Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Symptoms worse, overheating, supposive error on startup [Solved]

Started by Destiny000 , Nov 10 2013 11:27 PM

This topic is locked

#16
Destiny000

Posted 14 November 2013 - 05:16 PM

Member

Topic Starter
Member
130 posts

Ok before I do the rest of what you told me to do, the first item on the list to uninstall I cannot because a file directory is missing/incorrect and it cannot uninstall.

The other items on the list I cannot find nor see on my add remove program list.

Also I wanted to let you know, since the first post here when my printer stopped and computer overheating, my printer has not been able to print anything. It's as if it's not receiving the computers request or something, plain well nothing happens. And this is my All in one HP officejet 4110 (4100) Printer I am referring too.

Since I cannot uninstall those programs, do you still want me to go ahead and run your next instructions? And do you want me connected to internet or does it matter.

Thanks!!!!!

#17
Machiavelli

Posted 14 November 2013 - 11:52 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Since I cannot uninstall those programs, do you still want me to go ahead and run your next instructions?

Correct, please ignore that steps and follow the other steps for now.

Also I wanted to let you know, since the first post here when my printer stopped and computer overheating, my printer has not been able to print anything. It's as if it's not receiving the computers request or something, plain well nothing happens. And this is my All in one HP officejet 4110 (4100) Printer I am referring too.

We will fix this later. We must make sure that the Malware is gone then we could fix the other issues.

Thanks!!!!!

You are welcome.

Additionally I like to know how is your PC running? Faster?

#18
Destiny000

Posted 15 November 2013 - 12:09 PM

Member

Topic Starter
Member
130 posts

Here is the OTL file:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
File not found.
H:\autorun.inf moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2020AE43-45C7-4022-AA59-FAE546959D26}C:\windows\kmsemulator.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6C44D40-349B-4867-8D40-ABFFAD9E1F91} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6C44D40-349B-4867-8D40-ABFFAD9E1F91}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 473597 bytes
->Temporary Internet Files folder emptied: 5596732 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 1714 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fbwuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1109061 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11152013_105645

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\CR_BC61F.tmp\SETUP_PATCH.PACKED.7Z scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000001B433567F8EEB3644 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I'll edit if it lets me and add the other one in a bit here.

Here is the other one:

Farbar Service Scanner Version: 10-11-2013
Ran by Administrator (administrator) on 15-11-2013 at 11:13:10
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-12 19:05] - [2013-09-27 18:09] - 0497152 ____A (Microsoft Corporation) 79059559E89D06E8B80CE2944BE20228

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-10 01:38] - [2013-09-07 19:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Edited by Destiny000, 15 November 2013 - 12:14 PM.

#19
Machiavelli

Posted 15 November 2013 - 12:49 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Hello Destiny!

Please connect to your internet again. Does it still work?

- FIRST -

Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  qmgr.dll
  winsock.*
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  CREATERESTOREPOINT
Open on the desktop. To do that:
- XP users: Double click on the OTL icon.
- Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
- You will see a console like the one below:
- Click the box beside Scan All Users at the top of the console
- IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
- Make sure the Output box at the top is set to Standard Output.
- Check the boxes beside LOP Checkand Purity Check.
- Under the option Extra Registry please select Use Safe List
  Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
- Click the button. Do not change any settings unless otherwise told to do so.
- Let the scan run uninterrupted.
- When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
- Please copy the contents of these files and paste it into your reply. To do that:
- On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
- Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

[/list]Repeat for the Extras.txtfile.

- NEXT -

How is your computer running? I know from your printer issue, we will fix that later, any other issues except the printer issue? Does the PC run faster?

Please don't forget to include these Logfiles in your next answer:

OTL.txt
Extras.txt
Answer to my question

#20
Destiny000

Posted 16 November 2013 - 12:51 AM

Member

Topic Starter
Member
130 posts

Here's the first:

OTL logfile created on: 15/11/2013 11:32:57 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

11.91 Gb Total Physical Memory | 9.26 Gb Available Physical Memory | 77.74% Memory free
23.81 Gb Paging File | 21.30 Gb Available in Paging File | 89.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 151.94 Gb Free Space | 21.75% Space Free | Partition Type: NTFS
Drive D: | 7.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 14.66 Gb Total Space | 0.73 Gb Free Space | 4.96% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 32.59 Gb Free Space | 3.50% Space Free | Partition Type: NTFS

Computer Name: OWNERPC-P0SPPR1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/10 21:47:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL (1).exe
PRC - [2013/10/20 23:41:58 | 002,423,648 | ---- | M] () -- C:\Program Files (x86)\Opera\17.0.1241.53\opera_autoupdate.exe
PRC - [2013/08/04 11:33:28 | 004,686,848 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
PRC - [2013/07/03 14:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/07/03 14:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/07/03 14:32:25 | 001,205,024 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/13 15:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/10/28 11:18:46 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuschd2.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/20 23:41:58 | 002,423,648 | ---- | M] () -- C:\Program Files (x86)\Opera\17.0.1241.53\opera_autoupdate.exe
MOD - [2013/10/08 22:14:21 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/12/03 08:47:14 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/06/21 06:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011/06/20 06:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011/06/20 04:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011/06/20 04:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011/06/20 04:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011/06/20 04:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011/05/26 02:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011/05/26 02:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/08 22:14:24 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 14:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 15:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/03/13 09:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/01/17 22:28:28 | 000,024,576 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/18 03:42:52 | 000,253,568 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/11/18 03:16:42 | 000,137,344 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/15 18:42:02 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/10/10 02:00:58 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2013/06/21 05:06:36 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/06/20 18:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/06/18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/18 00:28:45 | 000,142,424 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2013/03/04 05:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/08 01:52:06 | 000,077,040 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2012/11/08 01:42:06 | 000,249,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2012/09/10 09:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/09/04 13:17:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/30 23:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/04 13:48:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2012/07/03 11:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012/07/03 11:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2012/06/12 21:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/25 09:26:34 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/07 18:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/12/06 03:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/16 10:24:57 | 000,032,848 | ---- | M] (ip-shield.net LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipshtap.sys -- (ipshtap)
DRV:64bit: - [2011/06/27 00:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/13 09:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/13 09:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/13 09:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/13 09:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/13 09:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/13 09:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/13 09:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/16 13:23:56 | 000,106,752 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/11/16 13:12:10 | 000,211,072 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2010/11/16 13:11:50 | 000,245,760 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/08 18:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/09/07 13:27:24 | 000,038,912 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2009/11/20 14:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/12 05:16:06 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/02/05 00:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2013/07/02 12:55:03 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2013/03/18 00:28:45 | 000,142,424 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012/12/09 21:57:03 | 000,089,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys -- (usj)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2010/09/07 13:27:24 | 000,038,912 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-1002\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 F2 F5 45 AA 84 CD 01 [binary data]
IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7AURU_enCA499
IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2013/07/02 19:40:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2013/07/24 10:59:24 | 000,000,000 | ---D | M]

[2013/11/12 20:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: MixiDJ V8 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle\10.15.0.62_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkdcodhlkmiakbangobnmdhieapagic\1.0.0_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows ® Win 7 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-500..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-500..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-500..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-500..\Run: [SkyDrive] C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-500..\Run: [uTorrent] C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-500..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1436811410-1753281251-3049770552-500..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25DFF212-CB9A-4D9C-897E-F37041D30E72}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BF6E015-86D4-4B85-A85D-DDC5AAC54796}: DhcpNameServer = 209.91.107.11 209.121.225.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74F2496C-A4AE-4BC8-A53C-4350286FBA7C}: DhcpNameServer = 209.91.107.11 209.121.225.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF4CFA2-3033-4FCE-90C2-4BDA9DE2797F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF4CFA2-3033-4FCE-90C2-4BDA9DE2797F}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/02 00:05:09 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/15 11:07:55 | 000,360,775 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FSS.exe
[2013/11/13 23:37:07 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\MiniToolBox.exe
[2013/11/13 09:17:03 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/13 09:17:02 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/13 09:17:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/13 09:17:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/13 09:17:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/13 09:17:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/13 09:17:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/13 09:17:01 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/13 09:17:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/13 09:17:00 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/13 09:17:00 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/13 09:16:58 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/13 09:16:57 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/13 09:16:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/13 09:16:56 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 21:18:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/12 20:50:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/12 19:05:53 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/12 19:05:39 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/12 19:05:38 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/12 19:05:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/12 19:05:37 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/12 19:05:37 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/12 19:05:25 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/12 19:05:25 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/12 19:05:24 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/12 19:05:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/12 19:05:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/12 19:05:05 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/12 19:04:59 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/12 19:04:59 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/12 19:04:59 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/12 19:04:59 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/11 20:00:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.appwork
[2013/11/10 23:04:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL (1).exe
[2013/11/08 15:02:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Regency Toyota Pre-Owned Vehicles 2008 Toyota Yaris 2008 $13,995_files
[2013/11/08 14:29:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Used 2009 Toyota Yaris, $12,998 - New Westminster Westminster Toyota_files
[2013/11/04 12:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2013/11/04 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ :spam:

Studio
[2013/11/04 12:03:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\ :spam:

Studio
[2013/11/04 12:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ :spam:

[2013/11/04 12:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ :spam:

Studio
[2013/11/04 12:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ :spam:

Studio
[2013/11/01 12:55:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013/10/31 20:36:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veoh Networks, Inc
[2013/10/31 20:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2013/10/26 02:00:35 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013/10/25 18:57:43 | 000,044,744 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/10/17 22:26:05 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/17 22:26:05 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/17 21:02:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PlayFirst
[2013/10/17 21:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[1 C:\Users\Administrator\Documents\*.tmp files -> C:\Users\Administrator\Documents\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/15 23:32:45 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/15 23:32:45 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/15 23:29:52 | 001,321,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/15 23:29:52 | 000,660,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/15 23:29:52 | 000,420,586 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/11/15 23:29:52 | 000,124,796 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/15 23:29:52 | 000,123,028 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/11/15 23:25:52 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/15 23:21:56 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/15 23:20:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/15 23:20:41 | 999,092,222 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/15 12:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/15 11:07:57 | 000,360,775 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FSS.exe
[2013/11/13 23:33:46 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\MiniToolBox.exe
[2013/11/13 10:03:22 | 000,185,014 | ---- | M] () -- C:\Users\Administrator\Desktop\Accident Benefits claim forms.zip
[2013/11/12 20:47:38 | 001,085,542 | ---- | M] () -- C:\Users\Administrator\Desktop\AdwCleaner.exe
[2013/11/12 20:41:37 | 005,625,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/10 21:47:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL (1).exe
[2013/11/10 18:57:51 | 000,402,986 | ---- | M] () -- C:\Users\Administrator\Desktop\pptc054.pdf
[2013/11/08 15:02:01 | 000,076,979 | ---- | M] () -- C:\Users\Administrator\Desktop\Regency Toyota Pre-Owned Vehicles 2008 Toyota Yaris 2008 $13,995.htm
[2013/11/08 14:29:57 | 000,090,811 | ---- | M] () -- C:\Users\Administrator\Desktop\Used 2009 Toyota Yaris, $12,998 - New Westminster Westminster Toyota.htm
[2013/11/05 13:00:52 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/11/04 23:41:10 | 005,297,551 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 13 [1E580435].mp4
[2013/11/04 23:41:04 | 149,670,408 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 12 [7729E599].mp4
[2013/11/04 23:35:31 | 136,817,561 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 11 [90DCD193].mp4
[2013/11/04 23:29:54 | 159,378,722 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 10 [A53F6183].mp4
[2013/11/04 23:23:52 | 143,395,492 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 09 [B3D6746D].mp4
[2013/11/04 23:17:58 | 133,504,883 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 08 [A52BC8DD].mp4
[2013/11/04 23:12:21 | 159,323,910 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 07 [DCEA53CA].mp4
[2013/11/04 23:06:19 | 159,463,195 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 06 [68A52627].mp4
[2013/11/04 23:00:22 | 159,384,225 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 05 [798DDFF5].mp4
[2013/11/04 22:54:11 | 140,460,381 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 04 [E45A3D8F].mp4
[2013/11/04 22:48:40 | 159,371,360 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 03 [C1279952].mp4
[2013/11/04 22:42:14 | 153,779,427 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 02 [30F330DD].mp4
[2013/11/04 22:36:26 | 152,018,493 | ---- | M] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 01 [CC187CB1].mp4
[2013/11/04 22:17:32 | 000,002,415 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ :spam:

Video Converter Platinum.lnk
[2013/11/04 22:17:32 | 000,002,391 | ---- | M] () -- C:\Users\Public\Desktop\ :spam:

Video Converter Platinum.lnk
[2013/11/01 12:55:17 | 000,002,565 | ---- | M] () -- C:\Users\Administrator\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/10/31 20:36:45 | 000,002,233 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Veoh Web Player Beta.lnk
[2013/10/31 20:36:45 | 000,002,211 | ---- | M] () -- C:\Users\Administrator\Desktop\Veoh Web Player.lnk
[2013/10/24 14:34:56 | 000,020,254 | ---- | M] () -- C:\Users\Administrator\Desktop\c1e1e55bba60201f1b15ef16b0e52092.jpg
[2013/10/24 14:34:14 | 000,082,441 | ---- | M] () -- C:\Users\Administrator\Desktop\il_570xN.390938365_l06k.jpg
[2013/10/24 14:34:00 | 000,030,921 | ---- | M] () -- C:\Users\Administrator\Desktop\leaf_shaped_copper_wire_wrapped_stone_necklace_with_brown_cotton_cord_13001b5c.jpg
[2013/10/24 14:33:54 | 000,029,265 | ---- | M] () -- C:\Users\Administrator\Desktop\e74619c0f64c9ce4ce796a9381422ac8.jpg
[2013/10/24 14:33:47 | 000,035,893 | ---- | M] () -- C:\Users\Administrator\Desktop\il_340x270.445656455_myvc.jpg
[2013/10/24 14:33:34 | 000,067,955 | ---- | M] () -- C:\Users\Administrator\Desktop\4773757104_d07ffa57bd.jpg
[2013/10/20 19:34:45 | 009,727,677 | ---- | M] () -- C:\Users\Administrator\Desktop\How to Care for Your Teeth! with David Wolfe.mp3
[2013/10/20 19:33:23 | 004,750,301 | ---- | M] () -- C:\Users\Administrator\Desktop\David Wolfe Explains Enzymes ( Rawfood Superfood ).mp3
[2013/10/20 19:33:12 | 009,345,141 | ---- | M] () -- C:\Users\Administrator\Desktop\Daniel Vitalis - Milk Myths.mp3
[2013/10/20 19:26:56 | 002,904,727 | ---- | M] () -- C:\Users\Administrator\Desktop\David Wolfe on Calcium pt 7.mp3
[2013/10/20 19:26:54 | 007,133,170 | ---- | M] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 6.mp3
[2013/10/20 19:26:48 | 009,610,083 | ---- | M] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 5.mp3
[2013/10/20 19:26:42 | 007,099,679 | ---- | M] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 4.mp3
[2013/10/20 19:26:36 | 007,276,524 | ---- | M] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 3.mp3
[2013/10/20 19:26:30 | 007,054,920 | ---- | M] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 2.mp3
[2013/10/20 19:26:24 | 006,627,675 | ---- | M] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 1.mp3
[2013/10/19 13:14:25 | 000,300,686 | ---- | M] () -- C:\Users\Administrator\Documents\Superfoods2.pdf
[2013/10/17 20:41:31 | 000,189,826 | ---- | M] () -- C:\Windows\hpoins46.dat
[1 C:\Users\Administrator\Documents\*.tmp files -> C:\Users\Administrator\Documents\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/13 10:04:50 | 000,185,014 | ---- | C] () -- C:\Users\Administrator\Desktop\Accident Benefits claim forms.zip
[2013/11/12 20:47:21 | 001,085,542 | ---- | C] () -- C:\Users\Administrator\Desktop\AdwCleaner.exe
[2013/11/10 18:57:50 | 000,402,986 | ---- | C] () -- C:\Users\Administrator\Desktop\pptc054.pdf
[2013/11/08 15:01:53 | 000,076,979 | ---- | C] () -- C:\Users\Administrator\Desktop\Regency Toyota Pre-Owned Vehicles 2008 Toyota Yaris 2008 $13,995.htm
[2013/11/08 14:29:47 | 000,090,811 | ---- | C] () -- C:\Users\Administrator\Desktop\Used 2009 Toyota Yaris, $12,998 - New Westminster Westminster Toyota.htm
[2013/11/04 23:41:04 | 005,297,551 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 13 [1E580435].mp4
[2013/11/04 23:35:32 | 149,670,408 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 12 [7729E599].mp4
[2013/11/04 23:29:54 | 136,817,561 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 11 [90DCD193].mp4
[2013/11/04 23:23:52 | 159,378,722 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 10 [A53F6183].mp4
[2013/11/04 23:17:58 | 143,395,492 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 09 [B3D6746D].mp4
[2013/11/04 23:12:21 | 133,504,883 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 08 [A52BC8DD].mp4
[2013/11/04 23:06:19 | 159,323,910 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 07 [DCEA53CA].mp4
[2013/11/04 23:00:22 | 159,463,195 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 06 [68A52627].mp4
[2013/11/04 22:54:11 | 159,384,225 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 05 [798DDFF5].mp4
[2013/11/04 22:48:40 | 140,460,381 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 04 [E45A3D8F].mp4
[2013/11/04 22:42:15 | 159,371,360 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 03 [C1279952].mp4
[2013/11/04 22:28:10 | 153,779,427 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 02 [30F330DD].mp4
[2013/11/04 22:22:09 | 152,018,493 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 01 [CC187CB1].mp4
[2013/11/04 22:17:32 | 000,002,415 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ :spam:

Video Converter Platinum.lnk
[2013/11/04 22:17:32 | 000,002,391 | ---- | C] () -- C:\Users\Public\Desktop\ :spam:

Video Converter Platinum.lnk
[2013/11/04 11:37:16 | 268,100,293 | ---- | C] () -- C:\Users\Administrator\Desktop\[Commie] Magi - 01 [CC187CB1].mkv
[2013/11/01 12:55:17 | 000,002,565 | ---- | C] () -- C:\Users\Administrator\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/10/31 20:36:45 | 000,002,233 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Veoh Web Player Beta.lnk
[2013/10/31 20:36:45 | 000,002,211 | ---- | C] () -- C:\Users\Administrator\Desktop\Veoh Web Player.lnk
[2013/10/25 18:57:22 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/10/24 14:34:56 | 000,020,254 | ---- | C] () -- C:\Users\Administrator\Desktop\c1e1e55bba60201f1b15ef16b0e52092.jpg
[2013/10/24 14:34:14 | 000,082,441 | ---- | C] () -- C:\Users\Administrator\Desktop\il_570xN.390938365_l06k.jpg
[2013/10/24 14:34:00 | 000,030,921 | ---- | C] () -- C:\Users\Administrator\Desktop\leaf_shaped_copper_wire_wrapped_stone_necklace_with_brown_cotton_cord_13001b5c.jpg
[2013/10/24 14:33:54 | 000,029,265 | ---- | C] () -- C:\Users\Administrator\Desktop\e74619c0f64c9ce4ce796a9381422ac8.jpg
[2013/10/24 14:33:46 | 000,035,893 | ---- | C] () -- C:\Users\Administrator\Desktop\il_340x270.445656455_myvc.jpg
[2013/10/24 14:33:30 | 000,067,955 | ---- | C] () -- C:\Users\Administrator\Desktop\4773757104_d07ffa57bd.jpg
[2013/10/20 19:33:25 | 009,727,677 | ---- | C] () -- C:\Users\Administrator\Desktop\How to Care for Your Teeth! with David Wolfe.mp3
[2013/10/20 19:33:14 | 004,750,301 | ---- | C] () -- C:\Users\Administrator\Desktop\David Wolfe Explains Enzymes ( Rawfood Superfood ).mp3
[2013/10/20 19:32:58 | 009,345,141 | ---- | C] () -- C:\Users\Administrator\Desktop\Daniel Vitalis - Milk Myths.mp3
[2013/10/20 19:26:54 | 002,904,727 | ---- | C] () -- C:\Users\Administrator\Desktop\David Wolfe on Calcium pt 7.mp3
[2013/10/20 19:26:48 | 007,133,170 | ---- | C] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 6.mp3
[2013/10/20 19:26:42 | 009,610,083 | ---- | C] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 5.mp3
[2013/10/20 19:26:36 | 007,099,679 | ---- | C] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 4.mp3
[2013/10/20 19:26:30 | 007,276,524 | ---- | C] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 3.mp3
[2013/10/20 19:26:25 | 007,054,920 | ---- | C] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 2.mp3
[2013/10/20 19:26:19 | 006,627,675 | ---- | C] () -- C:\Users\Administrator\Desktop\David Wolfe Educates About Arthritis, Calcium, Osteoporosis Part 1.mp3
[2013/10/19 16:43:01 | 000,003,043 | ---- | C] () -- C:\Users\Administrator\Documents\ATT00002
[2013/10/19 16:43:01 | 000,000,402 | ---- | C] () -- C:\Users\Administrator\Documents\ATT00001
[2013/10/19 13:14:22 | 000,300,686 | ---- | C] () -- C:\Users\Administrator\Documents\Superfoods2.pdf
[2013/10/01 22:30:51 | 000,000,145 | ---- | C] () -- C:\Windows\game.INI
[2013/09/27 16:22:37 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/09/25 15:58:15 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2013/08/27 13:27:06 | 000,000,218 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2013/07/08 00:18:34 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2013/07/02 19:33:09 | 000,207,031 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2013/07/02 19:33:09 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013/07/02 12:49:56 | 000,016,618 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2013/05/07 08:14:48 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/02/08 12:54:42 | 000,703,117 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\technic-launcher.jar
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/29 09:28:33 | 000,007,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/10/03 10:35:24 | 000,001,456 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/09/22 19:50:41 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/09/22 10:03:34 | 000,000,054 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/09/17 13:23:37 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/06 15:11:14 | 001,313,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/03 17:36:35 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/08/28 16:07:17 | 000,000,454 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/08/28 15:59:53 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/08/28 11:33:12 | 000,189,826 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/08/28 11:33:12 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/08/27 17:43:41 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/08/27 17:43:37 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/27 13:22:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.anomos
[2013/02/08 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.techniclauncher
[2013/09/27 17:13:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2013/03/30 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\calibre
[2013/04/23 16:53:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CDisplayEx
[2012/10/18 19:20:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/10/25 13:47:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012/09/03 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2013/09/14 18:56:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMCache
[2013/04/22 18:32:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Doblon
[2013/10/08 21:19:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Eipix
[2013/09/24 18:23:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EQATEC Analytics
[2013/06/18 11:46:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EurekaLog
[2013/02/04 16:47:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EuroTalk
[2013/09/11 14:02:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GlarySoft
[2013/10/09 11:26:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gogii Games
[2013/08/27 13:23:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2013/09/27 16:19:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2012/12/29 22:33:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IonFx
[2012/12/29 16:14:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Kalypso Media
[2013/02/08 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\logs
[2013/10/07 17:14:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mad Head Games
[2013/09/25 15:34:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MotioninJoy
[2013/10/01 22:48:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera Software
[2013/09/24 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Orbit
[2012/09/13 09:16:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OverPlay.net, LP
[2012/09/17 13:23:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PACE Anti-Piracy
[2013/10/17 21:02:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlayFirst
[2013/09/24 18:33:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ProgSense
[2013/06/18 09:12:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\S.A.D
[2013/07/16 09:36:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sierra Wireless
[2012/08/27 20:55:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/04/26 12:39:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\sylteditor
[2013/01/03 09:22:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2013/10/25 13:40:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\The Longest Journey
[2013/10/09 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TheBookofLegends_Saves
[2013/07/12 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TheSage
[2013/11/15 23:29:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2013/10/15 12:28:31 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2013/10/15 12:28:31 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 06:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 06:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 06:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 06:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 06:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 06:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 06:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 06:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 06:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 06:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 06:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 06:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 06:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 06:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 06:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[1995/07/11 08:50:00 | 000,204,288 | ---- | M] (Microsoft Corporation) MD5=40978DF82DAAFAD93117A0D81FAE5C5F -- C:\Users\Administrator\Documents\windows 95\WIN95_DSK18\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[1995/07/11 08:50:00 | 000,006,007 | ---- | M] () MD5=D5E21E6DD81F7E6BEF32A67898362A85 -- C:\Users\Administrator\Documents\windows 95\WIN95_DSK21\services
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2013/09/03 06:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CSS >
[2005/06/29 14:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files (x86)\Intuit\QuickBooks 2010\Components\Services\services.css

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 18:19:58 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=130B7341F5446430B3FFB7DCD9A786E3 -- C:\Windows\SysNative\ja-JP\services.exe.mui
[2009/07/13 18:19:58 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=130B7341F5446430B3FFB7DCD9A786E3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4c280f4fcec33c8\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 18:11:32 | 000,092,779 | ---- | M] () MD5=DD14A9FE7CD992573F40FC169551BBAB -- C:\Windows\SysNative\ja-JP\services.msc
[2009/07/13 18:29:36 | 000,092,779 | ---- | M] () MD5=DD14A9FE7CD992573F40FC169551BBAB -- C:\Windows\SysWOW64\ja-JP\services.msc
[2009/07/13 18:11:32 | 000,092,779 | ---- | M] () MD5=DD14A9FE7CD992573F40FC169551BBAB -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2f0450e0d355cdbb\services.msc
[2009/07/13 18:29:36 | 000,092,779 | ---- | M] () MD5=DD14A9FE7CD992573F40FC169551BBAB -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d2e5b55d1af85c85\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2010/04/19 08:25:26 | 000,033,457 | ---- | M] () MD5=3171D886B2782CE1B51E0210BCD4E50C -- C:\Users\Administrator\Documents\Tools\111 Quick Tools\Installs\spybot\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINSOCK.DLL >
[1995/07/11 08:50:00 | 000,042,080 | ---- | M] (Microsoft Corporation) MD5=2A316E08790F0A4CABFBC9F5AC30CF1A -- C:\Users\Administrator\Documents\windows 95\WIN95_DSK19\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 6A91-EEA5
Directory of C:\
13/07/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
13/07/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
13/07/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/07/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
13/07/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/07/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/07/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
13/07/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
13/07/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Administrator
27/08/2012 02:40 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Roaming]
27/08/2012 02:40 PM <JUNCTION> Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
27/08/2012 02:40 PM <JUNCTION> Local Settings [C:\Users\Administrator\AppData\Local]
27/08/2012 02:40 PM <JUNCTION> My Documents [C:\Users\Administrator\Documents]
27/08/2012 02:40 PM <JUNCTION> NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/08/2012 02:40 PM <JUNCTION> PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/08/2012 02:40 PM <JUNCTION> Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
27/08/2012 02:40 PM <JUNCTION> SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
27/08/2012 02:40 PM <JUNCTION> Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
27/08/2012 02:40 PM <JUNCTION> Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\AppData\Local
27/08/2012 02:40 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Local]
27/08/2012 02:40 PM <JUNCTION> History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
27/08/2012 02:40 PM <JUNCTION> Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\Documents
27/08/2012 02:40 PM <JUNCTION> My Music [C:\Users\Administrator\Music]
27/08/2012 02:40 PM <JUNCTION> My Pictures [C:\Users\Administrator\Pictures]
27/08/2012 02:40 PM <JUNCTION> My Videos [C:\Users\Administrator\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
13/07/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
13/07/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/07/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
13/07/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/07/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/07/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
13/07/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
13/07/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
13/07/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
13/07/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
13/07/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/07/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/07/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
13/07/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
13/07/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
13/07/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
13/07/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
13/07/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
13/07/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
13/07/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
13/07/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
13/07/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser
11/07/2013 11:32 AM <JUNCTION> Application Data [C:\Users\fbwuser\AppData\Roaming]
11/07/2013 11:32 AM <JUNCTION> Cookies [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Cookies]
11/07/2013 11:32 AM <JUNCTION> Local Settings [C:\Users\fbwuser\AppData\Local]
11/07/2013 11:32 AM <JUNCTION> My Documents [C:\Users\fbwuser\Documents]
11/07/2013 11:32 AM <JUNCTION> NetHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/07/2013 11:32 AM <JUNCTION> PrintHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/07/2013 11:32 AM <JUNCTION> Recent [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Recent]
11/07/2013 11:32 AM <JUNCTION> SendTo [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\SendTo]
11/07/2013 11:32 AM <JUNCTION> Start Menu [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu]
11/07/2013 11:32 AM <JUNCTION> Templates [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser\AppData\Local
11/07/2013 11:32 AM <JUNCTION> Application Data [C:\Users\fbwuser\AppData\Local]
11/07/2013 11:32 AM <JUNCTION> History [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\History]
11/07/2013 11:32 AM <JUNCTION> Temporary Internet Files [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser\Documents
11/07/2013 11:32 AM <JUNCTION> My Music [C:\Users\fbwuser\Music]
11/07/2013 11:32 AM <JUNCTION> My Pictures [C:\Users\fbwuser\Pictures]
11/07/2013 11:32 AM <JUNCTION> My Videos [C:\Users\fbwuser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
13/07/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
13/07/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
13/07/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
15/01/2013 12:29 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
15/01/2013 12:29 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
15/01/2013 12:29 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
15/01/2013 12:29 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
15/01/2013 12:29 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
15/01/2013 12:29 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
15/01/2013 12:29 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
15/01/2013 12:29 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
15/01/2013 12:29 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
15/01/2013 12:29 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
15/01/2013 12:29 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
15/01/2013 12:29 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
15/01/2013 12:29 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
15/01/2013 12:29 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
15/01/2013 12:29 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
15/01/2013 12:29 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 162,903,539,712 bytes free

========== Files - Unicode (All) ==========
[2013/09/15 14:21:00 | 000,002,009 | ---- | M] ()(C:\Users\Public\Desktop\?1?e?I‰S.lnk) -- C:\Users\Public\Desktop\¹–ë‚Ì‰S.lnk
[2013/09/15 14:21:00 | 000,002,009 | ---- | C] ()(C:\Users\Public\Desktop\?1?e?I‰S.lnk) -- C:\Users\Public\Desktop\¹–ë‚Ì‰S.lnk

< End of report >

And here is the extra's:

OTL Extras logfile created on: 15/11/2013 11:32:57 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

11.91 Gb Total Physical Memory | 9.26 Gb Available Physical Memory | 77.74% Memory free
23.81 Gb Paging File | 21.30 Gb Available in Paging File | 89.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 151.94 Gb Free Space | 21.75% Space Free | Partition Type: NTFS
Drive D: | 7.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 14.66 Gb Total Space | 0.73 Gb Free Space | 4.96% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 32.59 Gb Free Space | 3.50% Space Free | Partition Type: NTFS

Computer Name: OWNERPC-P0SPPR1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1436811410-1753281251-3049770552-500\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AA7CBF24-A9F5-462E-882C-277BF982CC5B}" = lport=49480 | protocol=6 | dir=in | name=akamai netsession interface |
"{D13C53B6-6F2D-4CDB-8CA3-13D740F3D733}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4DE3B16D-25F5-475E-AAEE-D17C449C1FFD}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"{BDC2EEBA-088B-41F0-86EF-B9A2B8ED5156}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{5D605E36-2801-4BC5-8BFE-A891B7D2D37D}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |
"TCP Query User{90A7493A-FCD3-4B35-80F2-51E767B68BCB}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{FDEE2AE0-3EBA-4601-BEB6-7C5D02331AF7}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{AF50655C-E804-46E6-B7D1-67EA46B1DEF8}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{CA98403C-DBDF-4CB7-877F-F497C13132B0}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{ED494635-2740-4DC4-BFED-9088D025E92D}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.0000
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B9F1BB4-4C06-41E8-877D-B458742B0D0A}" = Fresco Logic USB3.0 Host Controller
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6CA934E5-416C-4E33-95E0-F0E629F5804A}" = calibre 64bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 6.4.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 6.4.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"TheSage" = TheSage
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN ツールバー
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}" = Nero Prerequisite Installer 2.0
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{148E1C03-9ED1-4194-845E-159DE3ABC6A1}_is1" = :spam:

Walkman Video Converter 6.1.50
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.10
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.5.1
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1EE9D482-3C07-4EE1-8968-6B364238FFE4}_is1" = "Tomb Raider"
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{58F2F72A-B8C9-4CCC-B253-4F1509193EC3}" = ASUS RT-N12 Wireless Router Utilities
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5CD2E27A-F2C9-4A87-9A06-DFAF9A182481}" = Nero Express
"{61174B54-26FC-48F3-AF5C-7C9B9A9E9A8C}" = Human Japanese 2.0
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69CAC0F3-5CA1-4AFB-8DF9-BD982998B36F}" = QuickBooks Premier: Retail Edition 2010
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F9B5855-7850-41E3-AAAE-DADD09B68B12}" = IObit Apps Toolbar v7.9
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{82D040D1-F95B-4C96-AF5C-B6A1E138EC6E}" = ¹–ë‚Ì‰S
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8A95C2DC-779A-4EA8-9DE3-B118D1411E8B}_is1" = Freelang Dictionary 3.74 beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CF508721-0E1E-4F99-A359-59E4EA8DAEC1}" = Nero Burning ROM
"{D4B26DED-9DE0-4DA9-AA4A-4AF44FC3B41B}" = Aeria Ignite
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E2B53C96-C9FC-4FC3-8324-1BCE50DEA7E7}" = QuickBooks
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F4A43B47-0518-4a39-B377-15DC62076AC0}_is1" = :spam:

Video Converter Platinum 6.2.16
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AccelerateTab_is1" = AccelerateTab
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeria Ignite 1.11.2111" = Aeria Ignite
"AnyDVD" = AnyDVD
"Book of Legends 1.00" = Book of Legends 1.00
"CDisplayEx_is1" = CDisplayEx 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"Declan's Japanese Dictionary_is1" = Declan's Japanese Dictionary v1.0
"Eden Eternal" = Eden Eternal
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8l Light (32-bit)
"Opera 17.0.1241.53" = Opera Stable 17.0.1241.53
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"ReadWrite Katakana_is1" = ReadWrite Katakana version 1.0
"Steam App 108100" = Adam's Venture Episode 1: The Search For The Lost Garden
"Steam App 11610" = Dragon Nest
"Steam App 210390" = Adam's Venture Episode 2: Solomon's Secret
"Steam App 212200" = Mabinogi
"Steam App 214310" = Adam's Venture Episode 3: Revelations
"Steam App 215120" = ROSE Online
"Steam App 217690" = Anna
"Steam App 223510" = Miasmata
"Tagaini Jisho" = Tagaini Jisho
"The Longest Journey" = The Longest Journey
"TheSage" = TheSage
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 2.0.8
"WinLiveSuite" = Windows Live Essentials
"Xuse 永遠のアセリア－この大地の果てで－" = Xuse 永遠のアセリア－この大地の果てで－ (Remove Only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1436811410-1753281251-3049770552-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"SkyDriveSetup.exe" = Microsoft SkyDrive
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/11/2013 2:30:35 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 44556382

Error - 14/11/2013 2:30:35 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 44556382

Error - 14/11/2013 2:30:36 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 14/11/2013 2:30:36 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 44557396

Error - 14/11/2013 2:30:36 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 44557396

Error - 14/11/2013 2:30:37 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 14/11/2013 2:30:37 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 44558394

Error - 14/11/2013 2:30:37 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 44558394

Error - 14/11/2013 1:02:17 PM | Computer Name = OWNERPC-P0SPPR1 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Nero\Nero
12\nero recode\NeroBRServer.exe.Manifest". Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/11/2013 2:35:35 PM | Computer Name = OWNERPC-P0SPPR1 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Nero\Nero
12\nero recode\NeroBRServer.exe.Manifest". Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 15/11/2013 2:09:03 PM | Computer Name = OWNERPC-P0SPPR1 | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 15/11/2013 2:15:44 PM | Computer Name = OWNERPC-P0SPPR1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.1908.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0

Error
code: 0x80072ee2 Error description: The operation timed out

Error - 16/11/2013 2:21:00 AM | Computer Name = OWNERPC-P0SPPR1 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:25:30 PM on ?11/?15/?2013 was unexpected.

Error - 16/11/2013 2:21:14 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Service Control Manager | ID = 7000
Description = The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start
due to the following error: %%2

Error - 16/11/2013 2:21:51 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MBAMService
service to connect.

Error - 16/11/2013 2:21:51 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%1053

Error - 16/11/2013 2:23:55 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Live ID Sign-in Assistant service to connect.

Error - 16/11/2013 2:23:55 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Service Control Manager | ID = 7000
Description = The Windows Live ID Sign-in Assistant service failed to start due
to the following error: %%1053

Error - 16/11/2013 2:24:13 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 16/11/2013 2:25:32 AM | Computer Name = OWNERPC-P0SPPR1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS

< End of report >

Internet works.

I haven't used my browser like I normally do so I'm not sure if that is faster, my computer startup is still slower than usual.

Thanks!

#21
Machiavelli

Posted 16 November 2013 - 05:48 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Hello Destiny!

- FIRST -

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CreateRestorePoint]

:OTL
IE - HKU\S-1-5-21-1436811410-1753281251-3049770552-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{185F9795-9663-4F13-9EF9-307A282ADB5A}"=-
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}"=-
"{82D040D1-F95B-4C96-AF5C-B6A1E138EC6E}"=-

:Commands
[EmptyTemp]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

- NEXT -

Start Malwarebytes and go to the tab Update
Please click on the button "Search for updates" and let MBAM update their definitions
Go to the tab called Scanner
Select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

- NEXT -

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Then click on: Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Please don't forget to include these Logfiles in your next answer:

OTL.txt
MBAM Log
ESET Log

#22
Destiny000

Posted 16 November 2013 - 10:44 AM

Member

Topic Starter
Member
130 posts

Here is my OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-1436811410-1753281251-3049770552-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{185F9795-9663-4F13-9EF9-307A282ADB5A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{185F9795-9663-4F13-9EF9-307A282ADB5A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{2A075BB4-E976-4278-BF3F-E5C6945D84C0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{82D040D1-F95B-4C96-AF5C-B6A1E138EC6E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82D040D1-F95B-4C96-AF5C-B6A1E138EC6E}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 12304 bytes
->Temporary Internet Files folder emptied: 863432 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 1216 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fbwuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 568857 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11162013_092153

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\CR_BC61F.tmp\SETUP_PATCH.PACKED.7Z scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I will edit and add the rest later. I will be late getting back today, around my time I will finish your instructions and post the rest around 11pm mountain time here.

Also the browsers I have are explorer, google chrome, and Opera. I generally use Opera now because it always remembers my tabs. Do I still use the first one you recommended?

And so that you are aware, my computer is still shutting down randomly in the night and my computer is saying windows did not shutdown correctly.

Thanks!

Edited by Destiny000, 16 November 2013 - 10:46 AM.

#23
Machiavelli

Posted 16 November 2013 - 10:48 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Please don't edit - post all logfiles in a new post.

#24
Destiny000

Posted 17 November 2013 - 12:49 AM

Member

Topic Starter
Member
130 posts

Here is Malwarebytes log file:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: OWNERPC-P0SPPR1 [administrator]

9/3/2012 6:13:20 PM
mbam-log-2012-09-03 (18-13-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216355
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And so am I using ESET Online Scanner even though I have 3 browsers, Opera, Google Chrome, and explorer. Although I really only use Opera now as my main and explorer occasionally.

#25
Machiavelli

Posted 17 November 2013 - 08:40 AM

GeekU Moderator

GeekU Moderator
4,722 posts

You can only use ESET with IE or FireFox. :)You said you haven't FireFox use IE for the ESET Scan.

#26
Destiny000

Posted 18 November 2013 - 07:50 AM

Member

Topic Starter
Member
130 posts

C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\File System\003\t\00\00000000 Win32/AdWare.1ClickDownload.AP application cleaned by deleting - quarantined

C:\_OTL\MovedFiles\11122013_205027\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11122013_205027\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe a variant of Win64/Toolbar.Widgi.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11122013_205027\C_Program Files (x86)\IObit Apps Toolbar\IE\7.9\iobitappsToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
H:\Everything.You.Need.to.Learn.Japanese_[LaMara8]\Software\Declan.Software_ReadWrite.Kanji\keygen\keygen.exe a variant of Generik.GAYSSII trojan cleaned by deleting - quarantined

I clicked the uninstall like you said but I'm not positive it actually did anything.

Edited by Destiny000, 18 November 2013 - 07:52 AM.

#27
Machiavelli

Posted 18 November 2013 - 01:40 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Uninstall / Question

Do you know this software:

: spam: Walkman Video Converter 6.1.50
: spam: Video Converter Platinum 6.2.16

If not please uninstall it.

Speedfan

Download Speedfan from here and install it please
After you installed it please run it (windows Vista / 7 / 8 => please start it as Administrator) , make a Screenshot (if you don't know how please click the link)
Please attach the foto - To do this: Open the post window >> Use Full Editor >> Click to Attach Files >> Select your image

Example Screen:

Posted Image

Questions

To fix your printer issues I like to know some information about your printer:

The make and the model of the printer

#28
Destiny000

Posted 19 November 2013 - 12:20 AM

Member

Topic Starter
Member
130 posts

Answer to your first question yes I do know that software, one has been uninstalled.

Here is pic for speed fan:

Also my overheating after that last scan and remove program has gotten better, and today for the first time my computer did not turn randomly off. I also want to note that when I play games my fan doesn't seem to increase speed enough to keep from overheating. My laptop is an aluminum case and I was told it was great for gaming and when placed properly wouldn't overheat. I'm thinking this issue is perhaps what also keeps killing my battery's.

My printer is HP Officejet 4110 All in One Printer. Online it is referred to as 4100 model.

Thanks for your time!

#29
Machiavelli

Posted 19 November 2013 - 10:14 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Uninstall Driver

Disconnect your printer from the PC
Click on the Start button and in the search box, type Device Manager and click on it
Expand the all categories by clicking on the little + sign
Search for HP Officejet 4110 All in One Printer (or something like that!)
Right click on HP Officejet 4110 All in One Printer entry and select Uninstall
Reboot your computer after that finishes

Install Driver

Connect your printer to your system again
Windows 7 detects the hardware and automatically installs the correct driver. A notification displays on your computer to let you know when installation is complete.

Tell me if you have still issues.