Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

Might have gotten spyware from something I installed [Solved]


  • This topic is locked This topic is locked

#1
wickkidda

wickkidda

    Member

  • Member
  • PipPipPip
  • 107 posts
Hi. I installed something I downloaded and instead of an installation program coming up all I saw was a few windows blink onto the screen and off again in a split second. So I ran Malwarebytes and it found 120 objects which I removed. I'm just afraid there are probably lots of things I can't find left on here. There's also a conduit.com thing I can't get rid of on firefox every time I open a new tab, but I never thought it was serious enough to ask for your help. Thanks for taking a look.


OTL logfile created on: 11/16/2013 5:45:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 68.10% Memory free
15.94 Gb Paging File | 13.07 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 37.25 Gb Free Space | 4.00% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/16 17:33:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2013/11/15 14:49:37 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 14:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/10/08 20:47:20 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/09/17 17:29:22 | 000,053,232 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\TranslateGeniusAgent.exe
PRC - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 12:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 16:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/12 14:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 16:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 16:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 16:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 14:49:37 | 003,555,440 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/30 14:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 12:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 15:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/10/08 20:47:20 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/09/17 17:29:22 | 000,053,232 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\TranslateGeniusAgent.exe
MOD - [2013/09/17 17:29:20 | 000,050,688 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Updater\Temp\Agent.Application.dll
MOD - [2013/09/17 17:29:18 | 000,006,656 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Support.Infrastructure.dll
MOD - [2013/09/06 11:19:58 | 000,238,080 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\System.ComponentModel.Composition.dll
MOD - [2013/09/06 11:19:58 | 000,032,256 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Updater\Temp\BBV.Framework.dll
MOD - [2013/09/06 11:19:58 | 000,021,504 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Updater\Temp\Browsers.Firefox.dll
MOD - [2013/09/06 11:19:58 | 000,017,920 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Metrics.Dispatching.dll
MOD - [2013/09/06 11:19:58 | 000,012,800 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Environment.Identification.dll
MOD - [2013/09/06 11:19:58 | 000,009,728 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Updater\Temp\Browsers.Chrome.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 12:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/10/15 04:51:49 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\6c1567259547084fc25ef4941b184be5\System.Xml.Linq.ni.dll
MOD - [2011/10/15 04:51:15 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/15 02:41:29 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fd6d00c3c7d56a2e3651769081e8f412\System.EnterpriseServices.ni.dll
MOD - [2011/10/15 02:41:29 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll
MOD - [2011/10/15 02:41:28 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/15 02:41:13 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/15 02:41:09 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/15 02:40:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/15 02:40:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/15 02:40:55 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/15 02:40:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/15 14:49:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 20:47:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 01:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/14 15:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 15:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 22:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 17:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 17:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 17:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 17:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/01 03:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 01:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 11:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 14:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/02/22 01:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/07/01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 14:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 10:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{429DC9F2-1367-4C14-9906-89D81DE97551}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: sp2@sp.com:1.0
FF - prefs.js..keyword.URL: "http://search.condui...79&UM=UM_ID&q="

FF - user.js..extensions.enabledAddons: sp2@sp.com:1.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 14:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 14:49:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sp2@sp.com: C:\Program Files (x86)\Social Privacy\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3f34ed98-04e6-4252-9646-d930abe8bd3b}: C:\Program Files (x86)\findAdeal\135.xpi [2013/11/15 17:49:20 | 000,006,225 | ---- | M] ()

[2011/10/14 21:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/11/15 17:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2013/09/05 01:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/09/14 17:31:41 | 000,000,000 | ---D | M] (BitTorrentBar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/05/10 19:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2013/10/08 09:32:53 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/09/13 16:15:48 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/11/15 17:49:12 | 000,331,553 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\translategenius@tgfinteractive.com.xpi
[2013/11/08 15:01:56 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/10/10 10:48:43 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 16:30:05 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/11/13 16:28:17 | 000,549,871 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\searchplugins\askcom.xml
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 17:49:20 | 000,006,225 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\FINDADEAL\135.XPI

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/03 14:58:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (find-a-deal) - {b36ac8cc-a828-4b0b-b965-3c9c677c803a} - C:\Program Files (x86)\findAdeal\135.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [adblock pro] C:\Program Files (x86)\Adblock Pro\abpmain.exe -m File not found
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TranslateGeniusAgent.lnk = C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\TranslateGeniusAgent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/15 17:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\findAdeal
[2013/11/15 17:49:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/11/15 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC
[2013/11/15 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TGF Interactive
[2013/11/15 17:48:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\SearchProtect
[2013/11/15 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSeMu3
[2013/11/15 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 16:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Cafe
[2013/11/14 16:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Galactic Cafe
[2013/11/13 02:38:27 | 000,000,000 | ---D | C] -- C:\Crash
[2013/11/09 12:49:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{3E551C14-718E-41F5-B0EA-77DA4B003B04}
[2013/11/07 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Beyond_Perception_130826
[2013/11/03 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{71BEC60D-ACE3-47BD-8772-417554A237FF}
[2013/10/31 19:51:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B103F68B-10B7-4409-8F96-83AC8FCC0DEE}
[2013/10/24 17:03:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{54FAD5F5-BCBB-4502-A330-E94F6AC2D112}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/16 17:39:04 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\find-a-deal Update.job
[2013/11/16 16:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/16 15:19:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-6543664-2043801977-3085460779-1000UA.job
[2013/11/15 21:19:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-6543664-2043801977-3085460779-1000Core.job
[2013/11/15 18:08:12 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/15 18:08:12 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/15 18:01:24 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2013/11/15 18:01:05 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2013/11/15 18:01:02 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/11/15 18:00:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/15 18:00:53 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/15 17:49:11 | 000,001,245 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TranslateGeniusAgent.lnk
[2013/11/14 16:59:06 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/11/12 15:28:18 | 000,779,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/12 15:28:18 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/12 15:28:18 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/15 17:49:20 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\find-a-deal Update.job
[2013/11/15 17:49:11 | 000,001,245 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TranslateGeniusAgent.lnk
[2013/11/14 16:59:06 | 000,001,251 | ---- | C] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/09/08 17:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 17:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 17:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 12:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 10:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 13:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 11:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 00:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 00:16:15 | 000,000,127 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 04:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012/05/08 21:04:12 | 000,000,906 | ---- | C] () -- C:\Windows\DC.ini
[2012/05/02 21:17:10 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/05/02 21:17:10 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/05/02 21:17:10 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/27 21:27:48 | 000,772,988 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 22:00:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/31 22:11:00 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/11/30 13:16:01 | 000,020,480 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2013/11/05 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2013/11/16 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2012/12/12 02:29:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 13:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2013/09/10 11:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 22:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2013/09/14 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2012/04/19 14:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 21:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 21:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 00:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/05 23:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/11/07 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 02:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2011/10/27 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2013/11/15 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC
[2012/03/07 01:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 18:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2013/06/02 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 20:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 19:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2013/09/14 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/09/14 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2013/11/03 15:08:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 06:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:359B3BDA
@Alternate Data Stream - 1011 bytes -> C:\Users\Matt\AppData\Local\Temp:EREkSInJfVa6RH1fFIDA1aQ

< End of report >
  • 0

Similar Topics: Might have gotten spyware from something I installed [Solved]     x


#2
Machiavelli

Machiavelli

    Special Agent 007

  • GeekU Senior
  • 2,222 posts
Welcome to GeeksToGo, wickkidda

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

So I ran Malwarebytes and it found 120 objects which I removed

OK, could you post that LogFile?

- Malwarebytes Logfile Export -

  • Start Malwarebytes
  • Go to the tab called Logfiles
  • Select the Logfile where MBAM has something found
  • Click open and a Logfile will open - post the results
  • If you made other scans where it also found something please post also these results
  • Post them in the thread

- Moving OTL.exe to your Desktop -

Please move the OTL.exe which is located under your Downloadsfolder (C:\Downloads) to your Desktop please.


- OTL -

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • Please click on the "None" Button
    • Under the option Extra Registry please select Use Safe List
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open Extras.Txt on the desktop
    • Please copy the contents of this file and paste it into your reply. To do that:
    • On the Extras.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the Extras.txt file in the in the post window.
[/list]
 

Please don't forget to post these Logs into your next post:

  • MBAM Log(s)
  • EXTRAS.txt

Cheers
Makka
  • 0

#3
Machiavelli

Machiavelli

    Special Agent 007

  • GeekU Senior
  • 2,222 posts
Hello wickkidda!

Please forget the step with the OTL Extras Export in the last post. Only like to see the MBAM Logs. :) Let's go.

 

Part I ) Warnings!


 

- Free Space Warning -

I see you have only less than 15% free space on your PC. That is another reason for the slowness of your computer. Because of that I recommend uninstalling software which you don't use at all.

- Disable TeaTimer -

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your computer is clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

 

Part II) Action!


 


- OTL Fix -

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
    IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
    IE - HKCU\..\SearchScopes\{429DC9F2-1367-4C14-9906-89D81DE97551}: "URL" = http://search.condui...&ctid=CT2790392
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&CUI=UN57317740152823279&UM=UM_ID&q="
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - prefs.js..extensions.enabledAddons: sp2@sp.com:1.0
    FF - user.js..extensions.enabledAddons: sp2@sp.com:1.0
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sp2@sp.com: C:\Program Files (x86)\Social Privacy\FF\
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3f34ed98-04e6-4252-9646-d930abe8bd3b}: C:\Program Files (x86)\findAdeal\135.xpi [2013/11/15 17:49:20 | 000,006,225 | ---- | M] ()
    [2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\searchplugins\askcom.xml
    [2013/11/15 17:49:20 | 000,006,225 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\FINDADEAL\135.XPI
    O2 - BHO: (find-a-deal) - {b36ac8cc-a828-4b0b-b965-3c9c677c803a} - C:\Program Files (x86)\findAdeal\135.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
    [2013/11/15 17:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\findAdeal
    [2013/11/15 17:49:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
    [2013/11/15 17:48:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\SearchProtect
    [2013/11/03 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{71BEC60D-ACE3-47BD-8772-417554A237FF}
    [2013/10/31 19:51:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B103F68B-10B7-4409-8F96-83AC8FCC0DEE}
    [2013/10/24 17:03:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{54FAD5F5-BCBB-4502-A330-E94F6AC2D112}
    [2013/11/09 12:49:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{3E551C14-718E-41F5-B0EA-77DA4B003B04}
    [2013/11/15 17:49:20 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\find-a-deal Update.job
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:359B3BDA
    @Alternate Data Stream - 1011 bytes -> C:\Users\Matt\AppData\Local\Temp:EREkSInJfVa6RH1fFIDA1aQ
    
    :Files
    C:\Program Files (x86)\Social Privacy
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix. Post that into your next reply!


- Adwarecleaner -

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

- OTL Custom Scan -

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Checkand Purity Check.
    • Under Extra Registry please check Use Safe List.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list]Repeat for the Extras.txt file.

 

Please don't forget to post these Logfiles in your next post:

  • OTL FixLog
  • Adwarecleaner Log
  • OTL.txt
  • Extras.txt

  • 0

#4
wickkidda

wickkidda

    Member

  • Member
  • PipPipPip
  • 107 posts
I don't know what TranslateGenius is. Pretty sure that's not good.

Here is the MBAM Log from before coming to you, OTL FixLog, Adwarecleaner Log, OTL, and Extras.





Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.15.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Matt :: MATT-PC [administrator]

11/15/2013 5:53:22 PM
mbam-log-2013-11-15 (17-53-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237195
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
HKCR\TypeLib\{DCB1CD02-42FC-4447-B833-6405CE328D62} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
HKCR\Interface\{96B7C08E-01F0-491A-8509-9741CF47039F} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sp@sp.com (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.condui...BAAA292EF&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 22
C:\Program Files (x86)\Social Privacy (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\FF (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\FF\chrome (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\FF\chrome\content (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Files Detected: 88
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nslF425.tmp (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsq4C55.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsw3682.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsw3809.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsw4AEE.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\nsvDF9.tmp\bi_client.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Matt\Local Settings\Temporary Internet Files\Content.IE5\6OL206IB\bi_downloader[1].exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Matt\Local Settings\Temporary Internet Files\Content.IE5\FJR4TJPW\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Matt\Local Settings\Temporary Internet Files\Content.IE5\Z84YKMBH\BiTool[1].dll (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Matt\Local Settings\Temporary Internet Files\Content.IE5\Z84YKMBH\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\code.zip (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\r.log (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\sp.dll (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\Uninstall.exe (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\FF\chrome.manifest (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\FF\install.rdf (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\FF\chrome\content\icon.png (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\FF\chrome\content\main.js (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Social Privacy\FF\chrome\content\overlay.xul (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

(end)








All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{429DC9F2-1367-4C14-9906-89D81DE97551}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429DC9F2-1367-4C14-9906-89D81DE97551}\ not found.
Prefs.js: "http://search.condui...79&UM=UM_ID&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Prefs.js: sp2@sp.com:1.0 removed from extensions.enabledAddons
C:\Users\Matt\AppData\Roaming\Mozilla\FireFox\Profiles\07udyna9.default\user.js moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sp2@sp.com deleted successfully.
File C:\Program Files (x86)\Social Privacy\FF not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3f34ed98-04e6-4252-9646-d930abe8bd3b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f34ed98-04e6-4252-9646-d930abe8bd3b}\ not found.
File C:\Program Files (x86)\findAdeal\135.xpi [2013/11/15 17:49:20 | 000,006,225 | ---- | M] not found.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\searchplugins\askcom.xml moved successfully.
C:\Program Files (x86)\findAdeal\135.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b36ac8cc-a828-4b0b-b965-3c9c677c803a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b36ac8cc-a828-4b0b-b965-3c9c677c803a}\ deleted successfully.
C:\Program Files (x86)\findAdeal\135.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
C:\Program Files (x86)\findAdeal folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{D50F990E-EEC1-4880-97B1-B87CDB899431} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{CFEEB76B-06CE-4990-A75F-5C31D3887A2D} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{6B1868C2-C6B5-4E8C-8F91-FE7E743B1AA0} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{1D06D0EB-212B-4CCE-8ED8-D6C5EA4FABE5} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin folder moved successfully.
C:\Users\Matt\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\Matt\AppData\Local\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Users\Matt\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\Users\Matt\AppData\Local\{71BEC60D-ACE3-47BD-8772-417554A237FF} folder moved successfully.
C:\Users\Matt\AppData\Local\{B103F68B-10B7-4409-8F96-83AC8FCC0DEE} folder moved successfully.
C:\Users\Matt\AppData\Local\{54FAD5F5-BCBB-4502-A330-E94F6AC2D112} folder moved successfully.
C:\Users\Matt\AppData\Local\{3E551C14-718E-41F5-B0EA-77DA4B003B04} folder moved successfully.
C:\Windows\Tasks\find-a-deal Update.job moved successfully.
ADS C:\ProgramData\TEMP:359B3BDA deleted successfully.
ADS C:\Users\Matt\AppData\Local\Temp:EREkSInJfVa6RH1fFIDA1aQ deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Social Privacy not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 711507107 bytes
->Temporary Internet Files folder emptied: 35199136 bytes
->Java cache emptied: 2023 bytes
->FireFox cache emptied: 208033903 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 175330 bytes

User: Matt2
->Temp folder emptied: 199098 bytes
->Temporary Internet Files folder emptied: 905468 bytes
->FireFox cache emptied: 15909800 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3121072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 930.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11172013_101819

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...








# AdwCleaner v3.012 - Report created 17/11/2013 at 10:29:43
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Matt\AppData\Local\Conduit
Folder Deleted : C:\Users\Matt\AppData\Local\PackageAware
Folder Deleted : C:\Users\Matt\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Matt\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Matt\AppData\LocalLow\Mail.Ru
Folder Deleted : C:\Users\Matt\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\ConduitCommon
Folder Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\Smartbar
Folder Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\CT2790392
Folder Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
File Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\.autoreg
File Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16447


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\prefs.js ]

Line Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2790392.1000234.TWC_locId", "USMO0460");
Line Deleted : user_pref("CT2790392.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT2790392.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"31°F\",\"temperatureClear\":\"31°F\",\"highTemperature\":\"35°F\",\"lowTemperature\":\"22°F\",\"feelsLike\":\"20°F\",[...]
Line Deleted : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
Line Deleted : user_pref("CT2790392.CTID", "CT2790392");
Line Deleted : user_pref("CT2790392.CurrentServerDate", "27-5-2012");
Line Deleted : user_pref("CT2790392.DSInstall", false);
Line Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Sat May 26 2012 21:09:10 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Sun May 20 2012 19:05:18 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 207);
Line Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Sun May 20 2012 19:05:19 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Sun May 20 2012 19:05:19 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Sun May 20 2012 19:05:19 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Sun May 20 2012 19:05:19 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Sun May 20 2012 19:05:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Sun May 20 2012 19:05:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Sun May 20 2012 19:05:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Sun May 20 2012 19:05:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Sun May 20 2012 19:05:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Sun May 20 2012 19:05:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Sun May 20 2012 19:05:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Line Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Line Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Line Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Line Deleted : user_pref("CT2790392.FirstServerDate", "21-5-2012");
Line Deleted : user_pref("CT2790392.FirstTime", true);
Line Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Line Deleted : user_pref("CT2790392.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2790392.HPInstall", false);
Line Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2790392.Initialize", true);
Line Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2790392.InstallationId", "fft185B.tmp.exe");
Line Deleted : user_pref("CT2790392.InstallationType", "XPE");
Line Deleted : user_pref("CT2790392.InstalledDate", "Sun May 20 2012 19:05:18 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.IsGrouping", false);
Line Deleted : user_pref("CT2790392.IsInitSetupIni", true);
Line Deleted : user_pref("CT2790392.IsMulticommunity", false);
Line Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Sat May 26 2012 22:57:47 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2790392.LastLogin_3.12.0.8", "Mon May 21 2012 12:43:37 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.12.2.3", "Sun May 27 2012 13:30:40 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LatestVersion", "3.12.2.3");
Line Deleted : user_pref("CT2790392.Locale", "en");
Line Deleted : user_pref("CT2790392.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.12.0.8");
Line Deleted : user_pref("CT2790392.SearchCaption", "BitTorrentBar Customized Web Search");
Line Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=");
Line Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Sat May 26 2012 22:57:47 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2790392.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Sat May 26 2012 22:57:47 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Sun May 27 2012 13:30:39 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastUpdate", "1337625361");
Line Deleted : user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Sun May 20 2012 19:05:18 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2790392.UserID", "UN57317740152823279");
Line Deleted : user_pref("CT2790392.WeatherNetwork", "");
Line Deleted : user_pref("CT2790392.WeatherPollDate", "Sun May 20 2012 19:05:19 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.WeatherUnit", "F");
Line Deleted : user_pref("CT2790392.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Line Deleted : user_pref("CT2790392.autoDisableScopes", -1);
Line Deleted : user_pref("CT2790392.countryCode", "US");
Line Deleted : user_pref("CT2790392.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT2790392.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2790392.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT2790392.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2790392.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT2790392.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2790392.fixUrls", true);
Line Deleted : user_pref("CT2790392.fullUserID", "UN57317740152823279.UP.20130709035550");
Line Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Sun May 20 2012 19:05:19 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2790392.initDone", true);
Line Deleted : user_pref("CT2790392.installId", "fftB9AC.tmp.exe");
Line Deleted : user_pref("CT2790392.installType", "XPE");
Line Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2790392.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2790392.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2790392.isNewTabEnabled", true);
Line Deleted : user_pref("CT2790392.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2790392.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2790392.keyword", true);
Line Deleted : user_pref("CT2790392.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2790392&octid=CT2790392&SearchSource=15&CUI=UN57317740152823279&SSPV=&Lay=1&UM=UM_ID\"}[...]
Line Deleted : user_pref("CT2790392.lastVersion", "10.20.0.513");
Line Deleted : user_pref("CT2790392.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2790392.myStuffEnabled", true);
Line Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2790392.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT2790392.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F335021-might-have-gotten-spyware-from-something-i-instal[...]
Line Deleted : user_pref("CT2790392.openThankYouPage", "true");
Line Deleted : user_pref("CT2790392.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT2790392.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&CUI=UN57317740152823279&UM=UM_ID&q=");
Line Deleted : user_pref("CT2790392.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2790392.search.searchAppId", "129298377186388102");
Line Deleted : user_pref("CT2790392.search.searchCount", "0");
Line Deleted : user_pref("CT2790392.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT2790392.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2790392.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT2790392.searchUserMode", "UM_ID");
Line Deleted : user_pref("CT2790392.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2790392\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BitTorrentBar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BitTorrentBar \"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2790392.serviceLayer_services_Configuration_lastUpdate", "1384656971179");
Line Deleted : user_pref("CT2790392.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364231743062");
Line Deleted : user_pref("CT2790392.serviceLayer_services_appsMetadata_lastUpdate", "1364231742947");
Line Deleted : user_pref("CT2790392.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364231742916");
Line Deleted : user_pref("CT2790392.serviceLayer_services_location_lastUpdate", "1365704206605");
Line Deleted : user_pref("CT2790392.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358381770595");
Line Deleted : user_pref("CT2790392.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359677755851");
Line Deleted : user_pref("CT2790392.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360682284381");
Line Deleted : user_pref("CT2790392.serviceLayer_services_login_10.14.65.43_lastUpdate", "1373352720123");
Line Deleted : user_pref("CT2790392.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365716291883");
Line Deleted : user_pref("CT2790392.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374965487515");
Line Deleted : user_pref("CT2790392.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379190493214");
Line Deleted : user_pref("CT2790392.serviceLayer_services_login_10.20.0.513_lastUpdate", "1384701709178");
Line Deleted : user_pref("CT2790392.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364231742949");
Line Deleted : user_pref("CT2790392.serviceLayer_services_searchAPI_lastUpdate", "1384656971065");
Line Deleted : user_pref("CT2790392.serviceLayer_services_serviceMap_lastUpdate", "1384656971009");
Line Deleted : user_pref("CT2790392.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364231742833");
Line Deleted : user_pref("CT2790392.serviceLayer_services_toolbarSettings_lastUpdate", "1384700705043");
Line Deleted : user_pref("CT2790392.serviceLayer_services_translation_lastUpdate", "1384656971127");
Line Deleted : user_pref("CT2790392.settingsINI", true);
Line Deleted : user_pref("CT2790392.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2790392.showToolbarPermission", "false");
Line Deleted : user_pref("CT2790392.smartbar.CTID", "CT2790392");
Line Deleted : user_pref("CT2790392.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2790392.smartbar.isHidden", true);
Line Deleted : user_pref("CT2790392.smartbar.toolbarName", "BitTorrentBar ");
Line Deleted : user_pref("CT2790392.testingCtid", "");
Line Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Sat May 26 2012 22:57:47 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.toolbarBornServerTime", "21-5-2012");
Line Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Sun May 20 2012 19:05:19 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.toolbarCurrentServerTime", "17-11-2013");
Line Deleted : user_pref("CT2790392.toolbarLoginClientTime", "Mon Mar 25 2013 13:15:42 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.usagesFlag", 2);
Line Deleted : user_pref("CT2790392_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384701987254,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"d728e3133901af9bc4d47b2d34f1dfc01\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1334663508\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"d76323372b05c3748a3d6b1c93a98292\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e1ac93c8bab6bfc9801049c6b49194\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Matt\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\07udyna9.default\\conduitCommon\\modules\\3.12.0.8");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "812ba45e-0ae8-462f-9ca3-e6483a2bc940");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun May 20 2012 19:05:21 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun May 20 2012 19:05:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "7818b1db-eafd-427d-a82f-069ef76aa724");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2790392");
Line Deleted : user_pref("extensions.crossrider.bic", "13af62567772787a45413302f2f38783");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&CUI=UN57317740152823279&UM=UM_ID&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2790392");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&CUI=UN57317740152823279&UM=UM_ID&q=");
Line Deleted : user_pref("smartbar.machineId", "ZG3SG0HVMNGBJYMHRKUB2+9+WK8H0EHMYLY9M8SSHQ4+GEQGFJG2AKH1UNB0R7GWDYW+5ZZVQLMABLVGUOHGHW");

[ File : C:\Users\Matt2\AppData\Roaming\Mozilla\Firefox\Profiles\sf0i1fpi.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [25242 octets] - [17/11/2013 10:28:40]
AdwCleaner[S0].txt - [25515 octets] - [17/11/2013 10:29:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25576 octets] ##########









OTL logfile created on: 11/17/2013 10:39:59 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.43% Memory free
15.94 Gb Paging File | 14.00 Gb Available in Paging File | 87.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 38.64 Gb Free Space | 4.15% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/16 17:33:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 14:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/09/17 17:29:22 | 000,053,232 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\TranslateGeniusAgent.exe
PRC - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 12:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 16:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/12 14:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 16:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 16:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 16:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/30 14:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 12:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 15:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/09/17 17:29:22 | 000,053,232 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\TranslateGeniusAgent.exe
MOD - [2013/09/17 17:29:20 | 000,050,688 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Updater\Temp\Agent.Application.dll
MOD - [2013/09/17 17:29:18 | 000,006,656 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Support.Infrastructure.dll
MOD - [2013/09/06 11:19:58 | 000,238,080 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\System.ComponentModel.Composition.dll
MOD - [2013/09/06 11:19:58 | 000,032,256 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Updater\Temp\BBV.Framework.dll
MOD - [2013/09/06 11:19:58 | 000,021,504 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Updater\Temp\Browsers.Firefox.dll
MOD - [2013/09/06 11:19:58 | 000,017,920 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Metrics.Dispatching.dll
MOD - [2013/09/06 11:19:58 | 000,012,800 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Environment.Identification.dll
MOD - [2013/09/06 11:19:58 | 000,009,728 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\Updater\Temp\Browsers.Chrome.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 12:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2012/05/25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/10/15 04:51:49 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\6c1567259547084fc25ef4941b184be5\System.Xml.Linq.ni.dll
MOD - [2011/10/15 04:51:15 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/15 02:41:29 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll
MOD - [2011/10/15 02:41:28 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/15 02:41:13 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/15 02:41:09 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/15 02:40:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/15 02:40:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/15 02:40:55 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/15 02:40:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/15 14:49:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 20:47:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 01:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/14 15:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 15:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 22:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 17:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 17:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 17:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 17:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/01 03:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 01:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 11:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 14:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/02/22 01:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/07/01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 14:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 10:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 14:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 14:49:36 | 000,000,000 | ---D | M]

[2011/10/14 21:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/11/17 10:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2013/09/05 01:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/05/10 19:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2013/10/08 09:32:53 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/09/13 16:15:48 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/11/15 17:49:12 | 000,331,553 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\translategenius@tgfinteractive.com.xpi
[2013/11/08 15:01:56 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/10/10 10:48:43 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 16:30:05 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/11/13 16:28:17 | 000,549,871 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/03 14:58:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [adblock pro] C:\Program Files (x86)\Adblock Pro\abpmain.exe -m File not found
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TranslateGeniusAgent.lnk = C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\TranslateGeniusAgent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/17 10:28:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/17 10:18:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/16 17:33:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/11/15 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC
[2013/11/15 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TGF Interactive
[2013/11/15 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSeMu3
[2013/11/15 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 16:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Cafe
[2013/11/14 16:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Galactic Cafe
[2013/11/13 02:38:27 | 000,000,000 | ---D | C] -- C:\Crash
[2013/11/07 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Beyond_Perception_130826

========== Files - Modified Within 30 Days ==========

[2013/11/17 10:38:33 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 10:38:33 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 10:31:55 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2013/11/17 10:31:26 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2013/11/17 10:31:24 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/11/17 10:31:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/17 10:31:13 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/17 10:22:29 | 001,085,542 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2013/11/17 09:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/17 09:19:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-6543664-2043801977-3085460779-1000UA.job
[2013/11/16 21:19:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-6543664-2043801977-3085460779-1000Core.job
[2013/11/16 17:33:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/11/15 17:49:11 | 000,001,245 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TranslateGeniusAgent.lnk
[2013/11/14 16:59:06 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/11/12 15:28:18 | 000,779,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/12 15:28:18 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/12 15:28:18 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/11/17 10:22:26 | 001,085,542 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2013/11/15 17:49:11 | 000,001,245 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TranslateGeniusAgent.lnk
[2013/11/14 16:59:06 | 000,001,251 | ---- | C] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/09/08 17:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 17:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 17:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 12:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 10:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 13:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 11:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 00:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 00:16:15 | 000,000,127 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 04:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012/05/08 21:04:12 | 000,000,906 | ---- | C] () -- C:\Windows\DC.ini
[2012/05/02 21:17:10 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/05/02 21:17:10 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/05/02 21:17:10 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/27 21:27:48 | 000,772,988 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 22:00:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/31 22:11:00 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/11/30 13:16:01 | 000,020,480 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2013/11/05 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2013/11/16 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2012/12/12 02:29:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 13:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2013/11/16 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2013/09/10 11:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 22:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2013/09/14 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2012/04/19 14:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 21:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 21:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 00:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/05 23:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/11/07 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 02:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2011/10/27 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2013/11/15 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC
[2012/03/07 01:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 18:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2013/06/02 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 20:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 19:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2013/09/14 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/09/14 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2013/11/03 15:08:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 06:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
No service found with a name of BITS
SRV:64bit: - [2009/07/13 20:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2009/07/13 20:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/13 20:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/13 20:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/13 20:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 20:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/13 20:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2009/07/13 20:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/13 20:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/13 20:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009/07/13 20:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/08/27 01:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/13 20:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/13 20:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/02 00:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/13 20:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 20:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/13 20:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/13 20:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/13 20:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/13 20:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/13 20:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/13 20:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/13 20:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/13 20:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\erdnt\cache64\qmgr.dll
[2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\SysNative\qmgr.dll
[2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2013/09/03 08:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\Services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\Services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 02:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SERVICES.SETTINGS >
[2013/05/28 17:00:47 | 000,002,995 | ---- | M] () MD5=11645E3CFF6A37231BEF3EDB3701E33F -- C:\Users\Matt\AppData\Roaming\PreSonus\Studio One 2\x64\Services.settings

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/27 10:55:38 | 008,161,008 | ---- | M] () MD5=922FE2CCD384C24201CD7A58C03C104E -- C:\Program Files\Java\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is F88B-6CA2
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Matt
10/14/2011 08:45 PM <JUNCTION> Application Data [C:\Users\Matt\AppData\Roaming]
10/14/2011 08:45 PM <JUNCTION> Cookies [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies]
10/14/2011 08:45 PM <JUNCTION> Local Settings [C:\Users\Matt\AppData\Local]
10/14/2011 08:45 PM <JUNCTION> My Documents [C:\Users\Matt\Documents]
10/14/2011 08:45 PM <JUNCTION> NetHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/14/2011 08:45 PM <JUNCTION> PrintHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/14/2011 08:45 PM <JUNCTION> Recent [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Recent]
10/14/2011 08:45 PM <JUNCTION> SendTo [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\SendTo]
10/14/2011 08:45 PM <JUNCTION> Start Menu [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu]
10/14/2011 08:45 PM <JUNCTION> Templates [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Matt\AppData\Local
10/14/2011 08:45 PM <JUNCTION> Application Data [C:\Users\Matt\AppData\Local]
10/14/2011 08:45 PM <JUNCTION> History [C:\Users\Matt\AppData\Local\Microsoft\Windows\History]
10/14/2011 08:45 PM <JUNCTION> Temporary Internet Files [C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Matt\Documents
10/14/2011 08:45 PM <JUNCTION> My Music [C:\Users\Matt\Music]
10/14/2011 08:45 PM <JUNCTION> My Pictures [C:\Users\Matt\Pictures]
10/14/2011 08:45 PM <JUNCTION> My Videos [C:\Users\Matt\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Matt2
05/24/2013 08:51 PM <JUNCTION> Application Data [C:\Users\Matt2\AppData\Roaming]
05/24/2013 08:51 PM <JUNCTION> Cookies [C:\Users\Matt2\AppData\Roaming\Microsoft\Windows\Cookies]
05/24/2013 08:51 PM <JUNCTION> Local Settings [C:\Users\Matt2\AppData\Local]
05/24/2013 08:51 PM <JUNCTION> My Documents [C:\Users\Matt2\Documents]
05/24/2013 08:51 PM <JUNCTION> NetHood [C:\Users\Matt2\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/24/2013 08:51 PM <JUNCTION> PrintHood [C:\Users\Matt2\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/24/2013 08:51 PM <JUNCTION> Recent [C:\Users\Matt2\AppData\Roaming\Microsoft\Windows\Recent]
05/24/2013 08:51 PM <JUNCTION> SendTo [C:\Users\Matt2\AppData\Roaming\Microsoft\Windows\SendTo]
05/24/2013 08:51 PM <JUNCTION> Start Menu [C:\Users\Matt2\AppData\Roaming\Microsoft\Windows\Start Menu]
05/24/2013 08:51 PM <JUNCTION> Templates [C:\Users\Matt2\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Matt2\AppData\Local
05/24/2013 08:51 PM <JUNCTION> Application Data [C:\Users\Matt2\AppData\Local]
05/24/2013 08:51 PM <JUNCTION> History [C:\Users\Matt2\AppData\Local\Microsoft\Windows\History]
05/24/2013 08:51 PM <JUNCTION> Temporary Internet Files [C:\Users\Matt2\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Matt2\Documents
05/24/2013 08:51 PM <JUNCTION> My Music [C:\Users\Matt2\Music]
05/24/2013 08:51 PM <JUNCTION> My Pictures [C:\Users\Matt2\Pictures]
05/24/2013 08:51 PM <JUNCTION> My Videos [C:\Users\Matt2\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
65 Dir(s) 41,240,637,440 bytes free

< End of report >








OTL Extras logfile created on: 11/17/2013 10:39:59 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.43% Memory free
15.94 Gb Paging File | 14.00 Gb Available in Paging File | 87.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 38.64 Gb Free Space | 4.15% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-6543664-2043801977-3085460779-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22808223-9F47-42A7-8954-A57F03A471BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26A9B80B-FB72-4E14-B7F3-85932BEA365D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78642692-8E92-4748-8239-9F5041D7B8E7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{006DC8D6-AAB8-477A-B986-ADDAC661EA35}" = dir=in | app=c:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicator.exe |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BB226FD-56D3-472B-8F1A-6267A0FCF074}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{16AB2DCD-D23D-4649-8DFB-862B3F6711A5}" = dir=in | app=c:\program files\hp\hp photosmart 6520 series\bin\hpnetworkcommunicatorcom.exe |
"{19BD0423-9C89-4E5A-BF65-7080AE796645}" = dir=in | app=c:\users\matt\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{2174C124-63CC-49F3-A12D-C277D9083551}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{2422ECC5-4B0F-44F8-8A51-7E980593D79C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\tools\benchmark.exe |
"{253B31DA-C179-408F-A363-07484EB66AEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2B8726FD-C298-434F-A1C7-064069014A6C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\addon.exe |
"{318392CA-C5D4-45AB-82E2-695F3F993440}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\tools\addonweb.exe |
"{325BA30D-A23F-4FC7-AB69-472F70C4DFC9}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4BB1279E-B7AC-439A-B34A-71DCF66A8761}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\tools\benchmark.exe |
"{4E762BA5-2B23-41C4-A021-FE179835AE83}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\anno4.exe |
"{569A0A32-56DC-4338-9E4D-14F271F069A6}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A5A00DB-AC80-49CE-B444-6887AFC1361C}" = dir=in | app=c:\program files\hp\hp photosmart 6520 series\bin\devicesetup.exe |
"{5B4DEFED-6810-43C5-A1DE-6E1805D3FA5D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{5BA586D9-85D6-4001-978B-4413D061470B}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\7zs2620\hpdiagnosticcoreui.exe |
"{61A9498D-8D33-4FB3-98C2-679FF2720E7E}" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\bittorrent\bittorrent.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66E07259-D76C-4D68-BDA9-452EC1140BE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71AE8648-F410-41BA-BBB7-F6068E6C59DB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{73E7FEBB-884B-43C3-89C0-5C074A2B0F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe |
"{75E871A5-8281-4D16-90F2-03F42805AD22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7BA56618-0538-4DA5-A1C1-9CD4686DA630}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{7CF7FAD0-43FE-4218-8F6F-B87272D31A40}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{80DCB420-122E-4BE6-9735-B36A4621E49D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\tools\anno4web.exe |
"{81E26179-93B8-478F-9C1A-0EFBAF894ECB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{8360336B-4988-4C59-A579-1613262F6D1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87530382-9F1E-43DA-AD3B-0958CAC7216A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{9D5B7CC6-24A7-4439-8BF2-FBF97A470AA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9DAE36CF-309B-4770-9A5B-80A11860D356}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\tools\addonweb.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD8E853F-C77E-4EB4-8DDE-CBE87497ED92}" = dir=in | app=c:\program files (x86)\namco bandai games\darksouls\darksouls.exe |
"{AF72DB8C-13B6-4AB5-A164-42E56E208D95}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\addon.exe |
"{B64EDB2E-B399-4743-993C-B97F2F42C125}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\7zs2620\hpdiagnosticcoreui.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C0028CB1-A0FF-4F00-B8CD-F3337FA6971A}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1E90285-AB2E-459E-AC7A-61F03D921073}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6B8EB4A-4C36-461D-B7A2-FE48BB733DFE}" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\bittorrent\bittorrent.exe |
"{D941F02A-F3DB-4811-AB9C-DF1B2DB65227}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\tools\anno4web.exe |
"{DB8E2603-DA75-4F37-ADC7-E31BF109003F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E5285FEA-4456-48CF-AEF7-48BA20CBE8AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\dawn of discovery - gold edition\anno4.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EDF7BA15-0912-4AAC-85A9-F04BC3B73794}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1455629-E83F-40AA-B013-6526EA3E5D7A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBA1FE58-C897-48DC-8919-E1E8FD37B85A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{013F4CE2-1CE4-40D5-9B4E-C2960EDCFB35}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"TCP Query User{10C754B5-30B5-4161-A104-9A574CD72681}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{6095AD91-C9FD-42D4-9211-7D33BC72119F}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe |
"TCP Query User{A7D20FA0-14B4-489A-91A4-C8F46BE3E64F}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{B429732D-7076-4B84-AB71-B0C7E096DDFB}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{D00FAF59-98A4-44CE-AC87-5C9D1D66105A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{EC76014C-F1FB-4C75-B257-964711E0E994}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{38D8523D-D26F-4B09-9365-B9A11B560562}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{3D3DA1EC-AB9E-4C76-9D49-33CB3591DCAB}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{729928F5-478C-4AC8-8D34-D8AD59A12336}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"UDP Query User{84BE995C-7FC8-4A6E-908A-B83360A13A6D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{96D4A05E-54DD-48AC-ADF3-DF29F1491EEB}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe |
"UDP Query User{C847CF27-726A-4DE6-9CEA-E714D0165394}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{F0A6795A-AF9B-476D-8287-5F65E48319E7}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1151BCF8-3246-4E34-9C17-22E66318C41C}" = HP Photosmart 6520 series Basic Device Software
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A05D2328-5096-4748-981B-493B1D56BBEB}" = MOTU Hardware
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F144E07C-4019-4092-BE25-B57819C97D2F}" = HP Photosmart 6520 series Product Improvement Study
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PreSonus Studio One 2" = PreSonus Studio One 2 x64
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VidCoder-x64_is1" = VidCoder 1.4.24 (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}" = MorphVOX Pro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2032DA39-C844-43AE-B638-6A4F7496686E}" = Furry Voices for Second Life
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{27D9C90F-575C-4088-85F5-6F25A24B4B2B}_is1" = Aiseesoft Streaming Video Recorder
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2CC32E0E-9A10-4BCC-94F0-614F85375F59}" = Male Voice Pack
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.25
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B886E97-AF5B-46F0-9F48-6BE03149D972}" = Personality Voices
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{573F9269-A022-4C6F-97BD-CF1316A76369}" = Creatures of Darkness
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}" = Fantasy Voice Pack
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{67CEC218-B250-4B4C-B23F-A597EC8DB153}" = Deep Space Voices
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68CE86BC-8CA1-4B4D-A1AC-50C95F8BBC8A}" = Dawn of Discovery - Gold Edition
"{6A09EC92-016B-4032-8CF1-6840B20C254A}" = Dawn of Discovery - Gold Edition
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F2C6EC4-A386-4CAA-9C63-51FCF07A8A42}" = Translate Genius
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7c1da5a1-0b46-49db-b4e4-6bb4e7e4c791}" = find-a-deal
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}" = Galactic Voices
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}" = Belkin N600 DB USB Wireless Adapter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BC038C91-D3C6-4E43-8439-B65976FE7937}" = Sci-Fi Voice Pack
"{C39768C1-82E7-4466-8526-2D8AC44B768F}" = Translator Fun Voice Pack
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}" = Firefall
"{D3293275-1002-41F5-BC37-099B4251FF5B}" = HP Photosmart 6520 series Help
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D947A225-8C23-4E52-866E-CF3967476BFC}" = Female Voice Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1" = Pazera Free FLV to AVI Converter 1.4
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.4.7.2)
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Botanicula_is1" = Botanicula
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cisco Connect" = Cisco Connect
"Dishonored_is1" = Dishonored
"DivX Setup" = DivX Setup
"DOOM Collector's Edition" = DOOM Collector's Edition
"EADM" = EA Download Manager
"Fallout New Vegas_is1" = Fallout New Vegas
"FL Studio 10" = FL Studio 10
"FLV Player2.0.25" = FLV Player
"Fraps" = Fraps (remove only)
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"GOGPACKHOTLINEMIAMI_is1" = Hotline Miami
"Gunpoint_is1" = Gunpoint
"HP Photo Creations" = HP Photo Creations
"ImTOO Movie Maker 6" = ImTOO Movie Maker 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MUSHclient" = MUSHclient (remove only)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Rochard_is1" = Rochard
"Satinav" = The Dark Eye - Chains of Satinav
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"Steam App 105600" = Terraria
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 550" = Left 4 Dead 2
"The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1" = The Elder Scrolls V Skyrim - High Resolution Texture Pack
"The Stanley Parable_is1" = The Stanley Parable
"The Swapper_is1" = The Swapper
"Torchlight II © Runic Games_is1" = Torchlight II © Runic Games version 1
"Tunngle beta_is1" = Tunngle beta
"UmF5bWFuTGVnZW5kcw==_is1" = Rayman Legends
"Uplay" = Uplay
"VirtualCloneDrive" = VirtualCloneDrive
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Xenimus" = Xenimus
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-6543664-2043801977-3085460779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-C:/Users/Matt/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 Beta" = gamelauncher-code4344-beta
"SOE-PlanetSide 2" = PlanetSide 2
"SOE-PlanetSide 2 Test" = PlanetSide 2 Live Test

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2013 1:04:36 PM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/11/2013 3:17:52 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/12/2013 2:32:06 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x527aa462 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e211485 Exception code: 0xc0000005 Fault offset: 0x0000b9bc Faulting
process id: 0xda4 Faulting application start time: 0x01cedf645f6e3291 Faulting application
path: C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\PlanetSide2.exe
Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 25cf9ec3-4b64-11e3-9a2f-8c89a5136da5

Error - 11/12/2013 2:55:07 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/12/2013 5:40:33 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x527aa462 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e211485 Exception code: 0xc0000005 Fault offset: 0x0000b9bc Faulting
process id: 0x1410 Faulting application start time: 0x01cedf805ed20072 Faulting application
path: C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\PlanetSide2.exe
Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 792a8a0d-4b7e-11e3-9a2f-8c89a5136da5

Error - 11/13/2013 5:29:39 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/15/2013 1:04:45 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LCDPictureViewer.exe, version: 3.3.133.0,
time stamp: 0x4a84b067 Faulting module name: LCDPictureViewer.exe, version: 3.3.133.0,
time stamp: 0x4a84b067 Exception code: 0xc0000005 Fault offset: 0x00000000000049e5
Faulting
process id: 0xd1c Faulting application start time: 0x01cee03cbbf8f859 Faulting application
path: C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
Faulting
module path: C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
Report
Id: 7172d539-4db3-11e3-ab15-8c89a5136da5

Error - 11/15/2013 6:02:28 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/16/2013 6:00:57 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/16/2013 7:45:26 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 26.0.0.5066, time
stamp: 0x52853056 Faulting module name: xul.dll, version: 26.0.0.5066, time stamp:
0x52852fea Exception code: 0xc0000005 Fault offset: 0x00187c98 Faulting process id:
0x18b4 Faulting application start time: 0x01cee32574312ded Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: 2a6fce6a-4f19-11e3-bc36-8c89a5136da5

[ System Events ]
Error - 11/6/2013 7:56:35 PM | Computer Name = Matt-PC | Source = volsnap | ID = 393251
Description = The shadow copies of volume C: were aborted because the shadow copy
storage failed to grow.

Error - 11/7/2013 2:40:27 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 11/7/2013 2:42:55 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 11/7/2013 4:16:27 PM | Computer Name = Matt-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/7/2013 6:12:46 PM | Computer Name = Matt-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/8/2013 4:34:34 AM | Computer Name = Matt-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/10/2013 11:48:48 PM | Computer Name = Matt-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:47:05 PM on ?11/?10/?2013 was unexpected.

Error - 11/13/2013 5:49:15 AM | Computer Name = Matt-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/14/2013 4:24:37 PM | Computer Name = Matt-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 11/17/2013 11:18:19 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7034
Description = The UMVPFSrv service terminated unexpectedly. It has done this 1
time(s).


< End of report >
  • 0

#5
Machiavelli

Machiavelli

    Special Agent 007

  • GeekU Senior
  • 2,222 posts
Hello wickkidda!

 

- Uninstalls -

I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):

  • ph
  • bl
  • find-a-deal

- OTL Fix -

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TranslateGeniusAgent.lnk = C:\Users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\TranslateGeniusAgent.exe ()
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    [2013/11/15 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TGF Interactive LLC
    
    :files
    ipconfig /flushdns /c
    ipconfig /release /c
    ipconfig /renew /c
    netsh winsock reset /c
    netsh advfirewall reset /c
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

- Farbar Service Scanner -

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 

Please don't forget to post these logfiles in your next answer:

  • OTL.txt
  • FSS.txt

  • 0

#6
wickkidda

wickkidda

    Member

  • Member
  • PipPipPip
  • 107 posts
There was no "ph" or "bl" in the uninstall programs list but I did uninstall find-a-deal.





OTL logfile created on: 11/17/2013 10:00:40 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.92 Gb Available Physical Memory | 74.19% Memory free
15.94 Gb Paging File | 13.73 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 37.48 Gb Free Space | 4.02% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/16 17:33:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2013/11/15 14:49:37 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 14:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 12:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 16:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/12 14:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 16:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 16:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 16:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 14:49:37 | 003,555,440 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/30 14:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 12:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 15:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 12:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2012/05/25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/15 14:49:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 20:47:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 01:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/14 15:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 15:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 22:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 17:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 17:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 17:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 17:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/01 03:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 01:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 11:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 14:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/02/22 01:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/07/01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 14:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 10:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 14:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 14:49:36 | 000,000,000 | ---D | M]

[2011/10/14 21:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/11/17 10:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2013/09/05 01:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/05/10 19:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2013/10/08 09:32:53 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/09/13 16:15:48 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/11/15 17:49:12 | 000,331,553 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\translategenius@tgfinteractive.com.xpi
[2013/11/08 15:01:56 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/10/10 10:48:43 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 16:30:05 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/11/13 16:28:17 | 000,549,871 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/03 14:58:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [adblock pro] C:\Program Files (x86)\Adblock Pro\abpmain.exe -m File not found
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/17 10:28:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/17 10:18:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/16 17:33:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/11/15 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TGF Interactive
[2013/11/15 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSeMu3
[2013/11/15 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 16:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Cafe
[2013/11/14 16:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Galactic Cafe
[2013/11/13 02:38:27 | 000,000,000 | ---D | C] -- C:\Crash
[2013/11/07 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Beyond_Perception_130826

========== Files - Modified Within 30 Days ==========

[2013/11/17 21:57:53 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2013/11/17 21:57:07 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2013/11/17 21:57:04 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/11/17 21:56:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/17 21:56:53 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/17 21:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/17 21:19:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-6543664-2043801977-3085460779-1000UA.job
[2013/11/17 21:19:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-6543664-2043801977-3085460779-1000Core.job
[2013/11/17 10:38:33 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 10:38:33 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 10:22:29 | 001,085,542 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2013/11/16 17:33:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/11/14 16:59:06 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/11/12 15:28:18 | 000,779,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/12 15:28:18 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/12 15:28:18 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/11/17 10:22:26 | 001,085,542 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2013/11/14 16:59:06 | 000,001,251 | ---- | C] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/09/08 17:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 17:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 17:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 12:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 10:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 13:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 11:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 00:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 00:16:15 | 000,000,127 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 04:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012/05/08 21:04:12 | 000,000,906 | ---- | C] () -- C:\Windows\DC.ini
[2012/05/02 21:17:10 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/05/02 21:17:10 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/05/02 21:17:10 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/27 21:27:48 | 000,772,988 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 22:00:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/31 22:11:00 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/11/30 13:16:01 | 000,020,480 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2013/11/05 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2013/11/16 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2012/12/12 02:29:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 13:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2013/11/16 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2013/09/10 11:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 22:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2013/09/14 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2012/04/19 14:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 21:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 21:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 00:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/05 23:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/11/07 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 02:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2011/10/27 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 01:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 18:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2013/06/02 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 20:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 19:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2013/09/14 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/09/14 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2013/11/03 15:08:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 06:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG

========== Purity Check ==========



< End of report >









Farbar Service Scanner Version: 10-11-2013
Ran by Matt (administrator) on 17-11-2013 at 22:09:10
Running from "C:\Users\Matt\Desktop"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-10-14 21:46] - [2011-06-21 01:27] - 1896832 ____A (Microsoft Corporation) B9D87C7707F058AC652A398CD28DE14B

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#7
Machiavelli

Machiavelli

    Special Agent 007

  • GeekU Senior
  • 2,222 posts
Hello wickkidda!

 

Erunt

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Fixing BITS Service

  • Please download the Attachment to your Desktop (BITS.reg)
  • Right-Click on BITS.reg, and select Merge
  • A confirmation prompt will appear. Click Ok.

Farbar Service Scanner

Please start FSS again
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    [2013/11/15 17:49:12 | 000,331,553 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\translategenius@tgfinteractive.com.xpi
    [2013/11/15 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TGF Interactive
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}"=-
    "{185F9795-9663-4F13-9EF9-307A282ADB5A}"=-
    
    :Commands
    [EMPTYTEMP]
     
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

Question

How is your Computer running? Any issues?

 

Please don't forget to post these logs in your next reply:

  • FSS.txt
  • OTL.txt
  • Answer to my beautiful question :P

Attached Files


  • 0

#8
wickkidda

wickkidda

    Member

  • Member
  • PipPipPip
  • 107 posts
I'm posting the OTL log from the fix too because it says the two registry things you tried to uninstall were not found. There are no problems that I can see, I don't think.




All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\translategenius@tgfinteractive.com.xpi moved successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TGF Interactive\Translate Genius folder moved successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TGF Interactive folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{2A075BB4-E976-4278-BF3F-E5C6945D84C0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{185F9795-9663-4F13-9EF9-307A282ADB5A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{185F9795-9663-4F13-9EF9-307A282ADB5A}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 11458565 bytes
->Temporary Internet Files folder emptied: 2003614 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 375154470 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2100 bytes

User: Matt2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8232 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 371.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11182013_104755

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...








Farbar Service Scanner Version: 10-11-2013
Ran by Matt (administrator) on 18-11-2013 at 10:47:06
Running from "C:\Users\Matt\Desktop"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-10-14 21:46] - [2011-06-21 01:27] - 1896832 ____A (Microsoft Corporation) B9D87C7707F058AC652A398CD28DE14B

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****








OTL logfile created on: 11/18/2013 10:55:12 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 74.01% Memory free
15.94 Gb Paging File | 13.72 Gb Available in Paging File | 86.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 36.48 Gb Free Space | 3.92% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/16 17:33:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2013/11/15 14:49:37 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 14:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 12:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 16:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/12 14:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 16:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 16:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 16:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 14:49:37 | 003,555,440 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/30 14:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 12:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 15:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 12:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/15 14:49:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 20:47:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 01:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/14 15:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 15:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 22:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 17:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 17:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 17:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 17:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/01 03:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 01:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 11:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 14:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/02/22 01:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/07/01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 14:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 10:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 14:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 14:49:36 | 000,000,000 | ---D | M]

[2011/10/14 21:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/11/18 10:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2013/09/05 01:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/05/10 19:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2013/10/08 09:32:53 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/09/13 16:15:48 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/11/08 15:01:56 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/10/10 10:48:43 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 16:30:05 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/11/13 16:28:17 | 000,549,871 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/03 14:58:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [adblock pro] C:\Program Files (x86)\Adblock Pro\abpmain.exe -m File not found
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/18 10:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/18 10:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/11/17 22:08:15 | 000,360,775 | ---- | C] (Farbar) -- C:\Users\Matt\Desktop\FSS.exe
[2013/11/17 10:28:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/17 10:18:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/16 17:33:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/11/15 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSeMu3
[2013/11/15 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 16:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Cafe
[2013/11/14 16:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Galactic Cafe
[2013/11/13 02:38:27 | 000,000,000 | ---D | C] -- C:\Crash
[2013/11/07 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Beyond_Perception_130826

========== Files - Modified Within 30 Days ==========

[2013/11/18 10:58:10 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/18 10:58:10 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/18 10:51:27 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2013/11/18 10:50:33 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2013/11/18 10:50:31 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/11/18 10:50:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/18 10:50:20 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/18 10:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/18 10:45:52 | 000,006,288 | ---- | M] () -- C:\Users\Matt\Desktop\BITS.reg
[2013/11/18 10:40:13 | 000,000,880 | ---- | M] () -- C:\Users\Matt\Desktop\NTREGOPT.lnk
[2013/11/18 10:40:13 | 000,000,861 | ---- | M] () -- C:\Users\Matt\Desktop\ERUNT.lnk
[2013/11/18 09:19:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-6543664-2043801977-3085460779-1000UA.job
[2013/11/17 22:08:17 | 000,360,775 | ---- | M] (Farbar) -- C:\Users\Matt\Desktop\FSS.exe
[2013/11/17 21:19:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-6543664-2043801977-3085460779-1000Core.job
[2013/11/17 10:22:29 | 001,085,542 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2013/11/16 17:33:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/11/14 16:59:06 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/11/12 15:28:18 | 000,779,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/12 15:28:18 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/12 15:28:18 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/11/18 10:45:50 | 000,006,288 | ---- | C] () -- C:\Users\Matt\Desktop\BITS.reg
[2013/11/18 10:40:13 | 000,000,880 | ---- | C] () -- C:\Users\Matt\Desktop\NTREGOPT.lnk
[2013/11/18 10:40:13 | 000,000,861 | ---- | C] () -- C:\Users\Matt\Desktop\ERUNT.lnk
[2013/11/17 10:22:26 | 001,085,542 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2013/11/14 16:59:06 | 000,001,251 | ---- | C] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/09/08 17:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 17:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 17:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 12:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 10:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 13:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 11:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 00:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 00:16:15 | 000,000,127 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 04:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012/05/08 21:04:12 | 000,000,906 | ---- | C] () -- C:\Windows\DC.ini
[2012/05/02 21:17:10 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/05/02 21:17:10 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/05/02 21:17:10 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/27 21:27:48 | 000,772,988 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 22:00:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/31 22:11:00 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/11/30 13:16:01 | 000,020,480 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2013/11/05 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2013/11/16 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2012/12/12 02:29:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 13:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2013/11/16 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2013/09/10 11:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 22:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2013/09/14 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2012/04/19 14:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 21:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 21:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 00:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/05 23:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/11/07 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 02:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2011/10/27 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 01:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 18:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2013/06/02 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 20:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 19:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2013/09/14 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/09/14 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2013/11/03 15:08:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 06:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG

========== Purity Check ==========



< End of report >
  • 0

#9
Machiavelli

Machiavelli

    Special Agent 007

  • GeekU Senior
  • 2,222 posts
ComboFix

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Please download Combofix from one of the following locations:

Download Mirror #1
Download Mirror #2
Download Mirror #3


Note: You must save this directly to your Desktop.

  • Save any open documents, then close any open programs.
  • Disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Double-click on combofix.exe then follow the on screen prompts
  • When Combofix finishes, it will open the log. Please Copy (Ctrl + C) and Paste (Ctrl + V) all of this text into your next post.

If, for whatever reason, the log does not open, it can be found in this location: C:\combofix.txt
  • 0

#10
wickkidda

wickkidda

    Member

  • Member
  • PipPipPip
  • 107 posts
ComboFix 13-11-18.01 - Matt 11/18/2013 14:17:00.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8164.5488 [GMT -5:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 )))))))))))))))))))))))))))))))
.
.
2013-11-18 19:23 . 2013-11-18 19:23 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6A3C10B-8540-48D0-B8B2-E2C65E7AA624}\offreg.dll
2013-11-18 19:22 . 2013-11-18 19:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-18 19:22 . 2013-11-18 19:22 -------- d-----w- c:\users\Matt2\AppData\Local\temp
2013-11-18 19:22 . 2013-11-18 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-18 15:40 . 2013-11-18 15:40 -------- d-----w- c:\program files (x86)\ERUNT
2013-11-17 15:28 . 2013-11-17 15:29 -------- d-----w- C:\AdwCleaner
2013-11-17 15:18 . 2013-11-17 15:18 -------- d-----w- C:\_OTL
2013-11-15 22:48 . 2013-11-15 22:48 -------- d-----w- c:\program files (x86)\PSeMu3
2013-11-14 21:56 . 2013-11-14 21:56 -------- d-----w- c:\program files (x86)\Galactic Cafe
2013-11-13 07:38 . 2013-11-13 07:38 -------- d-----w- C:\Crash
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 01:47 . 2011-10-15 02:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 20:51 . 2013-09-14 20:51 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-09-14 20:51 . 2013-09-14 20:51 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-09-08 22:16 . 2013-09-08 22:16 120832 ----a-w- c:\windows\lcmmfu.cpl
2013-09-08 22:16 . 2013-09-08 22:16 45056 ----a-w- c:\windows\mmfs.dll
2013-09-08 22:16 . 2013-09-08 22:16 2560 ----a-w- c:\windows\Runservice.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2A9253YB05TZ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2012-9-6 1457552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackPro.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys;c:\windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]
R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys;c:\windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]
R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys;c:\windows\SYSNATIVE\drivers\Motufwa64.sys [x]
R3 RTL8192cu;Belkin Wireless Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MOTU_ZeroConf;MOTU_ZeroConf;c:\program files (x86)\MOTU\motuDNSResponder.exe;c:\program files (x86)\MOTU\motuDNSResponder.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys;c:\windows\SYSNATIVE\drivers\MotuBus64.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Block This Image (ABP)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-10-08 10:32; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-10-08 10:32; adblockpopups@jessehakanen.net; c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-11-15 17:49; translategenius@tgfinteractive.com; c:\users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\translategenius.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
Wow6432Node-HKLM-Run-adblock pro - c:\program files (x86)\Adblock Pro\abpmain.exe
AddRemove-The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1 - c:\program files (x86)\The Elder Scrolls V Skyrim\unins000.exe
AddRemove-Xenimus - c:\program files (x86)\Xenimus\Uninstal.exe
AddRemove-PlanetSide 2 Beta - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 Beta\Uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-6543664-2043801977-3085460779-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7b,ea,0b,b2,4d,7b,70,08,0f,57,8f,03,14,8d,b5,6a,94,4f,e7,96,f9,32,e9,
7e,9c,8e,d7,6c,52,85,86,d5,28,65,d8,48,83,eb,6f,b4,b9,22,41,49,72,41,9f,52,\
"??"=hex:0e,36,89,5e,e6,e5,10,4a,dd,10,a4,8c,5c,05,ac,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8]
"1"=hex:ed,4b,4a,ed,15,23,49,74,5a,62,6c,ea,06,f6,a6,df
"2"=hex:a9,40,80,f3,45,2c,d5,a1,17,53,11,d7,21,de,a4,9e,70,5f,a0,52,5b,27,ae,
65,1c,9d,59,02,eb,37,2c,7a,87,23,4c,1a,3f,83,53,96
"3"=hex:ed,4b,4a,ed,15,23,49,74,b0,26,52,ff,a0,7d,07,31,e6,5f,d4,da,fb,3f,90,
71,75,14,ea,42,77,9a,7a,ec,d4,b7,cc,3b,f4,0a,33,5b,a4,1e,da,46,25,2d,2a,72,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8\A4C6DC1D7052183A161573F7BA846387]
"1"=hex:1a,dd,98,10,b1,7c,5d,e1
"2"=hex:d2,56,55,6f,09,f0,18,32
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:ed,4b,4a,ed,15,23,49,74,5a,02,d0,c7,f9,dd,f2,e5,3e,e0,99,3d,a8,68,9c,
4f,1f,71,fc,13,23,3b,2c,6b,94,db,ee,08,97,0d,d7,27,bf,b9,1b,eb,26,77,8c,fe,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,24,3b,a3,40,70,f4,fd,
a1,00,ba,e3,b6,1a,60,79,61,fd,8d,5c,16,34,a1,af,3d,b8,5a,df,7c,fd,42,47,b7
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2013-11-18 14:28:24 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-18 19:28
.
Pre-Run: 38,458,908,672 bytes free
Post-Run: 38,301,151,232 bytes free
.
- - End Of File - - D224071D7B712DAEC6407F114A9E9D06
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#11
Machiavelli

Machiavelli

    Special Agent 007

  • GeekU Senior
  • 2,222 posts
Combofix Script

  • Close all open Windows and disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad

    KillAll::
    
    DirLook::
    C:\Crash
    
    DDS::
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    FF - ExtSQL: 2013-11-15 17:49; translategenius@tgfinteractive.com; c:\users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\translategenius.xpi
    
    Folder::
    c:\users\Matt\AppData\Roaming\TGF Interactive LLC
    
  • Go to File > Save As... and save it to your Desktop named CFScript.txt.

    Posted Image
  • Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it will produce a log that can be found at C:\ComboFix.txt. Copy and paste the contents of this into your next post please.

  • 0

#12
wickkidda

wickkidda

    Member

  • Member
  • PipPipPip
  • 107 posts
ComboFix 13-11-19.01 - Matt 11/19/2013 11:54:39.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8164.6277 [GMT -5:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-19 to 2013-11-19 )))))))))))))))))))))))))))))))
.
.
2013-11-19 17:01 . 2013-11-19 17:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6A3C10B-8540-48D0-B8B2-E2C65E7AA624}\offreg.dll
2013-11-19 17:00 . 2013-11-19 17:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-19 17:00 . 2013-11-19 17:00 -------- d-----w- c:\users\Matt2\AppData\Local\temp
2013-11-19 17:00 . 2013-11-19 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-18 15:40 . 2013-11-18 15:40 -------- d-----w- c:\program files (x86)\ERUNT
2013-11-17 15:28 . 2013-11-17 15:29 -------- d-----w- C:\AdwCleaner
2013-11-17 15:18 . 2013-11-17 15:18 -------- d-----w- C:\_OTL
2013-11-15 22:48 . 2013-11-15 22:48 -------- d-----w- c:\program files (x86)\PSeMu3
2013-11-14 21:56 . 2013-11-14 21:56 -------- d-----w- c:\program files (x86)\Galactic Cafe
2013-11-13 07:38 . 2013-11-13 07:38 -------- d-----w- C:\Crash
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 01:47 . 2011-10-15 02:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 20:51 . 2013-09-14 20:51 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-09-14 20:51 . 2013-09-14 20:51 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-09-08 22:16 . 2013-09-08 22:16 120832 ----a-w- c:\windows\lcmmfu.cpl
2013-09-08 22:16 . 2013-09-08 22:16 45056 ----a-w- c:\windows\mmfs.dll
2013-09-08 22:16 . 2013-09-08 22:16 2560 ----a-w- c:\windows\Runservice.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Crash ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2A9253YB05TZ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2012-9-6 1457552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackPro.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys;c:\windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]
R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys;c:\windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]
R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys;c:\windows\SYSNATIVE\drivers\Motufwa64.sys [x]
R3 RTL8192cu;Belkin Wireless Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MOTU_ZeroConf;MOTU_ZeroConf;c:\program files (x86)\MOTU\motuDNSResponder.exe;c:\program files (x86)\MOTU\motuDNSResponder.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys;c:\windows\SYSNATIVE\drivers\MotuBus64.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Block This Image (ABP)
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-10-08 10:32; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-10-08 10:32; adblockpopups@jessehakanen.net; c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-11-15 17:49; translategenius@tgfinteractive.com; c:\users\Matt\AppData\Roaming\TGF Interactive LLC\Translate Genius\translategenius.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1 - c:\program files (x86)\The Elder Scrolls V Skyrim\unins000.exe
AddRemove-Xenimus - c:\program files (x86)\Xenimus\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-6543664-2043801977-3085460779-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7b,ea,0b,b2,4d,7b,70,08,0f,57,8f,03,14,8d,b5,6a,94,4f,e7,96,f9,32,e9,
7e,9c,8e,d7,6c,52,85,86,d5,28,65,d8,48,83,eb,6f,b4,b9,22,41,49,72,41,9f,52,\
"??"=hex:0e,36,89,5e,e6,e5,10,4a,dd,10,a4,8c,5c,05,ac,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8]
"1"=hex:ed,4b,4a,ed,15,23,49,74,5a,62,6c,ea,06,f6,a6,df
"2"=hex:a9,40,80,f3,45,2c,d5,a1,17,53,11,d7,21,de,a4,9e,70,5f,a0,52,5b,27,ae,
65,1c,9d,59,02,eb,37,2c,7a,87,23,4c,1a,3f,83,53,96
"3"=hex:ed,4b,4a,ed,15,23,49,74,b0,26,52,ff,a0,7d,07,31,e6,5f,d4,da,fb,3f,90,
71,75,14,ea,42,77,9a,7a,ec,d4,b7,cc,3b,f4,0a,33,5b,a4,1e,da,46,25,2d,2a,72,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8\A4C6DC1D7052183A161573F7BA846387]
"1"=hex:1a,dd,98,10,b1,7c,5d,e1
"2"=hex:d2,56,55,6f,09,f0,18,32
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:ed,4b,4a,ed,15,23,49,74,5a,02,d0,c7,f9,dd,f2,e5,3e,e0,99,3d,a8,68,9c,
4f,1f,71,fc,13,23,3b,2c,6b,94,db,ee,08,97,0d,d7,27,bf,b9,1b,eb,26,77,8c,fe,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,24,3b,a3,40,70,f4,fd,
a1,00,ba,e3,b6,1a,60,79,61,fd,8d,5c,16,34,a1,af,3d,b8,5a,df,7c,fd,42,47,b7
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2013-11-19 12:05:43 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-19 17:05
ComboFix2.txt 2013-11-18 19:28
.
Pre-Run: 37,824,438,272 bytes free
Post-Run: 37,783,248,896 bytes free
.
- - End Of File - - 75F854FA828239A279E3D0584B27C50F
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#13
Machiavelli

Machiavelli

    Special Agent 007

  • GeekU Senior
  • 2,222 posts
OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :Files
    c:\users\Matt\AppData\Roaming\TGF Interactive LLC
    C:\Crash
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

Question

How is your computer running? Any issues?
  • 0

#14
wickkidda

wickkidda

    Member

  • Member
  • PipPipPip
  • 107 posts
The fix said not found again. I don't know if it means anything but just in case I'm posting that and then the scan after reboot.



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder c:\users\Matt\AppData\Roaming\TGF Interactive LLC not found.
C:\Crash folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 1597955 bytes
->Temporary Internet Files folder emptied: 843953 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 384203112 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 13747 bytes

User: Matt2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 369.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11192013_132250

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...










OTL logfile created on: 11/19/2013 1:30:40 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 73.68% Memory free
15.94 Gb Paging File | 13.68 Gb Available in Paging File | 85.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 38.54 Gb Free Space | 4.14% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/16 17:33:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2013/11/15 14:49:37 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 14:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/10/08 20:47:20 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 12:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 16:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/12 14:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 16:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 16:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 16:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 14:49:37 | 003,555,440 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/30 14:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 12:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 15:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/10/08 20:47:20 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/06 17:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 12:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2012/05/25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/15 14:49:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 20:47:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/08 17:16:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 01:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/06 17:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/14 15:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 15:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 22:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 17:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 17:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 17:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 17:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/01 03:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 01:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 11:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 14:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/02/22 01:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/07/01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 14:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 10:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 14:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 14:49:36 | 000,000,000 | ---D | M]

[2011/10/14 21:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/11/18 10:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2013/09/05 01:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/05/10 19:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2013/10/08 09:32:53 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/09/13 16:15:48 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/11/08 15:01:56 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/10/10 10:48:43 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 16:30:05 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/11/13 16:28:17 | 000,549,871 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 14:49:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/11/19 12:01:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/19 12:01:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/11/19 12:00:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/18 14:15:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/18 14:15:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/18 14:15:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/18 14:15:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/18 14:12:59 | 005,146,522 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2013/11/18 10:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/18 10:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/11/17 22:08:15 | 000,360,775 | ---- | C] (Farbar) -- C:\Users\Matt\Desktop\FSS.exe
[2013/11/17 10:28:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/17 10:18:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/16 17:33:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/11/15 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSeMu3
[2013/11/15 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 16:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Cafe
[2013/11/14 16:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Galactic Cafe
[2013/11/07 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Beyond_Perception_130826

========== Files - Modified Within 30 Days ==========

[2013/11/19 13:32:07 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/19 13:32:07 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/19 13:25:43 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2013/11/19 13:25:01 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2013/11/19 13:24:59 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/11/19 13:24:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/19 13:24:49 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/19 12:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/19 12:01:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/19 11:52:53 | 005,146,522 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2013/11/18 10:45:52 | 000,006,288 | ---- | M] () -- C:\Users\Matt\Desktop\BITS.reg
[2013/11/18 10:40:13 | 000,000,880 | ---- | M] () -- C:\Users\Matt\Desktop\NTREGOPT.lnk
[2013/11/18 10:40:13 | 000,000,861 | ---- | M] () -- C:\Users\Matt\Desktop\ERUNT.lnk
[2013/11/17 22:08:17 | 000,360,775 | ---- | M] (Farbar) -- C:\Users\Matt\Desktop\FSS.exe
[2013/11/17 10:22:29 | 001,085,542 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2013/11/16 17:33:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/11/14 16:59:06 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/11/12 15:28:18 | 000,779,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/12 15:28:18 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/12 15:28:18 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/11/18 14:15:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/18 14:15:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/18 14:15:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/18 14:15:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/18 14:15:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/18 10:45:50 | 000,006,288 | ---- | C] () -- C:\Users\Matt\Desktop\BITS.reg
[2013/11/18 10:40:13 | 000,000,880 | ---- | C] () -- C:\Users\Matt\Desktop\NTREGOPT.lnk
[2013/11/18 10:40:13 | 000,000,861 | ---- | C] () -- C:\Users\Matt\Desktop\ERUNT.lnk
[2013/11/17 10:22:26 | 001,085,542 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2013/11/14 16:59:06 | 000,001,251 | ---- | C] () -- C:\Users\Public\Desktop\The Stanley Parable.lnk
[2013/09/08 17:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 17:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 17:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 12:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 10:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 13:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 11:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 00:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 00:16:15 | 000,000,127 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 04:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012/05/08 21:04:12 | 000,000,906 | ---- | C] () -- C:\Windows\DC.ini
[2012/05/02 21:17:10 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/05/02 21:17:10 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/05/02 21:17:10 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/27 21:27:48 | 000,772,988 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 22:00:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/31 22:11:00 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/11/30 13:16:01 | 000,020,480 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/05 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2013/11/16 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2012/12/12 02:29:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 13:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2013/11/16 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2013/09/10 11:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 22:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2013/09/14 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2012/04/19 14:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 21:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 21:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 00:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/05 23:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/11/07 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 02:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2011/10/27 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 01:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 18:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2013/06/02 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 20:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 19:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2013/09/14 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/09/14 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2013/11/03 15:08:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 06:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG

========== Purity Check ==========



< End of report >
  • 0

#15
Machiavelli

Machiavelli

    Special Agent 007

  • GeekU Senior
  • 2,222 posts
How is your computer running? Any issues?
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured