e1a25999e74defafecb2aa0bc\System.Xml.ni.dll
MOD - [2013/07/10 12:09:02 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7546a01feb9d477570b883eec56cc673\System.Configuration.ni.dll
MOD - [2013/07/10 12:09:01 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\89445d5b924ad94744d00f1b6cd2285d\System.ni.dll
MOD - [2013/07/10 12:01:27 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/07/27 15:54:26 | 000,115,137 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2013/07/13 08:11:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 13:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/10 04:03:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/04 03:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 03:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/03 10:17:50 | 000,018,272 | ---- | M] (Fructel AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtfilter.sys -- (gtfilter)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 16:46:02 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/21 01:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 01:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 01:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 08:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\28.0.1500.71\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

O1 HOSTS File: ([2013/05/13 15:38:52 | 000,446,960 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts:
******* HUGE BLOCK OF ASIAN CHARACTERS ********
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKU\.DEFAULT..\Run: [PackageAware] rundll32.exe "C:\Users\Ryan2011\AppData\Local\SCE\PackageAware\jqjsvyzea.dll",CreateInstance File not found
O4 - HKU\S-1-5-18..\Run: [PackageAware] rundll32.exe "C:\Users\Ryan2011\AppData\Local\SCE\PackageAware\jqjsvyzea.dll",CreateInstance File not found
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/13 08:13:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{733351A7-B194-41F8-B9FF-DC67E443F1EA}
[2013/07/12 08:41:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{DE941E53-8AC0-4B14-BB37-0F1B2A6FEBFB}
[2013/07/12 08:08:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{98A866DD-DF18-4C30-A2D5-BAB9BA41FFFE}
[2013/07/11 08:38:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AF277FF7-0343-4652-92E7-B4CDC53B60FD}
[2013/07/10 12:02:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/10 12:02:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/10 12:02:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 12:02:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/10 12:02:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/10 12:02:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 12:02:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/10 12:02:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/10 12:02:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 12:02:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/10 12:02:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/10 12:02:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 12:02:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 12:02:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/10 12:02:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 08:13:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8324BED9-0159-4C23-9248-336421A854F0}
[2013/07/10 07:44:38 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 07:44:37 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 07:44:37 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 07:44:37 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 07:44:08 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 09:40:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{90324D3B-DAD1-4F6B-B51F-97CBFAEFB0D0}
[2013/07/08 09:26:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8E0B937C-FA5A-475F-B7AE-0A62BA7318BB}
[2013/07/08 08:14:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{78324EE4-89FC-40F2-AE46-180A317745C5}
[2013/07/05 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Pinball
[2013/07/05 15:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Pinball
[2013/07/05 08:52:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{89B68618-5166-44D2-9083-FA5859F83A1C}
[2013/07/03 07:41:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{452CE914-BE72-4F6E-B6AC-8FBD5D30117C}
[2013/07/02 07:35:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{40F7B465-3E57-4F35-9F51-B0A1E968F4D0}
[2013/07/01 08:00:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{0401DC35-BA4D-43B2-9FD8-5B78E3324EBD}
[2013/06/28 10:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soul's Software
[2013/06/28 10:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Soul's Software
[2013/06/28 09:14:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{EC7C5B74-E524-4903-B91C-A12940E0EB57}
[2013/06/27 07:41:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7B188A85-14FA-43A2-9293-0CDBEA57C4B3}
[2013/06/26 12:12:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FECF88C8-0F95-4F36-8E0E-8CF894EE9FC6}
[2013/06/26 12:05:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1179013F-C549-4A33-B848-FECC15DCC902}
[2013/06/25 08:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{054EF4BE-7674-476F-81BD-A4E7933460E2}
[2013/06/24 08:03:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C803208C-5748-4FB3-967D-46FD452D9B3C}
[2013/06/21 08:37:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{DD75556F-F92C-4238-BA29-52A86DB3FCED}
[2013/06/20 09:19:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FAAE65F8-0B06-41F7-BE9B-B10803A73D61}
[2013/06/19 08:01:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{88723C14-A99E-4A8E-8A3D-D983B828C8C2}
[2013/06/18 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D884AE3D-F25C-44D1-8785-04DDAE35124B}
[2013/06/17 07:41:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{700BB207-6C24-4D30-B273-ACC08D8BB1D6}
[2013/06/14 07:49:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{799E7647-D0EB-464E-9186-A48C6D387FD2}

========== Files - Modified Within 30 Days ==========

[2013/07/13 10:05:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/13 09:53:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2013/07/13 09:51:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/13 09:51:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/13 09:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/13 09:45:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/13 09:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/13 09:44:24 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/13 09:24:42 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/13 08:56:37 | 000,002,390 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2013/07/13 08:11:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/13 08:11:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/12 14:53:04 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2013/07/11 07:22:32 | 000,296,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 12:07:54 | 000,744,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/10 12:07:54 | 000,627,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/10 12:07:54 | 000,107,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/05 15:14:55 | 000,002,036 | ---- | M] () -- C:\Users\Ryan2011\Desktop\VPinball_9_0_2.lnk
[2013/07/05 15:14:55 | 000,001,994 | ---- | M] () -- C:\Users\Ryan2011\Desktop\VPinball.lnk
[2013/07/03 10:46:17 | 001,665,550 | ---- | M] () -- C:\Users\Ryan2011\Documents\3g601665550.gif
[2013/06/24 15:17:16 | 000,001,443 | ---- | M] () -- C:\Users\Ryan2011\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/07/05 15:14:55 | 000,002,036 | ---- | C] () -- C:\Users\Ryan2011\Desktop\VPinball_9_0_2.lnk
[2013/07/05 15:14:55 | 000,001,994 | ---- | C] () -- C:\Users\Ryan2011\Desktop\VPinball.lnk
[2013/07/03 10:46:42 | 001,665,550 | ---- | C] () -- C:\Users\Ryan2011\Documents\3g601665550.gif
[2013/06/24 15:17:16 | 000,001,375 | ---- | C] () -- C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/02/04 11:20:38 | 000,119,951 | ---- | C] () -- C:\Users\Ryan2011\2377WilliamPenn.jpg
[2013/02/04 11:16:32 | 014,954,926 | ---- | C] () -- C:\Users\Ryan2011\house ad.psd
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip

========== LOP Check ==========

[2012/07/20 16:27:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Amazon
[2013/02/06 10:56:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Celeris
[2013/03/06 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\com.amazon.music.uploader
[2013/07/13 09:48:58 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Dropbox
[2013/06/20 12:05:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle Casino
[2013/05/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle FaceCreator
[2012/07/24 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Mp3tag
[2011/02/01 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\PureEdge
[2012/07/17 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Samsung
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Thunderbird
[2011/06/07 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Unity
[2011/02/21 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Windows Live Writer
[2012/08/23 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\WinFellow
[2011/04/26 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Wizards of the Coast
[2013/07/13 09:44:39 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< BASESERVICES >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/09/10 06:37:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/09/10 06:37:42 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/09/10 06:37:32 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/09/10 06:37:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/09/10 06:37:42 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/10 06:37:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/09/10 06:37:42 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/10 06:37:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/10 06:37:42 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/09/10 06:37:32 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/09/10 06:37:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/09/10 06:37:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2012/07/12 10:59:51 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2012/07/12 10:59:51 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.07945D2C85D437C1 >
[2012/07/12 10:54:03 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe.07945D2C85D437C1

< MD5 for: SERVICES.EXE.248A3FEBD2117956 >
[2012/07/09 09:48:58 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe.248A3FEBD2117956

< MD5 for: SERVICES.EXE.77574F9B5422EFE1 >
[2012/07/12 10:57:24 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe.77574F9B5422EFE1

< MD5 for: SERVICES.EXE.BF241D29E72E0404 >
[2012/07/09 09:44:10 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe.BF241D29E72E0404

< MD5 for: SERVICES.EXE.D625D2D679FB13E4 >
[2012/07/09 09:39:21 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe.D625D2D679FB13E4

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HEARSTMAGS[1].XML >
[2013/05/21 15:38:30 | 000,000,114 | ---- | M] () MD5=ADA6F7D61F1B5A662B1C235BC79772DB -- C:\Users\Ryan2011\AppData\Local\Microsoft\Internet Explorer\DOMStore\J84LZX5T\services.hearstmags[1].xml

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.POWERREVIEWS[1].XML >
[2012/09/27 08:30:30 | 000,000,125 | ---- | M] () MD5=BFFFE1590148302509A676DC660CD08B -- C:\Users\Ryan2011\AppData\Local\Microsoft\Internet Explorer\DOMStore\J84LZX5T\services.powerreviews[1].xml

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/09/10 06:37:42 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/09/10 06:37:42 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is EA35-C9E7
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Microsoft Security Client
07/12/2012 10:34 AM <SYMLINKD> Backup [c:\windows\system32\config]
05/23/2012 10:25 AM <SYMLINK> DbgHelp.dll [c:\windows\system32\config]
10/01/2012 04:56 PM <SYMLINKD> Drivers [c:\windows\system32\config]
02/19/2013 05:56 PM <SYMLINKD> en-us [c:\windows\system32\config]
01/27/2013 03:37 PM <SYMLINK> EppManifest.dll [c:\windows\system32\config]
01/27/2013 02:43 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
01/27/2013 12:34 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
01/27/2013 02:36 PM <SYMLINK> mpevmsg.dll [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> MpOAv.dll [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
03/26/2012 06:54 PM <SYMLINK> MSESysprep.dll [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
01/27/2013 12:34 PM <SYMLINK> MsMpEng.exe [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
01/27/2013 12:35 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
01/27/2013 12:34 PM <SYMLINK> msseces.exe [c:\windows\system32\config]
03/26/2012 06:54 PM <SYMLINK> msseoobe.exe [c:\windows\system32\config]
03/26/2012 06:54 PM <SYMLINK> msseooberes.dll [c:\windows\system32\config]
01/27/2013 12:34 PM <SYMLINK> MsseWat.dll [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> NisIpsPlugin.dll [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> NisLog.dll [c:\windows\system32\config]
01/27/2013 12:34 PM <SYMLINK> NisSrv.exe [c:\windows\system32\config]
01/27/2013 12:36 PM <SYMLINK> NisWFP.dll [c:\windows\system32\config]
01/27/2013 12:34 PM <SYMLINK> Setup.exe [c:\windows\system32\config]
01/27/2013 12:35 PM <SYMLINK> SetupRes.dll [c:\windows\system32\config]
01/27/2013 12:35 PM <SYMLINK> shellext.dll [c:\windows\system32\config]
02/08/2012 04:06 PM <SYMLINK> SqmApi.dll [c:\windows\system32\config]
05/23/2012 10:25 AM <SYMLINK> SymSrv.dll [c:\windows\system32\config]
04/06/2012 09:59 AM <SYMLINK> SymSrv.yes [c:\windows\system32\config]
29 File(s) 10,693,689 bytes
Directory of C:\Program Files\Windows Defender
07/14/2009 01:37 AM <SYMLINKD> en-US [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
05/27/2013 01:50 AM <SYMLINK> MpClient.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
05/27/2013 01:50 AM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
05/27/2013 01:50 AM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 09:27 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 File(s) 3,919,360 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Ryan2011
01/31/2011 01:32 PM <JUNCTION> Application Data [C:\Users\Ryan2011\AppData\Roaming]
01/31/2011 01:32 PM <JUNCTION> Cookies [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Cookies]
01/31/2011 01:32 PM <JUNCTION> Local Settings [C:\Users\Ryan2011\AppData\Local]
01/31/2011 01:32 PM <JUNCTION> My Documents [C:\Users\Ryan2011\Documents]
01/31/2011 01:32 PM <JUNCTION> NetHood [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/31/2011 01:32 PM <JUNCTION> PrintHood [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/31/2011 01:32 PM <JUNCTION> Recent [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Recent]
01/31/2011 01:32 PM <JUNCTION> SendTo [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\SendTo]
01/31/2011 01:32 PM <JUNCTION> Start Menu [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu]
01/31/2011 01:32 PM <JUNCTION> Templates [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ryan2011\AppData\Local
01/31/2011 01:32 PM <JUNCTION> Application Data [C:\Users\Ryan2011\AppData\Local]
01/31/2011 01:32 PM <JUNCTION> History [C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\History]
01/31/2011 01:32 PM <JUNCTION> Temporary Internet Files [C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ryan2011\Documents
01/31/2011 01:32 PM <JUNCTION> My Music [C:\Users\Ryan2011\Music]
01/31/2011 01:32 PM <JUNCTION> My Pictures [C:\Users\Ryan2011\Pictures]
01/31/2011 01:32 PM <JUNCTION> My Videos [C:\Users\Ryan2011\Videos]
0 File(s) 0 bytes
Total Files Listed:
41 File(s) 14,613,049 bytes
53 Dir(s) 406,924,423,168 bytes free

< End of report >
  • 0

#4
Essexboy
Posted 13 July 2013 - 08:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see it, it will taken me 10 to 15 minutes to construct a fix
  • 0

#5
Essexboy
Posted 13 July 2013 - 08:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first we will kill the main bad boy, along with the asian host file

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Notepad and click on it
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\Backup" 
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\DbgHelp.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\Drivers"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\en-us"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\EppManifest.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpAsDesc.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpClient.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpCmdRun.exe"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpCommu.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\mpevmsg.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpOAv.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpRTP.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpSvc.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MSESysprep.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsMpCom.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsMpEng.exe"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsMpLics.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsMpRes.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\msseces.exe"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\msseoobe.exe"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\msseooberes.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsseWat.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisLog.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisSrv.exe"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisWFP.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\Setup.exe"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\SetupRes.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\shellext.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\SqmApi.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\SymSrv.dll"
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\SymSrv.yes"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCommu.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRTP.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll"

CD \
DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
start %USERPROFILE%\Desktop\JunctionPoints.txt .
EXIT
  • Go to File > Save As... and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (*.*)
  • Locate fix.bat on your Desktop and right click then select Run as administrator
  • A log Junction.txt will be located on the desktop attach that

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKU\.DEFAULT..\Run: [PackageAware] rundll32.exe "C:\Users\Ryan2011\AppData\Local\SCE\PackageAware\jqjsvyzea.dll",CreateInstance File not found
O4 - HKU\S-1-5-18..\Run: [PackageAware] rundll32.exe "C:\Users\Ryan2011\AppData\Local\SCE\PackageAware\jqjsvyzea.dll",CreateInstance File not found
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_20)

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
Lyanheart
Posted 13 July 2013 - 09:02 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
attached the junction txt file, will run OTL with posted script now

Volume in drive C is OS
Volume Serial Number is EA35-C9E7

Directory of C:\

07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes

Directory of C:\ProgramData

07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users

07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes

Directory of C:\Users\All Users

07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default

07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Ryan2011

01/31/2011 01:32 PM <JUNCTION> Application Data [C:\Users\Ryan2011\AppData\Roaming]
01/31/2011 01:32 PM <JUNCTION> Cookies [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Cookies]
01/31/2011 01:32 PM <JUNCTION> Local Settings [C:\Users\Ryan2011\AppData\Local]
01/31/2011 01:32 PM <JUNCTION> My Documents [C:\Users\Ryan2011\Documents]
01/31/2011 01:32 PM <JUNCTION> NetHood [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/31/2011 01:32 PM <JUNCTION> PrintHood [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/31/2011 01:32 PM <JUNCTION> Recent [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Recent]
01/31/2011 01:32 PM <JUNCTION> SendTo [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\SendTo]
01/31/2011 01:32 PM <JUNCTION> Start Menu [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu]
01/31/2011 01:32 PM <JUNCTION> Templates [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Ryan2011\AppData\Local

01/31/2011 01:32 PM <JUNCTION> Application Data [C:\Users\Ryan2011\AppData\Local]
01/31/2011 01:32 PM <JUNCTION> History [C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\History]
01/31/2011 01:32 PM <JUNCTION> Temporary Internet Files [C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Ryan2011\Documents

01/31/2011 01:32 PM <JUNCTION> My Music [C:\Users\Ryan2011\Music]
01/31/2011 01:32 PM <JUNCTION> My Pictures [C:\Users\Ryan2011\Pictures]
01/31/2011 01:32 PM <JUNCTION> My Videos [C:\Users\Ryan2011\Videos]
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 406,923,235,328 bytes free

Attached Files


Edited by Essexboy, 13 July 2013 - 09:03 AM.

  • 0

#7
Lyanheart
Posted 13 July 2013 - 09:23 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
No asian stuff this time!

OTL logfile created on: 7/13/2013 11:15:02 AM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.78% Memory free
7.93 Gb Paging File | 6.14 Gb Available in Paging File | 77.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 381.25 Gb Free Space | 84.03% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/06 23:57:24 | 019,676,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/27 14:36:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
PRC - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/13 11:11:50 | 000,805,888 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\wx._gdi_.pyd
MOD - [2013/07/13 11:11:50 | 000,557,056 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\pysqlite2._sqlite.pyd
MOD - [2013/07/13 11:11:50 | 000,320,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32com.shell.shell.pyd
MOD - [2013/07/13 11:11:50 | 000,128,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\_elementtree.pyd
MOD - [2013/07/13 11:11:50 | 000,098,816 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32api.pyd
MOD - [2013/07/13 11:11:50 | 000,070,656 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\wx._html2.pyd
MOD - [2013/07/13 11:11:50 | 000,044,032 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\_socket.pyd
MOD - [2013/07/13 11:11:50 | 000,026,624 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\_multiprocessing.pyd
MOD - [2013/07/13 11:11:50 | 000,022,528 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32ts.pyd
MOD - [2013/07/13 11:11:50 | 000,011,264 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32crypt.pyd
MOD - [2013/07/13 11:11:49 | 001,175,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\wx._core_.pyd
MOD - [2013/07/13 11:11:49 | 001,022,416 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\windows._cacheinvalidation.pyd
MOD - [2013/07/13 11:11:49 | 000,735,232 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\wx._misc_.pyd
MOD - [2013/07/13 11:11:49 | 000,364,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\pythoncom27.dll
MOD - [2013/07/13 11:11:49 | 000,110,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\PyWinTypes27.dll
MOD - [2013/07/13 11:11:49 | 000,108,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32security.pyd
MOD - [2013/07/13 11:11:49 | 000,087,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\_ctypes.pyd
MOD - [2013/07/13 11:11:49 | 000,017,408 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32profile.pyd
MOD - [2013/07/13 11:11:48 | 001,153,024 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\_ssl.pyd
MOD - [2013/07/13 11:11:48 | 000,811,008 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\wx._windows_.pyd
MOD - [2013/07/13 11:11:48 | 000,711,680 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\_hashlib.pyd
MOD - [2013/07/13 11:11:48 | 000,122,368 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\wx._wizard.pyd
MOD - [2013/07/13 11:11:48 | 000,119,808 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32file.pyd
MOD - [2013/07/13 11:11:48 | 000,115,137 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2013/07/13 11:11:48 | 000,038,912 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32inet.pyd
MOD - [2013/07/13 11:11:48 | 000,035,840 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32process.pyd
MOD - [2013/07/13 11:11:48 | 000,025,600 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32pdh.pyd
MOD - [2013/07/13 11:11:47 | 001,062,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\wx._controls_.pyd
MOD - [2013/07/13 11:11:47 | 000,686,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\unicodedata.pyd
MOD - [2013/07/13 11:11:47 | 000,127,488 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\pyexpat.pyd
MOD - [2013/07/13 11:11:47 | 000,018,432 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\win32event.pyd
MOD - [2013/07/13 11:11:47 | 000,010,240 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30842\select.pyd
MOD - [2013/07/11 11:23:22 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\83cfe0422e7e54f3f00107c15a63f1b4\System.ServiceProcess.ni.dll
MOD - [2013/07/11 11:23:02 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\8c23da04a46a1025bea8e421fe424a85\System.Management.ni.dll
MOD - [2013/07/11 11:21:52 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\6fc582264153b30739f7c797734ae1e6\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 11:21:44 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6da2afd0e57708d41892d9d3e32ba5a3\System.Xaml.ni.dll
MOD - [2013/07/11 11:19:33 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\76a252e7a04bef4c81c5199d477d117f\IAStorUtil.ni.dll
MOD - [2013/07/11 07:24:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 07:24:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/11 07:24:27 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/11 07:24:16 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/11 07:24:12 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 07:24:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/11 07:24:08 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 07:24:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 12:09:32 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f3770f9a13d7516e4c03f23dbd319cba\PresentationFramework.ni.dll
MOD - [2013/07/10 12:09:21 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4572de8445038600e4552429b18fbe32\PresentationCore.ni.dll
MOD - [2013/07/10 12:09:17 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b756ddf227abba4dd83b3210c01093bd\System.Windows.Forms.ni.dll
MOD - [2013/07/10 12:09:10 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\112f6448b7434699af4bcc05f25ce12b\WindowsBase.ni.dll
MOD - [2013/07/10 12:09:10 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea0e4a85154e5d8bbd6940f96581d47a\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 12:09:09 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\da851a56e2eb6cc239c4f018a57eb147\System.Drawing.ni.dll
MOD - [2013/07/10 12:09:06 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\64b92e2a22bb8c1e86486bd22828acc5\System.Core.ni.dll
MOD - [2013/07/10 12:09:05 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\c1c41a9e1a25999e74defafecb2aa0bc\System.Xml.ni.dll
MOD - [2013/07/10 12:09:02 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7546a01feb9d477570b883eec56cc673\System.Configuration.ni.dll
MOD - [2013/07/10 12:09:01 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\89445d5b924ad94744d00f1b6cd2285d\System.ni.dll
MOD - [2013/07/10 12:01:27 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2013/07/13 08:11:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 13:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/10 04:03:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/04 03:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 03:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/03 10:17:50 | 000,018,272 | ---- | M] (Fructel AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtfilter.sys -- (gtfilter)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 16:46:02 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/21 01:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 01:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 01:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 08:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKCU\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\28.0.1500.71\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

O1 HOSTS File: ([2013/07/13 11:05:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/13 08:13:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{733351A7-B194-41F8-B9FF-DC67E443F1EA}
[2013/07/12 08:41:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{DE941E53-8AC0-4B14-BB37-0F1B2A6FEBFB}
[2013/07/12 08:08:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{98A866DD-DF18-4C30-A2D5-BAB9BA41FFFE}
[2013/07/11 08:38:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AF277FF7-0343-4652-92E7-B4CDC53B60FD}
[2013/07/10 08:13:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8324BED9-0159-4C23-9248-336421A854F0}
[2013/07/09 09:40:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{90324D3B-DAD1-4F6B-B51F-97CBFAEFB0D0}
[2013/07/08 09:26:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8E0B937C-FA5A-475F-B7AE-0A62BA7318BB}
[2013/07/08 08:14:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{78324EE4-89FC-40F2-AE46-180A317745C5}
[2013/07/05 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Pinball
[2013/07/05 15:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Pinball
[2013/07/05 08:52:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{89B68618-5166-44D2-9083-FA5859F83A1C}
[2013/07/03 07:41:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{452CE914-BE72-4F6E-B6AC-8FBD5D30117C}
[2013/07/02 07:35:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{40F7B465-3E57-4F35-9F51-B0A1E968F4D0}
[2013/07/01 08:00:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{0401DC35-BA4D-43B2-9FD8-5B78E3324EBD}
[2013/06/28 10:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soul's Software
[2013/06/28 10:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Soul's Software
[2013/06/28 09:14:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{EC7C5B74-E524-4903-B91C-A12940E0EB57}
[2013/06/27 07:41:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7B188A85-14FA-43A2-9293-0CDBEA57C4B3}
[2013/06/26 12:12:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FECF88C8-0F95-4F36-8E0E-8CF894EE9FC6}
[2013/06/26 12:05:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1179013F-C549-4A33-B848-FECC15DCC902}
[2013/06/25 08:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{054EF4BE-7674-476F-81BD-A4E7933460E2}
[2013/06/24 08:03:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C803208C-5748-4FB3-967D-46FD452D9B3C}
[2013/06/21 08:37:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{DD75556F-F92C-4238-BA29-52A86DB3FCED}
[2013/06/20 09:19:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FAAE65F8-0B06-41F7-BE9B-B10803A73D61}
[2013/06/19 08:01:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{88723C14-A99E-4A8E-8A3D-D983B828C8C2}
[2013/06/18 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D884AE3D-F25C-44D1-8785-04DDAE35124B}
[2013/06/17 07:41:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{700BB207-6C24-4D30-B273-ACC08D8BB1D6}
[2013/06/14 07:49:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{799E7647-D0EB-464E-9186-A48C6D387FD2}

========== Files - Modified Within 30 Days ==========

[2013/07/13 11:18:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/13 11:18:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/13 11:11:13 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/13 11:11:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/13 11:10:56 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/13 11:05:16 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/07/13 11:05:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/13 10:55:44 | 000,003,862 | ---- | M] () -- C:\Users\Ryan2011\Desktop\fix.bat
[2013/07/13 10:53:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2013/07/13 10:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/13 09:24:42 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/13 08:56:37 | 000,002,390 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2013/07/12 14:53:04 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2013/07/11 07:22:32 | 000,296,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 12:07:54 | 000,744,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/10 12:07:54 | 000,627,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/10 12:07:54 | 000,107,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/05 15:14:55 | 000,002,036 | ---- | M] () -- C:\Users\Ryan2011\Desktop\VPinball_9_0_2.lnk
[2013/07/05 15:14:55 | 000,001,994 | ---- | M] () -- C:\Users\Ryan2011\Desktop\VPinball.lnk
[2013/07/03 10:46:17 | 001,665,550 | ---- | M] () -- C:\Users\Ryan2011\Documents\3g601665550.gif
[2013/06/24 15:17:16 | 000,001,443 | ---- | M] () -- C:\Users\Ryan2011\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/07/13 10:55:44 | 000,003,862 | ---- | C] () -- C:\Users\Ryan2011\Desktop\fix.bat
[2013/07/05 15:14:55 | 000,002,036 | ---- | C] () -- C:\Users\Ryan2011\Desktop\VPinball_9_0_2.lnk
[2013/07/05 15:14:55 | 000,001,994 | ---- | C] () -- C:\Users\Ryan2011\Desktop\VPinball.lnk
[2013/07/03 10:46:42 | 001,665,550 | ---- | C] () -- C:\Users\Ryan2011\Documents\3g601665550.gif
[2013/06/24 15:17:16 | 000,001,375 | ---- | C] () -- C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/02/04 11:20:38 | 000,119,951 | ---- | C] () -- C:\Users\Ryan2011\2377WilliamPenn.jpg
[2013/02/04 11:16:32 | 014,954,926 | ---- | C] () -- C:\Users\Ryan2011\house ad.psd
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip

========== LOP Check ==========

[2012/07/20 16:27:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Amazon
[2013/02/06 10:56:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Celeris
[2013/03/06 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\com.amazon.music.uploader
[2013/07/13 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Dropbox
[2013/06/20 12:05:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle Casino
[2013/05/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle FaceCreator
[2012/07/24 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Mp3tag
[2011/02/01 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\PureEdge
[2012/07/17 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Samsung
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Thunderbird
[2011/06/07 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Unity
[2011/02/21 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Windows Live Writer
[2012/08/23 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\WinFellow
[2011/04/26 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Wizards of the Coast
[2013/07/13 09:44:39 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#8
Essexboy
Posted 13 July 2013 - 09:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
While I check this out could you test Microsoft Security Essentials and confirm that it is running properly
  • 0

#9
Lyanheart
Posted 13 July 2013 - 09:27 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Yes, was able to open MSE and it's back in the system tray.
  • 0

#10
Essexboy
Posted 13 July 2013 - 09:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further problems before I tidy up, as the logs look good :)
  • 0

#11
Lyanheart
Posted 13 July 2013 - 09:31 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Looks like things are back to normal; able to download my work files again with no errors
  • 0

#12
Essexboy
Posted 13 July 2013 - 09:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have a nice saturday.. Weather is lovely here in Cornwall

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
Lyanheart
Posted 13 July 2013 - 09:50 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
I'll keep an eye on it and make sure it's all still good come Monday. You're the best!
  • 0

#14
Essexboy
Posted 13 July 2013 - 10:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, keep safe :) Then enjoy the rest of the weekend
  • 0

#15
Essexboy
Posted 18 July 2013 - 09:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP