Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected Computer

Started by mgalera , Nov 15 2013 03:57 PM

  • Please log in to reply

#1
mgalera
Posted 15 November 2013 - 03:57 PM

mgalera

    Member

  • Member
  • PipPip
  • 11 posts
I've been having trouble with my computer lately. The internet is really slow (wireless), and it keeps changing my search engine from Google to Yahoo on Chrome. It boots up perfectly fine, and runs smoothly. It would have random lag spikes, but that has been a problem since I've changed my router; a different topic. More so on topic, my computer is infected. I also wouldn't be able to load certain sites like Twitter or laulima.hawaii.edu (my school forum thingymabob).
  • 0

Advertisements

#2
mgalera
Posted 15 November 2013 - 03:58 PM

mgalera

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 11/15/2013 11:51:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mG\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 72.09% Memory free
15.90 Gb Paging File | 13.42 Gb Available in Paging File | 84.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.63 Gb Total Space | 526.83 Gb Free Space | 90.58% Space Free | Partition Type: NTFS
Drive D: | 14.25 Gb Total Space | 1.58 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Computer Name: MG-HP | User Name: mG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/15 11:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mG\Desktop\OTL.exe
PRC - [2013/11/13 18:36:37 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\mG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/11/05 22:26:09 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/04 18:55:26 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/09/03 11:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Users\mG\AppData\Roaming\Search Protection\SearchProtection.exe
PRC - [2011/03/08 09:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/28 12:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/17 19:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/17 19:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/17 19:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/02/15 12:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/12 16:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 16:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/22 10:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 10:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/23 09:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 09:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 09:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/08 19:54:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/11/08 19:54:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/11/08 19:54:06 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013/11/08 19:54:04 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c1d55eed243331c944206f8608fb850\IAStorUtil.ni.dll
MOD - [2013/11/08 19:54:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/11/08 19:53:54 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/11/08 19:53:49 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/11/08 19:53:46 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/11/08 19:53:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/11/08 19:53:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/11/05 22:26:07 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\ppgooglenaclpluginchrome.dll
MOD - [2013/11/05 22:26:06 | 013,582,800 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\PepperFlash\pepflashplayer.dll
MOD - [2013/11/05 22:26:05 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\pdf.dll
MOD - [2013/11/05 22:25:13 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\libglesv2.dll
MOD - [2013/11/05 22:25:12 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\libegl.dll
MOD - [2013/11/05 22:25:10 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 19:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/03/11 00:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/16 19:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2011/01/26 13:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/05 10:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 10:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 10:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/10 23:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/28 12:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/17 19:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 12:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/01/12 16:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/22 10:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 10:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 15:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 14:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/27 06:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/26 13:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/26 13:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/12 15:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/12 14:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/01/04 08:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/16 16:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/10 11:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 11:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 17:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 17:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 17:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 17:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 22:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 06:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 11:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 11:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 10:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 10:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3AB78248-AD88-43AD-BA9D-2E1C87300DAA}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope = {EEC4123E-4159-4388-AD5C-448257CAF78F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{3AB78248-AD88-43AD-BA9D-2E1C87300DAA}: "URL" = http://search.condui...9418571314&UM=2
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{EEC4123E-4159-4388-AD5C-448257CAF78F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Drive = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: Little Alchemy = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
CHR - Extension: StayFocusd = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.4_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: Google Play Books = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.9_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0\
CHR - Extension: Google Wallet = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_F9C440A17E96205AB23A5653F2E73854] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SearchProtection] C:\Users\mG\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\mG\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\mG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8FA408A-E8B4-4F20-8BB5-A93443F35C31}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/15 11:49:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mG\Desktop\OTL.exe
[2013/11/12 21:00:10 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Malwarebytes
[2013/11/12 20:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/12 20:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/12 20:59:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/12 20:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/12 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Programs
[2013/11/12 20:58:23 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\mG\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/10 07:45:47 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Opera Software
[2013/11/10 07:45:46 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Opera Software
[2013/11/10 07:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013/11/10 07:44:14 | 033,727,472 | ---- | C] (Opera Software ASA) -- C:\Users\mG\Desktop\Opera_17.0.1241.53_Setup.exe
[2013/11/08 20:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/08 20:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/08 20:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/08 20:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/08 20:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/08 09:48:24 | 001,181,696 | ---- | C] (ExtaliaMS) -- C:\Users\mG\Desktop\SetupSplit.exe
[2013/11/08 01:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/11/07 22:28:39 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\CrashDumps
[2013/11/07 21:01:29 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Search Protection
[2013/11/07 20:56:29 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\uTorrent
[2013/11/07 20:56:13 | 001,141,328 | ---- | C] (BitTorrent Inc.) -- C:\Users\mG\Desktop\utorrent.exe
[2013/11/06 20:01:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/11/06 20:01:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/11/04 23:57:59 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\LolClient
[2013/11/04 23:57:57 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Macromedia
[2013/11/04 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\mG\Documents\Rainmeter
[2013/11/04 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Rainmeter
[2013/11/04 23:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2013/11/04 23:34:39 | 000,000,000 | ---D | C] -- C:\Users\mG\Desktop\Taskbar Eliminator
[2013/11/04 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\WinRAR
[2013/11/04 22:49:56 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/04 22:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/04 22:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013/11/04 22:43:04 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Spotify
[2013/11/04 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Spotify
[2013/11/04 22:28:58 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Skype
[2013/11/04 22:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/11/04 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/04 22:28:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/11/04 22:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/11/04 19:54:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/11/04 19:54:39 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/11/04 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/11/04 19:52:36 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\PMB Files
[2013/11/04 19:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/11/04 19:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/11/04 19:52:03 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Riot Games
[2013/11/04 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Roxio Log Files
[2013/11/04 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\HP
[2013/11/04 19:11:09 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\AuthenTec
[2013/11/04 19:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/04 19:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/04 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/11/04 19:06:11 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/11/04 19:05:55 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Conduit
[2013/11/04 19:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/04 19:05:39 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\NativeMessaging
[2013/11/04 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\CRE
[2013/11/04 19:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/11/04 18:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/04 18:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/11/04 18:49:10 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Google
[2013/11/04 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Deployment
[2013/11/04 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Apps
[2013/11/04 17:43:39 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Adobe
[2013/11/04 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Intel Corporation
[2013/11/04 17:42:08 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\hpqLog
[2013/11/04 17:42:07 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Synaptics
[2013/11/04 17:41:44 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/04 17:41:44 | 000,000,000 | R--D | C] -- C:\Users\mG\Searches
[2013/11/04 17:41:44 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/04 17:41:43 | 000,000,000 | -H-D | C] -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/04 17:41:36 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Identities
[2013/11/04 17:41:34 | 000,000,000 | R--D | C] -- C:\Users\mG\Contacts
[2013/11/04 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\VirtualStore
[2013/11/04 17:41:06 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\RemEngine
[2013/11/04 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Hewlett-Packard
[2013/11/04 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Hewlett-Packard
[2013/11/04 17:38:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Hewlett-Packard_Company
[2013/11/04 17:36:06 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Intel
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\AppData\Local\Temporary Internet Files
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Templates
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Start Menu
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\SendTo
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Recent
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\PrintHood
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\NetHood
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Documents\My Videos
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Documents\My Pictures
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Documents\My Music
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\My Documents
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Local Settings
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\AppData\Local\History
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Cookies
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Application Data
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\AppData\Local\Application Data
[2013/11/04 17:36:02 | 000,000,000 | --SD | C] -- C:\Users\mG\AppData\Roaming\Microsoft
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Videos
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Saved Games
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Pictures
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Music
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Links
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Favorites
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Downloads
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Documents
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Desktop
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/04 17:36:02 | 000,000,000 | -H-D | C] -- C:\Users\mG\AppData
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Temp
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\Roaming
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Microsoft
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Media Center Programs
[2013/11/04 15:30:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/11/15 11:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mG\Desktop\OTL.exe
[2013/11/15 11:00:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/15 10:01:14 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/15 10:01:14 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/15 10:01:14 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/15 09:59:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/14 22:06:33 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/14 21:17:26 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 21:17:26 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 21:10:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/14 21:09:47 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/12 20:59:24 | 000,001,093 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/11/12 20:59:24 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/12 20:58:35 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\mG\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/11 11:27:47 | 000,070,341 | ---- | M] () -- C:\Users\mG\Desktop\me-gusta-creepy-me-gusta.png
[2013/11/10 23:49:18 | 001,189,905 | ---- | M] () -- C:\Users\mG\Desktop\IMG_11112013_003528.png
[2013/11/10 23:33:47 | 000,127,356 | ---- | M] () -- C:\Users\mG\Desktop\a9b5c7d442aa11e3a3e722000a9f09d0_8.jpg
[2013/11/10 23:33:41 | 000,055,289 | ---- | M] () -- C:\Users\mG\Desktop\viewer.php
[2013/11/10 23:24:37 | 000,122,412 | ---- | M] () -- C:\Users\mG\Desktop\580435_534578649921477_2023093211_n.jpg
[2013/11/10 17:16:06 | 000,140,927 | ---- | M] () -- C:\Users\mG\Desktop\i know that feel.jpg
[2013/11/10 07:44:40 | 033,727,472 | ---- | M] (Opera Software ASA) -- C:\Users\mG\Desktop\Opera_17.0.1241.53_Setup.exe
[2013/11/09 23:34:12 | 000,059,298 | ---- | M] () -- C:\Users\mG\Desktop\618_3157064700624_1571803629_n.jpg
[2013/11/08 09:48:27 | 001,181,696 | ---- | M] (ExtaliaMS) -- C:\Users\mG\Desktop\SetupSplit.exe
[2013/11/08 09:48:15 | 000,822,378 | ---- | M] () -- C:\Users\mG\Desktop\ExtaliaMS.zip
[2013/11/07 21:01:21 | 000,000,825 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/11/07 21:01:04 | 000,012,268 | ---- | M] () -- C:\Users\mG\Desktop\[kickass.to]adobe.premiere.pro.cs6.6.0.0.ls7.multilanguage.chingliu.torrent
[2013/11/07 20:56:17 | 001,141,328 | ---- | M] (BitTorrent Inc.) -- C:\Users\mG\Desktop\utorrent.exe
[2013/11/07 20:53:23 | 003,383,926 | ---- | M] () -- C:\Users\mG\Desktop\2013-10-29 18.01.53.jpg
[2013/11/07 19:41:47 | 000,063,695 | ---- | M] () -- C:\Users\mG\Desktop\1454620_10151898716721696_2128219793_n.jpg
[2013/11/07 19:40:26 | 000,107,084 | ---- | M] () -- C:\Users\mG\Desktop\[bleep].jpg
[2013/11/07 08:16:50 | 000,277,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/06 07:39:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 07:39:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/05 21:48:19 | 000,003,739 | ---- | M] () -- C:\Users\mG\Desktop\F2.gif
[2013/11/05 21:46:29 | 000,001,290 | ---- | M] () -- C:\Users\mG\Desktop\f5.png
[2013/11/05 12:58:45 | 001,657,770 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-545380.jpg
[2013/11/05 11:48:36 | 000,277,119 | ---- | M] () -- C:\Users\mG\Desktop\1_line_clock_for_rainmeter_by_feedanza-d5nbftc.rmskin
[2013/11/05 00:19:32 | 000,623,227 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-2395251.jpg
[2013/11/05 00:00:33 | 000,106,999 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-2573505.jpg
[2013/11/04 23:51:38 | 000,402,746 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-1382061.jpg
[2013/11/04 23:36:34 | 000,001,730 | ---- | M] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2013/11/04 23:35:45 | 002,228,376 | ---- | M] () -- C:\Users\mG\Desktop\Rainmeter-3.0.2.exe
[2013/11/04 22:43:03 | 000,001,787 | ---- | M] () -- C:\Users\mG\Desktop\Spotify.lnk
[2013/11/04 22:28:52 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/04 19:54:40 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/11/04 19:49:07 | 000,002,239 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/04 19:07:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/04 19:06:11 | 000,001,264 | ---- | M] () -- C:\Users\mG\Desktop\Revo Uninstaller.lnk
[2013/11/04 19:06:02 | 000,000,009 | ---- | M] () -- C:\END
[2013/11/04 17:43:32 | 000,001,437 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/04 17:34:00 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/11/04 15:32:47 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/11/04 15:32:46 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/11/12 20:59:24 | 000,001,093 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/11/12 20:59:24 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/11 11:27:47 | 000,070,341 | ---- | C] () -- C:\Users\mG\Desktop\me-gusta-creepy-me-gusta.png
[2013/11/10 23:49:01 | 001,189,905 | ---- | C] () -- C:\Users\mG\Desktop\IMG_11112013_003528.png
[2013/11/10 23:33:47 | 000,127,356 | ---- | C] () -- C:\Users\mG\Desktop\a9b5c7d442aa11e3a3e722000a9f09d0_8.jpg
[2013/11/10 23:33:40 | 000,055,289 | ---- | C] () -- C:\Users\mG\Desktop\viewer.php
[2013/11/10 23:24:36 | 000,122,412 | ---- | C] () -- C:\Users\mG\Desktop\580435_534578649921477_2023093211_n.jpg
[2013/11/10 17:16:05 | 000,140,927 | ---- | C] () -- C:\Users\mG\Desktop\i know that feel.jpg
[2013/11/09 23:34:12 | 000,059,298 | ---- | C] () -- C:\Users\mG\Desktop\618_3157064700624_1571803629_n.jpg
[2013/11/08 09:48:09 | 000,822,378 | ---- | C] () -- C:\Users\mG\Desktop\ExtaliaMS.zip
[2013/11/07 21:01:21 | 000,000,825 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/11/07 21:01:04 | 000,012,268 | ---- | C] () -- C:\Users\mG\Desktop\[kickass.to]adobe.premiere.pro.cs6.6.0.0.ls7.multilanguage.chingliu.torrent
[2013/11/07 20:53:15 | 003,383,926 | ---- | C] () -- C:\Users\mG\Desktop\2013-10-29 18.01.53.jpg
[2013/11/07 19:41:47 | 000,063,695 | ---- | C] () -- C:\Users\mG\Desktop\1454620_10151898716721696_2128219793_n.jpg
[2013/11/07 19:40:26 | 000,107,084 | ---- | C] () -- C:\Users\mG\Desktop\[bleep].jpg
[2013/11/06 07:46:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/11/06 07:39:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 07:39:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/06 07:20:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/11/05 21:48:18 | 000,003,739 | ---- | C] () -- C:\Users\mG\Desktop\F2.gif
[2013/11/05 21:46:29 | 000,001,290 | ---- | C] () -- C:\Users\mG\Desktop\f5.png
[2013/11/05 12:58:45 | 001,657,770 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-545380.jpg
[2013/11/05 11:48:35 | 000,277,119 | ---- | C] () -- C:\Users\mG\Desktop\1_line_clock_for_rainmeter_by_feedanza-d5nbftc.rmskin
[2013/11/05 00:19:31 | 000,623,227 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-2395251.jpg
[2013/11/05 00:00:33 | 000,106,999 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-2573505.jpg
[2013/11/04 23:51:36 | 000,402,746 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-1382061.jpg
[2013/11/04 23:36:34 | 000,001,730 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2013/11/04 23:36:34 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
[2013/11/04 23:35:40 | 002,228,376 | ---- | C] () -- C:\Users\mG\Desktop\Rainmeter-3.0.2.exe
[2013/11/04 22:43:03 | 000,001,787 | ---- | C] () -- C:\Users\mG\Desktop\Spotify.lnk
[2013/11/04 22:43:03 | 000,001,773 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/11/04 22:28:52 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/04 19:54:40 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/11/04 19:07:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/04 19:07:16 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/04 19:06:11 | 000,001,264 | ---- | C] () -- C:\Users\mG\Desktop\Revo Uninstaller.lnk
[2013/11/04 19:05:23 | 000,000,009 | ---- | C] () -- C:\END
[2013/11/04 18:52:09 | 000,002,239 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/04 18:52:09 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/04 18:50:17 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/04 18:50:16 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/04 17:43:32 | 000,001,437 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/04 17:41:44 | 000,001,413 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/04 17:38:15 | 000,002,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk
[2013/11/04 17:38:14 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2013/11/04 17:36:02 | 000,000,290 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/04 17:36:02 | 000,000,272 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/04 15:30:45 | 2106,478,591 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2011/01/21 10:58:18 | 000,033,327 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-432469606-984037975-2601326989-1000\$RLJ3XUD\Resources\Translations\fr-FR\l.txt
[2009/07/13 18:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 16:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 15:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 15:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 15:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/04 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\LolClient
[2013/11/11 17:13:46 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Opera Software
[2013/11/04 23:36:38 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Rainmeter
[2013/11/04 19:52:21 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Riot Games
[2013/11/07 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Search Protection
[2013/11/15 11:38:24 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Spotify
[2013/11/04 17:42:07 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Synaptics
[2013/11/07 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
  • 0

#3
zep516
Posted 15 November 2013 - 06:02 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to geekstogo

I'll do the best I can to resolve your computer issue
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Note

On the first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be mimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

Edited by zep516, 15 November 2013 - 06:02 PM.

  • 0

#4
mgalera
Posted 15 November 2013 - 08:25 PM

mgalera

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Is this it?

OTL Extras logfile created on: 11/15/2013 11:51:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mG\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 72.09% Memory free
15.90 Gb Paging File | 13.42 Gb Available in Paging File | 84.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.63 Gb Total Space | 526.83 Gb Free Space | 90.58% Space Free | Partition Type: NTFS
Drive D: | 14.25 Gb Total Space | 1.58 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Computer Name: MG-HP | User Name: mG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- "C:\Program Files (x86)\Opera\Launcher.exe" -noautoupdate "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26F4D5AF-5F11-47D6-9ABA-97E463A07958}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A951DB8-4DD4-4C26-BF2A-52F913195424}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A027150-1368-4FE4-A8B8-9B6AF833E2C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3E3192F9-F0F1-441A-B6C4-B717BBB525ED}" = lport=10243 | protocol=6 | dir=in | app=system |
"{485FBB94-8ED4-4633-8032-723CAF6AD874}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53ACD389-0FD6-4D2A-ABAF-6EA0D070D8EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55E21ACE-7838-444A-A69F-C159F8F5B494}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6648F991-4163-49BB-A6B0-26F1D639F100}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73419FE5-7DDA-4B86-A16F-6A75FC20BB19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F98A5C7-F4F8-474C-BA92-D5461A59D885}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B1E9917-FE89-4D9A-9E93-C490F0A82395}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BC774B8-931A-4266-9486-22618502FFBB}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4434578-0F65-4073-9D0D-96CF7A796ADF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B4E625C6-3EF6-4E6C-B12B-D591B0CACD21}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA5E44EA-329A-4773-ACCA-8D26427FB285}" = lport=445 | protocol=6 | dir=in | app=system |
"{BE50191F-084A-4355-9B8A-C4A7B8F5AD61}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C54DB408-3135-4487-B281-1BE084ADAD3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D5960554-028D-4642-9EDC-251CD1DA974E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DB0D5072-1D10-4B8E-9DC0-26506E2C8172}" = rport=137 | protocol=17 | dir=out | app=system |
"{E349840C-61A9-4972-A634-99BAFA07455A}" = rport=138 | protocol=17 | dir=out | app=system |
"{E8CBC305-1374-4459-912E-0A4C9E239A1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED56F9D6-2964-4E07-939C-F01C72498BA2}" = rport=139 | protocol=6 | dir=out | app=system |
"{F7527674-9D85-4444-9006-917EA4314D9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124BB096-D1E9-491F-875F-5694C733314D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16752304-9950-4DCB-81D8-6C1969A28AC3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{178F1D3B-9AA9-4E67-AB4E-9CC2AF509935}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{268933DC-108A-4593-AFE7-28E297F8B83C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{291BAF47-5134-4DF3-B5B3-8EC5496958E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F318A12-1732-48E9-A689-E447CAC2A17A}" = protocol=1 | dir=in | [email protected],-28543 |
"{34CF3947-F12D-46E4-A69B-CBC98B394D50}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{41960360-7533-4090-9A1D-CE6E0D5FC2FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{54E8B167-0B45-44C1-8DF3-9500776B81A0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{632EC287-7012-40D6-982A-94868BC6578D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C9B8527-56DA-4407-84CD-F0CF58F01213}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6CE246E4-E726-4BE2-9063-DF802E97AF41}" = protocol=17 | dir=in | app=c:\users\mg\appdata\roaming\utorrent\utorrent.exe |
"{95E2DE4D-24AC-4B86-82F2-D82DCC0A7D54}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{962D3F3E-888C-48A9-A57B-19B5081E2D36}" = protocol=58 | dir=in | [email protected],-28545 |
"{9BFB3C87-AF18-46FC-9DAB-FF36AA39A6B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B7BDFB9C-1B32-46A2-99BC-18819E89BCAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9BC5184-0E84-4EAF-ACB4-56040F5BC304}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{BCD52CDE-B953-474D-B54E-879809BF481A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BE51015E-0FD6-4A4D-BA07-FE82757A6500}" = protocol=58 | dir=out | [email protected],-28546 |
"{C7DDB75E-27A2-4D05-8B32-70F91E8F5C53}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{CA61BE15-D206-4E0F-BAA1-7D1EED3B33B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEE80971-E03A-4539-A01E-4DEF1613FDA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2EE4647-263B-4861-8645-C6F1E0EFCB42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D7776677-CD4C-465A-8017-7F99230EFD62}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E068A685-2DED-4833-934B-93C5C5E09C79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E248442D-ACB2-4DE2-B52E-625F57627040}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{E2C8F0A9-8758-487E-8393-A759185272DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E5B5363D-A42E-4D75-91BE-6DB13DEF439E}" = protocol=1 | dir=out | [email protected],-28544 |
"{E86AFAD3-8AEC-4C49-A6B2-1E72F9529331}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0E4724C-DF8F-4D9F-8DE2-93763432F279}" = protocol=6 | dir=in | app=c:\users\mg\appdata\roaming\utorrent\utorrent.exe |
"{F2CAA875-7F44-4B9F-92E4-228709A00A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F3FC3245-2A3F-402A-B138-F15C1B2B77BC}" = protocol=6 | dir=out | app=system |
"{F72F7011-782D-49AA-A017-0ADD88B6D6BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{449746DD-C145-4B8E-935C-E3E7A375232C}C:\users\mg\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mg\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C7DB2376-275B-4490-AB09-DAA7230DE136}C:\users\mg\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mg\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0128D231-B23B-409C-A531-39D8D8774BA1}" = HP 3D DriveGuard
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel® PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8070C51-4B1D-430C-8BCF-19696368366F}" = HP Software Framework
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"League of Legends 3.0.0" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Rainmeter" = Rainmeter
"Revo Uninstaller" = Revo Uninstaller 1.95
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection" = Search Protection
"Spotify" = Spotify
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2013 1:50:51 AM | Computer Name = mG-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/5/2013 4:37:57 AM | Computer Name = mG-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/5/2013 5:00:13 PM | Computer Name = mG-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/5/2013 5:43:09 PM | Computer Name = mG-HP | Source = BugSplat | ID = 1
Description =

Error - 11/6/2013 1:09:16 PM | Computer Name = mG-HP | Source = System Restore | ID = 8193
Description =

Error - 11/6/2013 1:52:40 PM | Computer Name = mG-HP | Source = MsiInstaller | ID = 11935
Description =

Error - 11/7/2013 2:00:13 AM | Computer Name = mG-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/7/2013 2:06:26 AM | Computer Name = mG-HP | Source = WinMgmt | ID = 10
Description =

Error - 11/7/2013 1:59:06 PM | Computer Name = mG-HP | Source = MsiInstaller | ID = 11935
Description =

Error - 11/7/2013 2:17:17 PM | Computer Name = mG-HP | Source = WinMgmt | ID = 10
Description =

[ HP Connection Manager Events ]
Error - 11/11/2013 8:27:38 AM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/11 02:27:38.929|0000110C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/11/2013 8:27:40 AM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/11 02:27:40.255|0000110C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/11/2013 8:27:45 AM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/11 02:27:45.948|0000110C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/11/2013 9:53:18 AM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/11 03:53:18.788|0000110C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/13/2013 3:18:24 AM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/12 21:18:24.994|000017C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/13/2013 11:28:59 PM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/13 17:28:59.951|00001820|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/13/2013 11:29:06 PM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/13 17:29:06.415|00001820|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/13/2013 11:30:05 PM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/13 17:30:05.290|00001820|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/13/2013 11:31:05 PM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/13 17:31:05.287|00001820|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2013 3:46:20 PM | Computer Name = mG-HP | Source = hpCMSrv | ID = 5
Description = 2013/11/14 09:46:20.682|000013F8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ System Events ]
Error - 11/7/2013 2:02:23 AM | Computer Name = mG-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%1053

Error - 11/7/2013 2:02:26 AM | Computer Name = mG-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel®
Rapid Storage Technology service to connect.

Error - 11/7/2013 2:02:26 AM | Computer Name = mG-HP | Source = Service Control Manager | ID = 7000
Description = The Intel® Rapid Storage Technology service failed to start due
to the following error: %%1053

Error - 11/7/2013 2:02:54 AM | Computer Name = mG-HP | Source = WMPNetworkSvc | ID = 866292
Description =

Error - 11/7/2013 2:04:31 AM | Computer Name = mG-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel®
Management and Security Application User Notification Service service to connect.

Error - 11/7/2013 2:04:31 AM | Computer Name = mG-HP | Source = Service Control Manager | ID = 7000
Description = The Intel® Management and Security Application User Notification
Service service failed to start due to the following error: %%1053

Error - 11/7/2013 2:07:44 AM | Computer Name = mG-HP | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 11/7/2013 2:00:23 PM | Computer Name = mG-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack
1 Redistributable Package (KB2538243).

Error - 11/7/2013 2:18:01 PM | Computer Name = mG-HP | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 11/7/2013 2:57:57 PM | Computer Name = mG-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack
1 Redistributable Package (KB2538243).


< End of report >
  • 0

#5
zep516
Posted 15 November 2013 - 08:32 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
That's it :)

I need time to look things over, I may not respond till tomorrow. Don't make any changes or try fixing things yourself. You have some adware and we will take care of that for you.

Thanks,

Joe :)
  • 0

#6
zep516
Posted 16 November 2013 - 11:33 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello mgalera,

We neeD to do a fix using OTL,

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{3AB78248-AD88-43AD-BA9D-2E1C87300DAA}: "URL" = http://search.condui...9418571314&UM=2
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [SearchProtection] C:\Users\mG\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\mG\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\mG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2013/11/04 22:43:04 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Spotify
[2013/11/04 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Spotify
[2013/11/04 19:05:55 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Conduit
[2013/11/04 19:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/04 19:05:39 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\NativeMessaging
[2013/11/04 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\CRE
[2013/11/04 19:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/11/04 22:43:03 | 000,001,787 | ---- | C] () -- C:\Users\mG\Desktop\Spotify.lnk
[2013/11/04 22:43:03 | 000,001,773 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/11/07 21:01:29 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Search Protection
[2013/11/04 19:54:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Next

Posted Image Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Please post the following logs in your next reply:

  • C:\_OTL\Moved Files
  • OTL.txt
  • AdwCleaner
  • JRT.txt

  • 0

#7
mgalera
Posted 17 November 2013 - 02:39 AM

mgalera

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
C:\_OTL\MovedFiles

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3AB78248-AD88-43AD-BA9D-2E1C87300DAA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AB78248-AD88-43AD-BA9D-2E1C87300DAA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
C:\Users\mG\AppData\Roaming\Search Protection\SearchProtection.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify deleted successfully.
C:\Users\mG\AppData\Roaming\Spotify\spotify.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper deleted successfully.
C:\Users\mG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
C:\Users\mG\AppData\Local\Spotify\Users\1212233446-user folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Users folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ff folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\fe folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\fd folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\fc folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\fb folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\fa folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f9 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f8 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f7 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f6 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f5 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f4 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f3 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f2 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f1 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\f0 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ef folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ee folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ed folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ec folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\eb folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ea folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e9 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e8 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e7 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e6 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e5 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e4 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e3 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e2 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e1 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\e0 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\df folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\de folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\dd folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\dc folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\db folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\da folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d9 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d8 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d7 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d6 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d5 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d4 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d3 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d2 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d1 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\d0 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\cf folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ce folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\cd folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\cc folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\cb folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ca folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c9 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c8 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c7 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c6 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c5 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c4 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c3 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c2 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c1 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\c0 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\bf folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\be folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\bd folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\bc folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\bb folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ba folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b9 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b8 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b7 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b6 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b5 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b4 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b3 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b2 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b1 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\b0 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\af folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ae folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ad folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ac folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\ab folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\aa folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a9 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a8 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a7 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a6 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a5 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a4 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a3 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a2 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a1 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\a0 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\9f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\9e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\9d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\9c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\9b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\9a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\99 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\98 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\97 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\96 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\95 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\94 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\93 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\92 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\91 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\90 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\8f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\8e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\8d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\8c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\8b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\8a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\89 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\88 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\87 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\86 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\85 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\84 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\83 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\82 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\81 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\80 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\7f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\7e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\7d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\7c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\7b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\7a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\79 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\78 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\77 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\76 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\75 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\74 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\73 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\72 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\71 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\70 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\6f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\6e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\6d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\6c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\6b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\6a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\69 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\68 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\67 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\66 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\65 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\64 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\63 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\62 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\61 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\60 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\5f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\5e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\5d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\5c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\5b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\5a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\59 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\58 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\57 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\56 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\55 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\54 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\53 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\52 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\51 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\50 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\4f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\4e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\4d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\4c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\4b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\4a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\49 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\48 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\47 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\46 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\45 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\44 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\43 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\42 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\41 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\40 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\3f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\3e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\3d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\3c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\3b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\3a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\39 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\38 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\37 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\36 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\35 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\34 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\33 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\32 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\31 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\30 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\2f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\2e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\2d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\2c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\2b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\2a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\29 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\28 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\27 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\26 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\25 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\24 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\23 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\22 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\21 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\20 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\1f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\1e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\1d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\1c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\1b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\1a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\19 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\18 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\17 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\16 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\15 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\14 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\13 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\12 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\11 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\10 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\0f folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\0e folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\0d folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\0c folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\0b folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\0a folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\09 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\08 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\07 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\06 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\05 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\04 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\03 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\02 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\01 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage\00 folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Storage folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Browser\Local Storage folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Browser\GPUCache folder moved successfully.
C:\Users\mG\AppData\Local\Spotify\Browser folder moved successfully.
C:\Users\mG\AppData\Local\Spotify folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Cookies folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\share folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\search-dropdown folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\search folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\radio folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\profile folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\playlist-header folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\onboarding-popup folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\notification-popup folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\feed folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\discover folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\artist folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps\album folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user\Apps folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users\1212233446-user folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Users folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Data\locales folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify\Data folder moved successfully.
C:\Users\mG\AppData\Roaming\Spotify folder moved successfully.
C:\Users\mG\AppData\Local\Conduit folder moved successfully.
C:\ProgramData\Conduit\IE folder moved successfully.
C:\ProgramData\Conduit folder moved successfully.
C:\Users\mG\AppData\Local\NativeMessaging\CT3306058 folder moved successfully.
C:\Users\mG\AppData\Local\NativeMessaging folder moved successfully.
C:\Users\mG\AppData\Local\CRE folder moved successfully.
C:\Program Files (x86)\Conduit\CT3306058\plugins folder moved successfully.
C:\Program Files (x86)\Conduit\CT3306058 folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\mG\Desktop\Spotify.lnk moved successfully.
C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk moved successfully.
C:\Users\mG\AppData\Roaming\Search Protection folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{CCA66309-5E8A-4A00-A0A7-0C475CF499E1} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{BC2054B2-9FF0-4E63-932E-EC184E1523A6} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{8E395077-35B4-464B-B040-CBF41535BFF7} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\mG\Desktop\cmd.bat deleted successfully.
C:\Users\mG\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User

User: mG
->Temp folder emptied: 48241350 bytes
->Temporary Internet Files folder emptied: 95375109 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 388119014 bytes
->Flash cache emptied: 58477 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 168283962 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43259104 bytes
RecycleBin emptied: 117805215 bytes

Total Files Cleaned = 821.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11162013_222025

Files\Folders moved on Reboot...
File move failed. C:\Users\mG\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\mG\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#8
mgalera
Posted 17 November 2013 - 02:42 AM

mgalera

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL.txt

OTL logfile created on: 11/16/2013 10:31:17 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mG\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.79% Memory free
15.90 Gb Paging File | 14.01 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.63 Gb Total Space | 528.92 Gb Free Space | 90.94% Space Free | Partition Type: NTFS
Drive D: | 14.25 Gb Total Space | 1.58 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Computer Name: MG-HP | User Name: mG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/15 11:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mG\Desktop\OTL.exe
PRC - [2013/11/14 01:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/04 18:55:26 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2011/03/08 09:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/28 12:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/17 19:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/17 19:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/17 19:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/02/15 12:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/12 16:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 16:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/22 10:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 10:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/23 09:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 09:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 09:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 01:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 01:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 01:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 01:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 01:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/11/08 19:54:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/11/08 19:54:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/11/08 19:54:06 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013/11/08 19:54:04 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c1d55eed243331c944206f8608fb850\IAStorUtil.ni.dll
MOD - [2013/11/08 19:54:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/11/08 19:53:54 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/11/08 19:53:49 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/11/08 19:53:46 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/11/08 19:53:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/11/08 19:53:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 19:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/03/11 00:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/16 19:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2011/01/26 13:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/05 10:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 10:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 10:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/10 23:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/28 12:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/17 19:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 12:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/01/12 16:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/22 10:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 10:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 15:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 14:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/27 06:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/26 13:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/26 13:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/12 15:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/12 14:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/01/04 08:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/16 16:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/10 11:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 11:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 17:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 17:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 17:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 17:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 22:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 06:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 11:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 11:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 10:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 10:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3AB78248-AD88-43AD-BA9D-2E1C87300DAA}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope = {EEC4123E-4159-4388-AD5C-448257CAF78F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{EEC4123E-4159-4388-AD5C-448257CAF78F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Drive = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: Little Alchemy = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
CHR - Extension: StayFocusd = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.4_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: Google Play Books = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.9_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0\
CHR - Extension: Google Wallet = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/11/16 22:21:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_F9C440A17E96205AB23A5653F2E73854] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8FA408A-E8B4-4F20-8BB5-A93443F35C31}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/16 22:20:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/16 22:18:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/16 22:17:45 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\mG\Desktop\JRT.exe
[2013/11/15 15:01:57 | 000,017,536 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWow64\drivers\NtpaSp50.sys
[2013/11/15 15:01:17 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\SBG-SVG
[2013/11/15 15:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/11/15 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Adobe
[2013/11/15 11:49:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mG\Desktop\OTL.exe
[2013/11/12 21:00:10 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Malwarebytes
[2013/11/12 20:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/12 20:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/12 20:59:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/12 20:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/12 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Programs
[2013/11/12 20:58:23 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\mG\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/10 07:45:47 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Opera Software
[2013/11/10 07:45:46 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Opera Software
[2013/11/10 07:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013/11/10 07:44:14 | 033,727,472 | ---- | C] (Opera Software ASA) -- C:\Users\mG\Desktop\Opera_17.0.1241.53_Setup.exe
[2013/11/08 20:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/08 20:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/08 20:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/08 20:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/08 20:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/08 09:48:24 | 001,181,696 | ---- | C] (ExtaliaMS) -- C:\Users\mG\Desktop\SetupSplit.exe
[2013/11/08 01:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/11/07 22:28:39 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\CrashDumps
[2013/11/07 20:56:29 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\uTorrent
[2013/11/07 20:56:13 | 001,141,328 | ---- | C] (BitTorrent Inc.) -- C:\Users\mG\Desktop\utorrent.exe
[2013/11/06 20:01:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/11/06 20:01:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/11/04 23:57:59 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\LolClient
[2013/11/04 23:57:57 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Macromedia
[2013/11/04 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\mG\Documents\Rainmeter
[2013/11/04 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Rainmeter
[2013/11/04 23:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2013/11/04 23:34:39 | 000,000,000 | ---D | C] -- C:\Users\mG\Desktop\Taskbar Eliminator
[2013/11/04 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\WinRAR
[2013/11/04 22:49:56 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/04 22:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/04 22:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013/11/04 22:28:58 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Skype
[2013/11/04 22:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/11/04 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/04 22:28:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/11/04 22:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/11/04 19:54:39 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/11/04 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/11/04 19:52:36 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\PMB Files
[2013/11/04 19:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/11/04 19:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/11/04 19:52:03 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Riot Games
[2013/11/04 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Roxio Log Files
[2013/11/04 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\HP
[2013/11/04 19:11:09 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\AuthenTec
[2013/11/04 19:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/04 19:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/04 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/11/04 19:06:11 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/11/04 18:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/04 18:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/11/04 18:49:10 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Google
[2013/11/04 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Deployment
[2013/11/04 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Apps
[2013/11/04 17:43:39 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Adobe
[2013/11/04 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Intel Corporation
[2013/11/04 17:42:08 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\hpqLog
[2013/11/04 17:42:07 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Synaptics
[2013/11/04 17:41:44 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/04 17:41:44 | 000,000,000 | R--D | C] -- C:\Users\mG\Searches
[2013/11/04 17:41:44 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/04 17:41:43 | 000,000,000 | -H-D | C] -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/04 17:41:36 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Identities
[2013/11/04 17:41:34 | 000,000,000 | R--D | C] -- C:\Users\mG\Contacts
[2013/11/04 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\VirtualStore
[2013/11/04 17:41:06 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\RemEngine
[2013/11/04 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Hewlett-Packard
[2013/11/04 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Hewlett-Packard
[2013/11/04 17:38:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Hewlett-Packard_Company
[2013/11/04 17:36:06 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Intel
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\AppData\Local\Temporary Internet Files
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Templates
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Start Menu
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\SendTo
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Recent
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\PrintHood
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\NetHood
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Documents\My Videos
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Documents\My Pictures
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Documents\My Music
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\My Documents
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Local Settings
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\AppData\Local\History
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Cookies
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Application Data
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\AppData\Local\Application Data
[2013/11/04 17:36:02 | 000,000,000 | --SD | C] -- C:\Users\mG\AppData\Roaming\Microsoft
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Videos
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Saved Games
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Pictures
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Music
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Links
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Favorites
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Downloads
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Documents
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Desktop
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/04 17:36:02 | 000,000,000 | -H-D | C] -- C:\Users\mG\AppData
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Temp
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\Roaming
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Microsoft
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Media Center Programs
[2013/11/04 15:30:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/11/16 22:30:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 22:30:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 22:27:22 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/16 22:27:22 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/16 22:27:22 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/16 22:23:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/16 22:22:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/16 22:22:49 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/16 22:21:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/16 22:17:56 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\mG\Desktop\JRT.exe
[2013/11/16 22:17:35 | 001,085,542 | ---- | M] () -- C:\Users\mG\Desktop\adwcleaner.exe
[2013/11/16 09:01:48 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/15 11:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mG\Desktop\OTL.exe
[2013/11/14 22:06:33 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/12 20:59:24 | 000,001,093 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/11/12 20:59:24 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/12 20:58:35 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\mG\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/11 11:27:47 | 000,070,341 | ---- | M] () -- C:\Users\mG\Desktop\me-gusta-creepy-me-gusta.png
[2013/11/10 23:49:18 | 001,189,905 | ---- | M] () -- C:\Users\mG\Desktop\IMG_11112013_003528.png
[2013/11/10 23:33:47 | 000,127,356 | ---- | M] () -- C:\Users\mG\Desktop\a9b5c7d442aa11e3a3e722000a9f09d0_8.jpg
[2013/11/10 23:33:41 | 000,055,289 | ---- | M] () -- C:\Users\mG\Desktop\viewer.php
[2013/11/10 23:24:37 | 000,122,412 | ---- | M] () -- C:\Users\mG\Desktop\580435_534578649921477_2023093211_n.jpg
[2013/11/10 17:16:06 | 000,140,927 | ---- | M] () -- C:\Users\mG\Desktop\i know that feel.jpg
[2013/11/10 07:44:40 | 033,727,472 | ---- | M] (Opera Software ASA) -- C:\Users\mG\Desktop\Opera_17.0.1241.53_Setup.exe
[2013/11/09 23:34:12 | 000,059,298 | ---- | M] () -- C:\Users\mG\Desktop\618_3157064700624_1571803629_n.jpg
[2013/11/08 09:48:27 | 001,181,696 | ---- | M] (ExtaliaMS) -- C:\Users\mG\Desktop\SetupSplit.exe
[2013/11/08 09:48:15 | 000,822,378 | ---- | M] () -- C:\Users\mG\Desktop\ExtaliaMS.zip
[2013/11/07 21:01:21 | 000,000,825 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/11/07 21:01:04 | 000,012,268 | ---- | M] () -- C:\Users\mG\Desktop\[kickass.to]adobe.premiere.pro.cs6.6.0.0.ls7.multilanguage.chingliu.torrent
[2013/11/07 20:56:17 | 001,141,328 | ---- | M] (BitTorrent Inc.) -- C:\Users\mG\Desktop\utorrent.exe
[2013/11/07 20:53:23 | 003,383,926 | ---- | M] () -- C:\Users\mG\Desktop\2013-10-29 18.01.53.jpg
[2013/11/07 19:41:47 | 000,063,695 | ---- | M] () -- C:\Users\mG\Desktop\1454620_10151898716721696_2128219793_n.jpg
[2013/11/07 19:40:26 | 000,107,084 | ---- | M] () -- C:\Users\mG\Desktop\[bleep].jpg
[2013/11/07 08:16:50 | 000,277,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/06 07:39:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 07:39:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/05 21:48:19 | 000,003,739 | ---- | M] () -- C:\Users\mG\Desktop\F2.gif
[2013/11/05 21:46:29 | 000,001,290 | ---- | M] () -- C:\Users\mG\Desktop\f5.png
[2013/11/05 12:58:45 | 001,657,770 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-545380.jpg
[2013/11/05 11:48:36 | 000,277,119 | ---- | M] () -- C:\Users\mG\Desktop\1_line_clock_for_rainmeter_by_feedanza-d5nbftc.rmskin
[2013/11/05 00:19:32 | 000,623,227 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-2395251.jpg
[2013/11/05 00:00:33 | 000,106,999 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-2573505.jpg
[2013/11/04 23:51:38 | 000,402,746 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-1382061.jpg
[2013/11/04 23:36:34 | 000,001,730 | ---- | M] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2013/11/04 23:35:45 | 002,228,376 | ---- | M] () -- C:\Users\mG\Desktop\Rainmeter-3.0.2.exe
[2013/11/04 22:28:52 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/04 19:54:40 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/11/04 19:49:07 | 000,002,239 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/04 19:07:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/04 19:06:11 | 000,001,264 | ---- | M] () -- C:\Users\mG\Desktop\Revo Uninstaller.lnk
[2013/11/04 19:06:02 | 000,000,009 | ---- | M] () -- C:\END
[2013/11/04 17:43:32 | 000,001,437 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/04 17:34:00 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/11/04 15:32:47 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/11/04 15:32:46 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/11/16 22:17:25 | 001,085,542 | ---- | C] () -- C:\Users\mG\Desktop\adwcleaner.exe
[2013/11/12 20:59:24 | 000,001,093 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/11/12 20:59:24 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/11 11:27:47 | 000,070,341 | ---- | C] () -- C:\Users\mG\Desktop\me-gusta-creepy-me-gusta.png
[2013/11/10 23:49:01 | 001,189,905 | ---- | C] () -- C:\Users\mG\Desktop\IMG_11112013_003528.png
[2013/11/10 23:33:47 | 000,127,356 | ---- | C] () -- C:\Users\mG\Desktop\a9b5c7d442aa11e3a3e722000a9f09d0_8.jpg
[2013/11/10 23:33:40 | 000,055,289 | ---- | C] () -- C:\Users\mG\Desktop\viewer.php
[2013/11/10 23:24:36 | 000,122,412 | ---- | C] () -- C:\Users\mG\Desktop\580435_534578649921477_2023093211_n.jpg
[2013/11/10 17:16:05 | 000,140,927 | ---- | C] () -- C:\Users\mG\Desktop\i know that feel.jpg
[2013/11/09 23:34:12 | 000,059,298 | ---- | C] () -- C:\Users\mG\Desktop\618_3157064700624_1571803629_n.jpg
[2013/11/08 09:48:09 | 000,822,378 | ---- | C] () -- C:\Users\mG\Desktop\ExtaliaMS.zip
[2013/11/07 21:01:21 | 000,000,825 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/11/07 21:01:04 | 000,012,268 | ---- | C] () -- C:\Users\mG\Desktop\[kickass.to]adobe.premiere.pro.cs6.6.0.0.ls7.multilanguage.chingliu.torrent
[2013/11/07 20:53:15 | 003,383,926 | ---- | C] () -- C:\Users\mG\Desktop\2013-10-29 18.01.53.jpg
[2013/11/07 19:41:47 | 000,063,695 | ---- | C] () -- C:\Users\mG\Desktop\1454620_10151898716721696_2128219793_n.jpg
[2013/11/07 19:40:26 | 000,107,084 | ---- | C] () -- C:\Users\mG\Desktop\[bleep].jpg
[2013/11/06 07:46:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/11/06 07:39:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 07:39:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/06 07:20:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/11/05 21:48:18 | 000,003,739 | ---- | C] () -- C:\Users\mG\Desktop\F2.gif
[2013/11/05 21:46:29 | 000,001,290 | ---- | C] () -- C:\Users\mG\Desktop\f5.png
[2013/11/05 12:58:45 | 001,657,770 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-545380.jpg
[2013/11/05 11:48:35 | 000,277,119 | ---- | C] () -- C:\Users\mG\Desktop\1_line_clock_for_rainmeter_by_feedanza-d5nbftc.rmskin
[2013/11/05 00:19:31 | 000,623,227 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-2395251.jpg
[2013/11/05 00:00:33 | 000,106,999 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-2573505.jpg
[2013/11/04 23:51:36 | 000,402,746 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-1382061.jpg
[2013/11/04 23:36:34 | 000,001,730 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2013/11/04 23:36:34 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
[2013/11/04 23:35:40 | 002,228,376 | ---- | C] () -- C:\Users\mG\Desktop\Rainmeter-3.0.2.exe
[2013/11/04 22:28:52 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/04 19:54:40 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/11/04 19:07:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/04 19:07:16 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/04 19:06:11 | 000,001,264 | ---- | C] () -- C:\Users\mG\Desktop\Revo Uninstaller.lnk
[2013/11/04 19:05:23 | 000,000,009 | ---- | C] () -- C:\END
[2013/11/04 18:52:09 | 000,002,239 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/04 18:52:09 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/04 18:50:17 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/04 18:50:16 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/04 17:43:32 | 000,001,437 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/04 17:41:44 | 000,001,413 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/04 17:38:15 | 000,002,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk
[2013/11/04 17:38:14 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2013/11/04 17:36:02 | 000,000,290 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/04 17:36:02 | 000,000,272 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/04 15:30:45 | 2106,478,591 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 18:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 16:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 15:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 15:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 15:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/04 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\LolClient
[2013/11/11 17:13:46 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Opera Software
[2013/11/04 23:36:38 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Rainmeter
[2013/11/04 19:52:21 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Riot Games
[2013/11/15 15:01:17 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\SBG-SVG
[2013/11/04 17:42:07 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Synaptics
[2013/11/07 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
  • 0

#9
mgalera
Posted 17 November 2013 - 02:50 AM

mgalera

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
AdwCleaner

# AdwCleaner v3.012 - Report created 16/11/2013 at 22:46:57
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : mG - MG-HP
# Running from : C:\Users\mG\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\mG\AppData\LocalLow\Conduit
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306058
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [2429 octets] - [16/11/2013 22:43:44]
AdwCleaner[R1].txt - [2489 octets] - [16/11/2013 22:45:07]
AdwCleaner[S0].txt - [2138 octets] - [16/11/2013 22:46:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2198 octets] ##########
  • 0

#10
mgalera
Posted 17 November 2013 - 03:05 AM

mgalera

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by mG on Sat 11/16/2013 at 22:54:40.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/16/2013 at 22:59:11.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements

#11
zep516
Posted 17 November 2013 - 11:13 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi mgalera,

Tell me if any issues remain.

Joe
  • 0

#12
mgalera
Posted 17 November 2013 - 08:18 PM

mgalera

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Good afternoon from where I live Joe! Thanks for your time and help. I don't think there's any issues anymore. I ran MBAM earlier this morning, and nothing has come up. Happy (really early) holidays!
Marc :)

Edited by mgalera, 17 November 2013 - 08:19 PM.

  • 0

#13
zep516
Posted 18 November 2013 - 05:31 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello mgalera,

One more small fix with OTL

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

:Commands
[emptytemp]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

Next
  • Right click on the JRT Icon and select delete
  • Remove any log reports on the desktop,
  • Empty Recycle bin

Finally

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)

post the ESET Scan log in your next reply

I'll look that log over, then we will remove our tools and I'll provide tips for you.

Thanks
Joe:)
  • 0

#14
mgalera
Posted 22 November 2013 - 01:34 AM

mgalera

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
C:\_OTL\MovedFiles

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: mG
->Temp folder emptied: 4282863 bytes
->Temporary Internet Files folder emptied: 48601864 bytes
->Java cache emptied: 375298 bytes
->Google Chrome cache emptied: 381769237 bytes
->Flash cache emptied: 1131 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54262 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 200755623 bytes

Total Files Cleaned = 606.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11212013_090908

Files\Folders moved on Reboot...
C:\Users\mG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\mG\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#15
mgalera
Posted 22 November 2013 - 01:35 AM

mgalera

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL

OTL logfile created on: 11/21/2013 1:21:21 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mG\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 75.25% Memory free
15.90 Gb Paging File | 13.65 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.63 Gb Total Space | 501.39 Gb Free Space | 86.20% Space Free | Partition Type: NTFS
Drive D: | 14.25 Gb Total Space | 1.58 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Computer Name: MG-HP | User Name: mG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/17 20:40:24 | 005,955,072 | ---- | M] (Spotify Ltd) -- C:\Users\mG\AppData\Roaming\Spotify\spotify.exe
PRC - [2013/11/17 20:40:23 | 000,610,304 | ---- | M] () -- C:\Users\mG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2013/11/15 11:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mG\Desktop\OTL.exe
PRC - [2013/11/14 01:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/04 18:55:26 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/08 09:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/28 12:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/17 19:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/17 19:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/17 19:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/02/15 12:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/12 16:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 16:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/22 10:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/23 09:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 09:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 09:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/17 20:40:24 | 036,967,424 | ---- | M] () -- C:\Users\mG\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013/11/17 20:40:23 | 000,887,808 | ---- | M] () -- C:\Users\mG\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2013/11/17 20:40:23 | 000,610,304 | ---- | M] () -- C:\Users\mG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2013/11/17 20:40:23 | 000,109,568 | ---- | M] () -- C:\Users\mG\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2013/11/14 01:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 01:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 01:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 01:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 01:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/11/08 19:54:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/11/08 19:54:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/11/08 19:54:06 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013/11/08 19:54:04 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c1d55eed243331c944206f8608fb850\IAStorUtil.ni.dll
MOD - [2013/11/08 19:54:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/11/08 19:53:54 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/11/08 19:53:49 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/11/08 19:53:46 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/11/08 19:53:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/11/08 19:53:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 19:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/03/11 00:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/16 19:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2011/01/26 13:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/05 10:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 10:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 10:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/10 23:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/30 09:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/28 12:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/17 19:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 12:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/01/12 16:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/22 10:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 10:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 15:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 14:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/27 06:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/26 13:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/26 13:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/12 15:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/12 14:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/01/04 08:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/16 16:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/10 11:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 11:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 17:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 17:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 17:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 17:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 22:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 06:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 11:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 11:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 10:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 10:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{EEC4123E-4159-4388-AD5C-448257CAF78F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Drive = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: Little Alchemy = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
CHR - Extension: StayFocusd = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.4_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: Google Play Books = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.9_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0\
CHR - Extension: Google Wallet = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\mG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/11/16 22:21:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\mG\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - Startup: C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk = File not found
O4 - Startup: C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6304BB2-05EB-4B10-AB34-9B6596048823}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8FA408A-E8B4-4F20-8BB5-A93443F35C31}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 13:18:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/19 21:46:36 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Carbon
[2013/11/19 21:10:43 | 000,000,000 | ---D | C] -- C:\Users\mG\Documents\My Games
[2013/11/18 19:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2013/11/18 19:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
[2013/11/18 19:14:17 | 041,707,592 | ---- | C] (ppy Pty. Ltd.) -- C:\Users\mG\Desktop\osu!install.exe
[2013/11/18 19:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2013/11/18 19:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013/11/18 18:54:13 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Warframe
[2013/11/17 23:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013/11/17 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Omnimo UI
[2013/11/17 20:40:28 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Spotify
[2013/11/17 20:39:53 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Spotify
[2013/11/17 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\SoftGrid Client
[2013/11/17 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\SoftGrid Client
[2013/11/17 20:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2013/11/17 20:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/11/17 20:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/11/17 20:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2013/11/17 20:06:34 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\TP
[2013/11/17 19:52:59 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/11/17 19:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/11/17 19:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/11/17 19:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/11/16 22:54:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/16 22:20:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/16 22:17:45 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\mG\Desktop\JRT.exe
[2013/11/15 15:01:57 | 000,017,536 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWow64\drivers\NtpaSp50.sys
[2013/11/15 15:01:17 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\SBG-SVG
[2013/11/15 15:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/11/15 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Adobe
[2013/11/15 11:49:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mG\Desktop\OTL.exe
[2013/11/12 21:00:10 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Malwarebytes
[2013/11/12 20:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/12 20:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/12 20:59:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/12 20:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/12 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Programs
[2013/11/10 07:45:47 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Opera Software
[2013/11/10 07:45:46 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Opera Software
[2013/11/10 07:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013/11/08 20:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/08 20:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/08 20:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/08 20:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/08 20:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/08 01:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/11/07 22:28:39 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\CrashDumps
[2013/11/07 20:56:29 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\uTorrent
[2013/11/07 20:56:13 | 001,141,328 | ---- | C] (BitTorrent Inc.) -- C:\Users\mG\Desktop\utorrent.exe
[2013/11/06 20:01:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/11/06 20:01:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/11/04 23:57:59 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\LolClient
[2013/11/04 23:57:57 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Macromedia
[2013/11/04 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\mG\Documents\Rainmeter
[2013/11/04 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Rainmeter
[2013/11/04 23:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2013/11/04 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\WinRAR
[2013/11/04 22:49:56 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/04 22:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/11/04 22:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013/11/04 22:28:58 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Skype
[2013/11/04 22:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/11/04 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/04 22:28:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/11/04 22:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/11/04 19:54:39 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/11/04 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/11/04 19:52:36 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\PMB Files
[2013/11/04 19:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/11/04 19:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/11/04 19:52:03 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Riot Games
[2013/11/04 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Roxio Log Files
[2013/11/04 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\HP
[2013/11/04 19:11:09 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\AuthenTec
[2013/11/04 19:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/04 19:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/04 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/11/04 19:06:11 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/11/04 18:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/04 18:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/11/04 18:49:10 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Google
[2013/11/04 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Deployment
[2013/11/04 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Apps
[2013/11/04 17:43:39 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Adobe
[2013/11/04 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Intel Corporation
[2013/11/04 17:42:08 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\hpqLog
[2013/11/04 17:42:07 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Synaptics
[2013/11/04 17:41:44 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/04 17:41:44 | 000,000,000 | R--D | C] -- C:\Users\mG\Searches
[2013/11/04 17:41:44 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/04 17:41:43 | 000,000,000 | -H-D | C] -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/04 17:41:36 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Identities
[2013/11/04 17:41:34 | 000,000,000 | R--D | C] -- C:\Users\mG\Contacts
[2013/11/04 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\VirtualStore
[2013/11/04 17:41:06 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\RemEngine
[2013/11/04 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Hewlett-Packard
[2013/11/04 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Hewlett-Packard
[2013/11/04 17:38:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Hewlett-Packard_Company
[2013/11/04 17:36:06 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Intel
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\AppData\Local\Temporary Internet Files
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Templates
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Start Menu
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\SendTo
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Recent
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\PrintHood
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\NetHood
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Documents\My Videos
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Documents\My Pictures
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Documents\My Music
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\My Documents
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Local Settings
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\AppData\Local\History
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Cookies
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\Application Data
[2013/11/04 17:36:04 | 000,000,000 | -HSD | C] -- C:\Users\mG\AppData\Local\Application Data
[2013/11/04 17:36:02 | 000,000,000 | --SD | C] -- C:\Users\mG\AppData\Roaming\Microsoft
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Videos
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Saved Games
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Pictures
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Music
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Links
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Favorites
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Downloads
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Documents
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\Desktop
[2013/11/04 17:36:02 | 000,000,000 | R--D | C] -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/04 17:36:02 | 000,000,000 | -H-D | C] -- C:\Users\mG\AppData
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Temp
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\Roaming
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Local\Microsoft
[2013/11/04 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\mG\AppData\Roaming\Media Center Programs
[2013/11/04 15:30:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/11/21 13:24:05 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/21 13:24:05 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/21 13:24:05 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/21 13:18:50 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/21 13:18:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 13:18:29 | 439,545,365 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/21 13:18:26 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 10:00:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/21 09:21:17 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 09:21:17 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 18:42:50 | 000,000,219 | ---- | M] () -- C:\Users\mG\Desktop\Team Fortress 2.url
[2013/11/20 18:37:50 | 000,000,222 | ---- | M] () -- C:\Users\mG\Desktop\Pinball Arcade.url
[2013/11/19 21:37:14 | 000,000,222 | ---- | M] () -- C:\Users\mG\Desktop\AirMech.url
[2013/11/19 21:05:15 | 000,478,464 | ---- | M] () -- C:\Users\mG\Desktop\Untitled.png
[2013/11/19 18:47:39 | 015,025,869 | ---- | M] () -- C:\Users\mG\Desktop\87630 Linked Horizon - Guren no Yumiya (TV Size).osz
[2013/11/19 03:01:37 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/19 03:01:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/19 00:23:42 | 007,640,843 | ---- | M] () -- C:\Users\mG\Desktop\7386 Beat Crusaders - Hit in the USA.osz
[2013/11/18 19:17:11 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk
[2013/11/18 19:16:17 | 041,707,592 | ---- | M] (ppy Pty. Ltd.) -- C:\Users\mG\Desktop\osu!install.exe
[2013/11/18 18:41:06 | 000,009,653 | ---- | M] () -- C:\Users\mG\Desktop\nigga.jpg
[2013/11/17 22:06:11 | 000,001,494 | ---- | M] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk
[2013/11/17 20:40:24 | 000,001,787 | ---- | M] () -- C:\Users\mG\Desktop\Spotify.lnk
[2013/11/17 19:41:13 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/16 23:07:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/11/16 23:06:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/11/16 22:21:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/16 22:17:56 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\mG\Desktop\JRT.exe
[2013/11/15 11:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mG\Desktop\OTL.exe
[2013/11/14 22:06:33 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/12 20:59:24 | 000,001,093 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/11/12 20:59:24 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/11 11:27:47 | 000,070,341 | ---- | M] () -- C:\Users\mG\Desktop\me-gusta-creepy-me-gusta.png
[2013/11/10 17:16:06 | 000,140,927 | ---- | M] () -- C:\Users\mG\Desktop\i know that feel.jpg
[2013/11/07 21:01:21 | 000,000,825 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/11/07 21:01:04 | 000,012,268 | ---- | M] () -- C:\Users\mG\Desktop\[kickass.to]adobe.premiere.pro.cs6.6.0.0.ls7.multilanguage.chingliu.torrent
[2013/11/07 20:56:17 | 001,141,328 | ---- | M] (BitTorrent Inc.) -- C:\Users\mG\Desktop\utorrent.exe
[2013/11/07 08:16:50 | 000,277,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/06 07:39:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 07:39:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/05 21:48:19 | 000,003,739 | ---- | M] () -- C:\Users\mG\Desktop\F2.gif
[2013/11/05 21:46:29 | 000,001,290 | ---- | M] () -- C:\Users\mG\Desktop\f5.png
[2013/11/05 00:19:32 | 000,623,227 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-2395251.jpg
[2013/11/04 23:51:38 | 000,402,746 | ---- | M] () -- C:\Users\mG\Desktop\wallpaper-1382061.jpg
[2013/11/04 23:36:34 | 000,001,730 | ---- | M] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2013/11/04 22:28:52 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/04 19:54:40 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/11/04 19:49:07 | 000,002,239 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/04 19:06:11 | 000,001,264 | ---- | M] () -- C:\Users\mG\Desktop\Revo Uninstaller.lnk
[2013/11/04 17:43:32 | 000,001,437 | ---- | M] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/04 17:34:00 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/11/04 15:32:47 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/11/04 15:32:46 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/11/21 13:18:29 | 439,545,365 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/20 18:42:50 | 000,000,219 | ---- | C] () -- C:\Users\mG\Desktop\Team Fortress 2.url
[2013/11/20 18:37:50 | 000,000,222 | ---- | C] () -- C:\Users\mG\Desktop\Pinball Arcade.url
[2013/11/19 21:37:14 | 000,000,222 | ---- | C] () -- C:\Users\mG\Desktop\AirMech.url
[2013/11/19 21:05:15 | 000,478,464 | ---- | C] () -- C:\Users\mG\Desktop\Untitled.png
[2013/11/19 18:46:59 | 015,025,869 | ---- | C] () -- C:\Users\mG\Desktop\87630 Linked Horizon - Guren no Yumiya (TV Size).osz
[2013/11/19 00:23:16 | 007,640,843 | ---- | C] () -- C:\Users\mG\Desktop\7386 Beat Crusaders - Hit in the USA.osz
[2013/11/18 19:17:11 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk
[2013/11/18 18:41:06 | 000,009,653 | ---- | C] () -- C:\Users\mG\Desktop\nigga.jpg
[2013/11/17 22:06:11 | 000,001,494 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk
[2013/11/17 20:40:24 | 000,001,787 | ---- | C] () -- C:\Users\mG\Desktop\Spotify.lnk
[2013/11/17 20:40:24 | 000,001,773 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/11/17 20:07:38 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/17 19:41:13 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/16 23:07:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/11/16 23:06:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/11/12 20:59:24 | 000,001,093 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/11/12 20:59:24 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/11 11:27:47 | 000,070,341 | ---- | C] () -- C:\Users\mG\Desktop\me-gusta-creepy-me-gusta.png
[2013/11/10 17:16:05 | 000,140,927 | ---- | C] () -- C:\Users\mG\Desktop\i know that feel.jpg
[2013/11/07 21:01:21 | 000,000,825 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/11/07 21:01:04 | 000,012,268 | ---- | C] () -- C:\Users\mG\Desktop\[kickass.to]adobe.premiere.pro.cs6.6.0.0.ls7.multilanguage.chingliu.torrent
[2013/11/06 07:46:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/11/06 07:39:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 07:39:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/06 07:20:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/11/05 21:48:18 | 000,003,739 | ---- | C] () -- C:\Users\mG\Desktop\F2.gif
[2013/11/05 21:46:29 | 000,001,290 | ---- | C] () -- C:\Users\mG\Desktop\f5.png
[2013/11/05 00:19:31 | 000,623,227 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-2395251.jpg
[2013/11/04 23:51:36 | 000,402,746 | ---- | C] () -- C:\Users\mG\Desktop\wallpaper-1382061.jpg
[2013/11/04 23:36:34 | 000,001,730 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2013/11/04 23:36:34 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
[2013/11/04 23:34:39 | 001,853,330 | ---- | C] () -- C:\Users\mG\Desktop\Taskbar Eliminator.exe
[2013/11/04 22:28:52 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/04 19:54:40 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/11/04 19:07:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/04 19:07:16 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/04 19:06:11 | 000,001,264 | ---- | C] () -- C:\Users\mG\Desktop\Revo Uninstaller.lnk
[2013/11/04 18:52:09 | 000,002,239 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/04 18:52:09 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/04 18:50:17 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/04 18:50:16 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/04 17:43:32 | 000,001,437 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/04 17:41:44 | 000,001,413 | ---- | C] () -- C:\Users\mG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/04 17:38:15 | 000,002,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk
[2013/11/04 17:38:14 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2013/11/04 17:36:02 | 000,000,290 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/04 17:36:02 | 000,000,272 | ---- | C] () -- C:\Users\mG\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/04 15:30:45 | 2106,478,591 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 18:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 16:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 15:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 15:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 15:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/19 21:46:36 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Carbon
[2013/11/04 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\LolClient
[2013/11/11 17:13:46 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Opera Software
[2013/11/17 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Rainmeter
[2013/11/04 19:52:21 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Riot Games
[2013/11/15 15:01:17 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\SBG-SVG
[2013/11/17 21:29:18 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\SoftGrid Client
[2013/11/21 13:19:36 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Spotify
[2013/11/04 17:42:07 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\Synaptics
[2013/11/17 20:09:11 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\TP
[2013/11/21 10:05:00 | 000,000,000 | ---D | M] -- C:\Users\mG\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP