Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Major issues with just about everything [Solved]


  • This topic is locked This topic is locked

#1
badcomputer!

badcomputer!

    Member

  • Member
  • PipPip
  • 37 posts
Hello everyone,

I recently returned from my trip to Vegas where I managed to beat the house, but it seems the person who was houssitting for me beat up me. Upon my return, my computer is slow to do, well, just about everything. IE, redirects me to the www.aartemis.com search site, even after changing it in the options for starting homepage, which means it has lovingly prioritized itself elsewhere. I immediately ran Malwarebyte's Anti-Malware tool and Combofix, but to no avail.

Trying to piece together what happened, there's been a quickpar and a some other extraction utilities that they downloaded which likely caused the problem with piggybacked trojans and malware added on. I'm stuck and have no idea how to proceed so any help will be greatly appreciated. I'm nearly down to simply reinistalling windows at this point, just to clean the computer and start from scratch but would like to try whatever ya'll think first.



OTL Extras logfile created on: 11/21/2013 10:35:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myles\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.02% Memory free
15.96 Gb Paging File | 13.95 Gb Available in Paging File | 87.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.29 Gb Total Space | 589.55 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: MYLES-PC | User Name: Myles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D66143-E47C-45C0-BB8E-0E1BD1B813B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D832C66-D5E0-4C37-AF37-EA3DA6470527}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1231C6D1-BA8B-4A78-8716-90181EB511F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{12D47E10-796A-4632-B0FD-15272DDC247D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{349733E0-0DC5-49E2-9872-A88C10D30BE8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D93FE99-7DA2-4442-8748-ABB99FDB433E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6178C7B8-425E-4A1A-A5D2-00FE047063EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6196179A-890C-4F27-8044-A92103A704AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{6597F990-A698-4248-B736-B31A1B0A8461}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A4DC08F-1B86-4A29-B35C-BBE447FDFD99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{784506E5-58CB-40B5-A6C9-F0E346575D75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{801A0B09-C343-4A86-94A7-D94D231F0C18}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B8DD141-2649-4330-B8AD-7A3BB19E7DC2}" = lport=138 | protocol=17 | dir=in | app=system |
"{8BFC0550-BE47-4F1D-9C3C-262F85731A97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8D473ED5-AEE3-4CF7-BCD3-2DC48E1262BB}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9CCAA42F-797C-46E4-B828-3B1BEBA8C624}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9DA061D2-4196-4F8D-8621-A3BE31BB1E6A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A382EDD4-82AC-4415-B7CE-539D98984F42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBB0CE6B-3191-45E1-A4C8-023D423A3359}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C390F5B3-92FE-47E1-A6B0-DF3E684AA717}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C39B2BD6-F4FE-447A-B13D-B7B362AF74CA}" = lport=445 | protocol=6 | dir=in | app=system |
"{C45BADA4-18C1-442A-A7CC-1F4C81862847}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB2928B5-0D46-4B26-975F-B666CCF039AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0717429-155D-4CBA-B2F4-790D28B5B20A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{DB3724DA-6B0D-4962-A51C-B47EAC0928CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF5D3BA8-A1B0-4ACE-9E84-09A6EC963E47}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9EA6496-64C6-4D24-9597-D582A522E386}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F0148293-DDF4-45A2-A2BD-1B434F1CFC59}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F485DE1E-333D-4ACB-B173-CBE825E25E5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C12DFE-AECE-440D-935A-A74AB954E3EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0549CB99-8EAB-4A62-8795-1BE3CE1D6285}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{08A32408-5CF5-498C-81EB-45DA38BE0A6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{098BFFA9-EF5A-475C-9647-1C2C6EAB3839}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trapped dead\bin\trappeddead.exe |
"{09FE88E4-2994-4A42-943A-46751F467518}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gone home\gonehome.exe |
"{0ACC83FC-DE99-4CC7-A8B6-DAE03D8E79D1}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{0C75CFE2-1F18-41A8-8131-D422F92E42B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{0DA959AC-2118-4DB2-90F4-48475B0334D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10A7ABEB-7DBE-4F85-A1A3-42E82970804A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{1238D9C9-096F-4A2D-8A39-F7F13D28A306}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe |
"{13097945-0AD8-4CAE-B78A-8D64CEB075F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{1354F660-8915-47C4-A571-5F9332ECEE59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{150DFC85-2C7E-4D57-A164-06553BE9207F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1685974E-579E-4EFA-BD17-826AB1074314}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1690B243-5970-4982-AACB-768632275058}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{183EBFA2-262E-432F-B684-53EAC95E87F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{19507A6C-2AC6-4BB2-ABAA-1A215B79CCAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{1A4436FE-11BF-4E77-9ED4-F232804F311B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1BE94941-5E61-4075-998D-E7054684BF90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{1D169CFA-93ED-492F-9A7D-66DBD5BEEC7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E2CB5BD-E645-46C4-8E36-932E5679639D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1F7F8538-D341-4EBD-A98E-0353586C49EE}" = protocol=1 | dir=out | [email protected],-28544 |
"{25F9C4C8-BB57-4741-AB0C-7A5603A74A83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{2889E284-4810-487E-A32A-F204AEE9A97C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{2A1C5246-6D8F-4FDF-A4A8-9F08D877AD98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{2E97EA62-AA33-4FC3-91EB-B54448FB3BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{33F80C95-3117-40E3-9ECC-0374F57548D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{341C99AA-4F9D-474A-B87E-7766996DD655}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics\grotesquetactics.exe |
"{3489B0E6-85C1-45B1-A5F9-9444084A1CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{34BCB00E-ADB0-4192-8F95-537F1C19F77C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics\grotesquetactics.exe |
"{39AEF6DD-A5B8-4E14-824B-3EBBD777BE5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{3B7C35D5-6006-4DCB-B376-31CCD26841DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{3BFFBB01-209D-40D1-A443-1158BA538CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{3C61AAC1-6809-4B0A-8885-A4226019F106}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3C7CADBD-0A97-4E68-A3C0-A335B5A926BC}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{3E359A1B-B1A9-4EE9-A53C-CF287AD22A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{412E7C4F-58E2-4098-BAAE-AB29F8DCA5DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{42FFD4FD-A028-4F6C-8F94-F520E004794B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{44197956-10BC-4077-B9DC-474333366674}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{44967388-FA08-4844-8321-53173F0C68B7}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{457B5B66-486F-4314-8ECE-C375E1A869C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{45968691-34AD-4F95-81DC-82C741991A21}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{47CBB285-01AE-499C-A889-1979769F3178}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4A3C0CB6-DE49-45FC-BEAC-DD136189F2A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4AA8E620-DB0F-4A38-924A-F90AF8A56FDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{4D2C51A5-CDCB-41A6-BC1F-9EAEB482872D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{4EAFAA7D-23EE-437B-A84C-DEC1044F20E2}" = protocol=1 | dir=in | [email protected],-28543 |
"{4F52C4E6-F2B5-4B74-AE5B-A1183E3108A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{5213118D-2C91-45BB-B054-201761FB7AF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{57455248-9F5F-4ADD-A45E-78AA39AB9867}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{583580C9-3A73-41E0-BBC9-0B597103E913}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{5979E03A-6F09-4660-BC8D-1F3EC7940593}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{5ADA51C7-F264-467A-9AFD-5C21A0550F58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{5B8520B1-41D1-40DE-8E54-A0ED60AFE669}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stardrive\stardrive.exe |
"{5E7E4337-C739-4B4F-886A-0C353EB00624}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{5EA41AD1-F90A-4D98-A8A4-D543DA5BE8D7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{6068F79C-64CC-4252-A34A-C335CD109E5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{60B88EC6-4C0D-45AC-9FBD-1259BE1AE83C}" = protocol=58 | dir=in | [email protected],-28545 |
"{62FF912C-DE07-4C57-B374-71DC0048FFF6}" = protocol=17 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"{64012932-9F62-43CE-AA4B-0048120D087C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{64E83EC5-79DB-461C-8265-C203FC271132}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{658AE215-581B-4410-954D-CB54EF9A10D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{66DB37A8-9EF9-4795-9659-74B3A1EBF4F8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6A3716D9-26B5-4B6A-9C86-AEF560DD173B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E41F7ED-9932-4F66-92F2-34BC7AFEA735}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space empires iv deluxe\se4\se4.exe |
"{6EC4F2C1-F596-421E-AE7E-4205C0021748}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{6EFF87DE-E746-4740-A6DE-AADFE7273A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guardians of graxia\guardiansofgraxia.exe |
"{6F8783B2-217A-4B50-A28C-943E1CCA304A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gone home\gonehome.exe |
"{70921912-F69C-4E50-970F-1DBCB72CFDAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{7288CF57-0496-4CBA-AA8A-6339BF3B7E86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{73EC398C-E445-4879-8900-E0F1304E0972}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space empires iv deluxe\se4\se4.exe |
"{779C70FC-0CEC-4CD4-B508-A05329D59232}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{7AF89370-8A48-43BA-A5A0-4F5B06FA2D8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{7B866909-3042-43E6-967B-AB6487E5803B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{7C92ECFB-BE33-4BA9-8C6D-F8E154C33420}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{7CAE4AB5-FFDF-482B-A5D3-2F073C7F7B3A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{7EC36B26-6380-49F3-8742-D892A66F63C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{7FEE8FE9-D11C-4603-BF7B-0F1B65A1A46D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{7FFEFEAB-8C3A-4688-89FE-C3C302A8F721}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{80067DB2-02D0-4229-989A-65634D97E0A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{804E190A-F2E7-4DA1-8F9C-3F5E05D358B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{812B7CAD-2306-4915-B9CD-6E162F9A6682}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trapped dead\bin\trappeddead.exe |
"{81FFFD55-9795-4AE7-A6E7-86DF762280E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{82AC63D0-5D00-495D-9B81-625FD50B8448}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{83776F58-1E29-44A3-A0C9-65110658C42B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{83ED6D5D-326F-49F6-836D-226E0C514525}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stardrive\stardrive.exe |
"{846B2A8F-1E8A-463C-B558-0D391B47DE57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87452239-3B1D-4168-B40F-AC6B25FD204B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{87A077E3-AECD-4DB1-9350-7DF4A75E98CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{89ED1725-BC86-4DD6-B3C8-72CB0352AA26}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8ED0626E-DE06-4F83-AB59-C8FCDB6148BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{8F67DA75-146E-421A-AE7C-28800E249465}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{967CF37B-2BF6-43D3-A27A-69F800C53CA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96B463C5-4939-4330-BA22-239A9C40C785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{974ED5E1-8043-4A57-A487-A420739F493F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{9811C2C3-950E-4C54-A4AA-21B479A62175}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{98F999B5-3135-445E-987E-9B4E6E542FF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{99246C68-82B8-4420-A830-E14EEAFBCB75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{9B2EE76B-7A6B-4E2B-BB78-74E14B35F60F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{9E8D86F2-B9C7-4120-AE76-39A2B688BE7F}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{9EAC0AA5-631B-47F8-8728-8DEE8824DAE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{9EBAA2DF-ABC1-4F71-83A5-55970124238A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\avadon 2\avadon 2.exe |
"{A0876377-714F-4810-B22F-AA3E88742DAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2E6B7ED-DC29-4E8A-BD2C-3146372443D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9F5DE89-BC5A-4399-BA37-E205BB633E4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{ACE7F08F-91B6-4B13-AC36-F878757FADEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{AE1C441B-BD2F-4B2B-A91F-861F96921D96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{B0F6FDFB-DEC5-4F9E-9D04-3048657C52E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{B10DDEBF-5662-4C8C-9E98-C3887DDFB3E9}" = protocol=6 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"{B255AA07-AF46-48F7-933C-2D2818FD7939}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\avadon 2\avadon 2.exe |
"{B30F6B0F-5579-4F2B-AC5D-0AD6B1F07FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{B4BE68EE-116B-4E83-96C4-C548598673AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{B4C69B92-F203-4354-AA70-485D74F23BCD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{B4F4697B-741E-4151-BA8C-29B4C3D2EA38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B624695E-FD6D-4B8D-895D-479B56CA4613}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B6C50D82-0167-4930-A537-726450074717}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{BAF8FBF5-B558-41DB-B337-EB4CB7B8C29D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BB7D3911-53E6-44D4-8CFE-89D5F90DE87F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{C0427416-02F3-4699-B925-D019481CB6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{C1EC0BC2-569A-4C06-A04B-B4EDA0A54F86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{C250184A-AED4-4C23-9427-65B6466F300C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C3DED884-A227-4301-93C6-1CA9C9C355F0}" = protocol=58 | dir=out | [email protected],-28546 |
"{C444A5CA-A098-4F8F-80DD-503D65CADBC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5A6279A-96FA-4306-94FB-032BB46148FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C64DA20F-414E-4FF2-BCC2-C63C03E1E24F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C8A1685E-185A-4A37-B9C8-6D79FA45B229}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C934E2D9-AA20-4973-91B0-BDD11D8F687B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{C9AFCF07-2A85-490E-AB33-A6280C4A570A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{CC40E6F9-9221-49BC-9A34-32802DE052EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guardians of graxia\guardiansofgraxia.exe |
"{D2A504F9-F240-4248-B31F-58EE42D059CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{D2EDCCA0-5B76-47B0-8E63-6F057993EFCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe |
"{D3FFAB9D-1AD1-4235-9A6E-A4D3BBCD1BAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{D576BC9F-E1AE-4B5B-8E6A-A1E05F55AEDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{D5CF4FBC-D804-40AC-BE35-6A34B7C57540}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{D7172C19-E64C-4122-A0DA-D781B70BAEE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{D9FEE864-0265-4154-8DBE-AAFF712D1781}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe |
"{DBDA7F61-388A-4274-83CC-8B3B748B18D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{DE24C6D5-188C-477F-8261-0CAB133936B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E371421A-4822-40A3-A58D-EE38383395FF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E5D54795-BBC7-4051-84DC-16271D79B416}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{ECFE4FDB-B32D-4A6D-848F-712B58B60299}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{ED795C2F-F2F5-4784-BA8D-E9C5B8A6AF88}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F041B25F-BC17-461D-B712-928F5E999D9D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{F28C8806-4F47-43BB-9B28-1B58999631C2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2B3FFA9-A5CF-48CE-BDED-C0CC0F3989BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3A227C1-732A-4184-A683-084A765B0B1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{F64E5BC2-3906-4E16-B00B-9EC942BEEBF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{F6914475-D3B3-4C20-A1B0-B6473BB747C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{F8F28D47-F054-4CF5-9ADD-FB72558B423F}" = protocol=6 | dir=out | app=system |
"{FACAD286-A4BF-4413-94F8-BB775F80EB90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{FB7C3D2B-DF10-4792-9238-7D7896482263}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe |
"{FC1C19AD-C89C-4A89-A27B-77B71C0627E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD884226-4FFE-4D80-8ED1-2B2EB404F207}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FFD74733-575F-443B-84BF-A48E5474A889}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"TCP Query User{01791B73-BDE9-44ED-9538-3E1B77A12C1A}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{045157BD-B212-4E99-8929-B5DE087A8F88}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{083CD629-AFBC-45F0-B80B-959D928A139B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{0CE0381A-6595-407D-B33D-4134281E6E13}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{17F814FF-7D3C-4B55-B45A-1592C56B7F03}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{22A62C8A-9748-47E8-A8F0-3709D3CAC363}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{324D50DB-47C0-47A2-B360-6E71521AC512}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{430FC42C-F64B-4F5D-BD2A-4B8954875FD7}C:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{55F77E05-5755-449B-B74D-17A0E3E8EC3B}C:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd |
"TCP Query User{727F42B5-70C3-40B0-9C82-0D1D0943B9E5}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"TCP Query User{7A69930C-08B8-4AB1-AE42-C55FEB5BC99F}C:\users\myles\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\myles\appdata\local\temp\gw2.exe |
"TCP Query User{819A6CFF-452C-4559-99F0-31B4734CE2FC}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{97ABDDC1-69AD-4882-9C1E-C40B80678F96}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{B6A83A28-7C70-4540-88D8-2CECBCA893DA}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{BBCDC8D2-0235-4743-84F7-3E59C19BA72E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{BCD73650-332D-47DB-B412-EEF65AC55327}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{C4CC05DB-668C-4EC6-91C5-0B52261ED6D0}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{0009FE65-84DD-4173-B0AE-3A7600A62E26}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{252B1274-05FE-4EBF-9043-F54969FB4E37}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{2AF89F9F-9B5D-413F-AAA1-D317AD19C2B7}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{340BE2BA-1C6F-460A-B2D6-31EEB8B4F9D3}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{3B7F8174-0F73-4006-8DA3-71C320C16E66}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{41D772E4-B295-4718-B75B-40BA5EF93727}C:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{52EA4CF7-F5F9-487E-BF83-F7382A339FFE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{5F95A5DB-5856-4F20-961D-A49C223681EA}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{6D32F26D-827D-4C91-AA0E-6614921C8255}C:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd |
"UDP Query User{6ED4A3A7-E278-4BA0-A625-01EDA9A8BBFD}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{705C2CEA-2450-447B-854D-1829B2027514}C:\users\myles\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\myles\appdata\local\temp\gw2.exe |
"UDP Query User{86F03813-8A8F-4664-864C-25C35C0E2FAB}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"UDP Query User{AFE9D224-2652-442F-AFCB-1227290E3BC9}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{B5E43604-7BD7-41F5-BF7D-4B449CAF31E6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{CC0DA8EE-30DF-45C6-A045-47BCB90AEF13}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{EDBF0675-8E94-4B4D-BCFB-CEA96B4BC879}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{F2C6FA87-26F5-4670-A45E-24E76E905A91}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A04DCB25-7040-4935-A30D-8E0A893ABF2D}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}" = WinZip 17.5
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217000F0}" = Java™ 7
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{CA328CDF-A284-445E-AAE7-B24A11E97201}" = MechWarrior Online
"{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}" = DayZ Commander
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.152
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A2BAF Data cache removal" = ARMA 2: British Armed Forces - Data cache removal
"A2PMC Data cache removal" = ARMA 2: Private Military Company - Data cache removal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Diablo III" = Diablo III
"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
"Guild Wars 2" = Guild Wars 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenIt Open It!" = Open It!
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"Steam App 1610" = Space Empires IV Deluxe
"Steam App 17450" = Dragon Age: Origins
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 200710" = Torchlight II
"Steam App 203770" = Crusader Kings II
"Steam App 205530" = Gratuitous Tank Battles
"Steam App 208480" = Assassin’s Creed® III
"Steam App 208580" = Star Wars: Knights of the Old Republic II
"Steam App 212160" = Vindictus
"Steam App 212680" = FTL: Faster Than Light
"Steam App 219150" = Hotline Miami
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 220660" = StarDrive
"Steam App 22380" = Fallout: New Vegas
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 22600" = Worms Reloaded
"Steam App 231430" = Company of Heroes 2 – OPEN BETA
"Steam App 232430" = Gone Home
"Steam App 233310" = Avadon 2: The Corruption
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 33900" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 46450" = Grotesque Tactics: Evil Heroes
"Steam App 46540" = Trapped Dead
"Steam App 46570" = Grotesque Tactics 2 - Dungeons and Donuts
"Steam App 48220" = Might & Magic ® Heroes ® VI
"Steam App 49520" = Borderlands 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 57690" = Tropico 4
"Steam App 65700" = Arma 2: British Armed Forces
"Steam App 65720" = Arma 2: Private Military Company
"Steam App 6860" = Hitman: Blood Money
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 90500" = Guardians of Graxia
"Steam App 9900" = Star Trek Online
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4f004f4a-1930-4b55-83e6-61660211787f}" = MechWarrior Online
"Dropbox" = Dropbox
"SOE-C:/Users/Myles/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
"Zip Opener Packages" = Zip Opener Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2013 5:44:47 PM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/29/2013 3:56:26 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/29/2013 9:40:29 PM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/1/2013 10:29:45 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/2/2013 1:29:12 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/2/2013 6:14:06 PM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/2/2013 11:34:44 PM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/4/2013 9:24:26 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 11/12/2013 10:03:53 AM | Computer Name = Myles-PC | Source = DCOM | ID = 10010
Description =

Error - 11/15/2013 10:27:41 AM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 11/19/2013 8:01:07 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 11/21/2013 9:49:49 AM | Computer Name = Myles-PC | Source = DCOM | ID = 10010
Description =

Error - 11/21/2013 12:12:35 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/21/2013 12:15:32 PM | Computer Name = Myles-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/21/2013 12:16:26 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/21/2013 12:18:52 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 11/21/2013 12:20:11 PM | Computer Name = Myles-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 11/21/2013 12:29:08 PM | Computer Name = Myles-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >
  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Welcome to GeeksToGo, badcomputer!

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

I immediately ran Malwarebyte's Anti-Malware tool and Combofix, but to no avail.

Please post these Logs.

ComboFix Logs are located here: [SystemDriveLetter]:\ComboFix.txt - post the content of this file.

Malwarebytes:

  • Open Malwarebytes
  • Go to the tab Logfiles and double click on the newest one
  • Post the contents of that file in your next reply

Please move OTL.exe which is currently located under the Downloadsfolder (C:\Users\Myles\Downloads) to your Desktop.

OTL Scan

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Checkand Purity Check.
    • Under Extra Registry please check Use Safe List.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list]Repeat for the Extras.txt file.

Aswmbr Scan

  • Download ASWMBR to your Desktop
  • Right click aswMBR.exe and Run as Administrator select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply

Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#3
badcomputer!

badcomputer!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Machiavelli,


Thanks for your assistance.

I've moved everything to the desktop.

I know I ran combofix, but cannot find it nor the logfile anywhere on my computer. Going by your directions above, I'm not going to d/l or run it again until you want me to.


Here is the latest Malware log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Myles :: MYLES-PC [administrator]

11/21/2013 2:29:32 PM
mbam-log-2013-11-21 (14-29-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271282
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


And, just for your information, here is the one that will likely be more helpful that I ran previous to it:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Myles :: MYLES-PC [administrator]

11/21/2013 9:44:25 AM
mbam-log-2013-11-21 (09-44-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263904
Time elapsed: 1 minute(s), 24 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Linksicle\Service\lssvc.exe (PUP.Optional.Linksicle) -> 5624 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 20
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSites.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Sea App (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linksicle (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCR\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A073AC6F-0B69-494C-8D61-60618FA37B4A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCR\Interface\{8A7BE212-5F53-4252-8DCA-1FB5451D4E2B} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lssvc (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aartemis Browser Protecter (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4} (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4} (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKCR\TheSeaApp.Plugin (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C585D593-E7F3-4852-A200-561686EE02E4} (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C585D593-E7F3-4852-A200-561686EE02E4} (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0T1F1P0T1P1O0A -> Quarantined and deleted successfully.

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Aartemis) -> Bad: (http://aartemis.com/...ATR340880308803) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Aartemis) -> Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/...ATR340880308803) Good: (iexplore.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Aartemis) -> Bad: (http://aartemis.com/...ATR340880308803) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Quarantined and repaired successfully.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Aartemis.A) -> Bad: (http://aartemis.com/...ATR340880308803) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 7
C:\Users\Myles\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer) (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle (PUP.Optional.Linksicle) -> Delete on reboot.
C:\Program Files (x86)\Linksicle\3rd Party Licenses (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\IE (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\Service (PUP.Optional.Linksicle) -> Delete on reboot.
C:\Users\Myles\AppData\Roaming\aartemis (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.

Files Detected: 24
C:\Users\Myles\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Local\Temp\is357113909\2198149_stp\cor_aartemis.exe (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Local\Temp\is357113909\2198201_stp\linksicle-setup-1.8.2.0.exe (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\The Sea App.dll.config (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Interop.SHDocVw.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Microsoft.mshtml.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\SpicIEx.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\The Sea App.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Uninstall.exe (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\terms-of-service.rtf (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\Uninstall.exe (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\SimpleSC-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\UAC-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\IE\LinksicleClientIE.dll (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\Service\lssvc.exe (PUP.Optional.Linksicle) -> Delete on reboot.
C:\Users\Myles\AppData\Roaming\aartemis\cor_aartemis.json (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\aartemis\aartemis.exe (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\aartemis\DataBase (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\aartemis\QQBrowserFrame.dll (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.

(end)



Here is the OTL file:

OTL logfile created on: 11/21/2013 11:02:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.18% Memory free
15.96 Gb Paging File | 13.67 Gb Available in Paging File | 85.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.29 Gb Total Space | 586.31 Gb Free Space | 62.96% Space Free | Partition Type: NTFS

Computer Name: MYLES-PC | User Name: Myles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
PRC - [2013/11/12 21:39:06 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/08 14:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/25 10:57:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/06/05 11:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Myles\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2013/11/12 21:39:45 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Myles\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Myles\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/04/13 12:52:23 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/08 14:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/11/21 08:01:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/12 21:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/25 10:57:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/06 16:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/15 11:52:34 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/19 20:04:57 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/02 15:14:52 | 000,058,192 | ---- | M] (Linksicle) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\lsnfd.sys -- (lsnfd)
DRV:64bit: - [2013/09/27 17:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/16 06:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/...ATR340880308803
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 26 5F F0 C9 88 CD 01 [binary data]
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..\SearchScopes,DefaultScope = {196A6F2A-C603-4280-985F-EEC73134E040}
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..\SearchScopes\{196A6F2A-C603-4280-985F-EEC73134E040}: "URL" = http://search.yahoo....47,20028,0,25,0
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..\SearchScopes\{5E823D00-ECE1-401D-B659-4C245A5E7483}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/11/21 09:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myles\AppData\Roaming\Mozilla\Extensions
[2013/11/21 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/21 09:54:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/21 10:16:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Linksicle) - {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files\Linksicle\IE\LinksicleClientIE.dll (Linksicle)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-186217316-381863959-1373005331-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-186217316-381863959-1373005331-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-186217316-381863959-1373005331-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Myles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-186217316-381863959-1373005331-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D551E6-FAF4-4665-A20F-9C942AADF7E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0737EED-D3B9-4BE7-89B8-E8A9E3010A59}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 22:52:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
[2013/11/21 18:08:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Myles\Desktop\aswmbr.exe
[2013/11/21 10:18:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/21 10:17:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/21 10:05:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/21 10:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/11/21 09:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/11/21 09:54:24 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\Mozilla
[2013/11/21 09:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/21 09:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/11/21 09:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/21 09:44:00 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/11/21 09:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Linksicle
[2013/11/21 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\DigitalSite
[2013/11/21 09:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2013/11/21 09:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt
[2013/11/21 09:21:37 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\QuickPar
[2013/11/21 09:18:09 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013/11/21 09:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013/11/21 09:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2013/11/21 09:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2013/11/21 09:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/11/19 18:07:18 | 001,064,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/11/19 18:07:18 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/11/19 18:07:16 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\NVIDIA Corporation
[2013/11/19 18:05:37 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2013/11/19 18:05:37 | 000,028,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2013/11/16 01:42:56 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/16 01:42:56 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/16 01:42:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/16 01:42:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/16 01:42:55 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/16 01:42:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/16 01:42:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/16 01:42:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/16 01:42:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/16 01:42:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/16 01:42:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/16 01:42:53 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/16 01:42:53 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/16 01:42:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/16 01:42:52 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/15 08:32:34 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/15 08:32:22 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/15 08:32:22 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/15 08:32:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/15 08:32:22 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/15 08:32:22 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/15 08:32:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/15 08:32:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/15 08:32:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/15 08:32:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/15 08:32:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/15 08:31:59 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/15 08:31:52 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/15 08:31:52 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/15 08:31:52 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/15 08:31:52 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/03 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\Myles\Documents\Spiderweb Software
[2013/10/28 07:27:45 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
[2013/10/28 07:27:45 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
[2013/10/28 07:27:45 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2013/10/28 07:27:44 | 030,344,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/28 07:27:44 | 025,257,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/28 07:27:44 | 022,933,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/28 07:27:44 | 018,199,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/10/28 07:27:44 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/28 07:27:44 | 015,855,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/28 07:27:44 | 011,426,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/28 07:27:44 | 011,374,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/28 07:27:44 | 009,524,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/28 07:27:44 | 009,480,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/28 07:27:44 | 003,131,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/28 07:27:44 | 003,124,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/28 07:27:44 | 002,946,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/28 07:27:44 | 002,747,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/28 07:27:44 | 001,241,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/28 07:27:44 | 000,696,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/28 07:27:44 | 000,655,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/28 07:27:44 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/28 07:27:44 | 000,560,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/28 07:27:44 | 000,317,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/28 07:27:44 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/28 07:27:44 | 000,168,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/28 07:27:44 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/10/25 18:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/25 10:57:27 | 000,000,000 | ---D | C] -- C:\Users\Myles\Documents\Assassin's Creed III
[2013/10/23 02:02:36 | 000,589,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/21 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
[2013/11/21 22:50:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/21 22:50:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 18:13:48 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 18:13:48 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 18:10:59 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/21 18:10:59 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/21 18:10:59 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/21 18:09:10 | 000,891,200 | ---- | M] () -- C:\Users\Myles\Desktop\SecurityCheck.exe
[2013/11/21 18:09:00 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Myles\Desktop\aswmbr.exe
[2013/11/21 18:06:08 | 2132,717,567 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 10:16:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/21 09:54:18 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/21 09:43:40 | 000,001,681 | ---- | M] () -- C:\Users\Myles\Desktop\Internet Explorer (64-bit).lnk
[2013/11/21 09:43:35 | 000,001,635 | ---- | M] () -- C:\Users\Myles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/21 09:43:19 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/11/21 08:01:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/19 23:57:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/08 14:47:40 | 001,064,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/11/08 14:47:39 | 000,955,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/11/01 07:41:04 | 000,000,222 | ---- | M] () -- C:\Users\Myles\Desktop\Avadon 2 The Corruption.url
[2013/10/25 18:32:56 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/25 10:57:26 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/25 10:57:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/10/23 04:30:23 | 030,344,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/23 04:30:23 | 025,257,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/23 04:30:23 | 022,933,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/23 04:30:23 | 018,286,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/10/23 04:30:23 | 018,199,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/10/23 04:30:23 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/23 04:30:23 | 015,855,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/23 04:30:23 | 015,212,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/10/23 04:30:23 | 011,426,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/23 04:30:23 | 011,374,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/23 04:30:23 | 009,524,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/23 04:30:23 | 009,480,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/23 04:30:23 | 003,131,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/23 04:30:23 | 003,124,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/23 04:30:23 | 003,067,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/10/23 04:30:23 | 002,946,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/23 04:30:23 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/23 04:30:23 | 002,695,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/10/23 04:30:23 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
[2013/10/23 04:30:23 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
[2013/10/23 04:30:23 | 001,435,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013/10/23 04:30:23 | 001,241,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/23 04:30:23 | 000,696,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/23 04:30:23 | 000,655,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/23 04:30:23 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/23 04:30:23 | 000,560,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/23 04:30:23 | 000,317,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/23 04:30:23 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/23 04:30:23 | 000,168,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/23 04:30:23 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/10/23 04:30:23 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/23 02:20:08 | 006,669,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013/10/23 02:20:07 | 003,489,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013/10/23 02:20:05 | 000,219,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013/10/23 02:20:05 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013/10/23 02:20:03 | 003,426,956 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/10/23 02:02:36 | 000,589,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/21 18:09:07 | 000,891,200 | ---- | C] () -- C:\Users\Myles\Desktop\SecurityCheck.exe
[2013/11/21 09:54:18 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/21 09:54:18 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/21 09:43:19 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/11/01 07:41:04 | 000,000,222 | ---- | C] () -- C:\Users\Myles\Desktop\Avadon 2 The Corruption.url
[2013/10/25 10:57:26 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/25 10:57:25 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/10/25 10:57:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/04/08 14:27:06 | 000,000,258 | RHS- | C] () -- C:\Users\Myles\ntuser.pol
[2012/09/24 16:08:32 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/05/13 18:06:38 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/24 12:26:53 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 10:29:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/03/24 10:29:52 | 000,030,387 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/21 09:44:00 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/11/21 09:46:32 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\DigitalSite
[2013/11/21 18:07:11 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Dropbox
[2013/04/10 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Kalypso Media
[2013/05/16 18:00:10 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Might & Magic Heroes VI
[2012/04/13 13:22:15 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\OpenOffice.org
[2013/04/28 08:49:11 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\StarDrive
[2013/11/09 23:44:18 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\TS3Client
[2012/09/06 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\wargaming.net
[2012/08/05 20:51:09 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Xilisoft

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 07:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 07:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 07:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 07:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 07:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 07:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 07:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 07:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 07:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 07:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 07:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 07:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 07:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 07:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 19:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2013/09/03 07:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 17:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 17:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 6890-4136
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Myles
03/24/2012 10:27 AM <JUNCTION> Application Data [C:\Users\Myles\AppData\Roaming]
03/24/2012 10:27 AM <JUNCTION> Cookies [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Cookies]
03/24/2012 10:27 AM <JUNCTION> Local Settings [C:\Users\Myles\AppData\Local]
03/24/2012 10:27 AM <JUNCTION> My Documents [C:\Users\Myles\Documents]
03/24/2012 10:27 AM <JUNCTION> NetHood [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/24/2012 10:27 AM <JUNCTION> PrintHood [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/24/2012 10:27 AM <JUNCTION> Recent [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Recent]
03/24/2012 10:27 AM <JUNCTION> SendTo [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\SendTo]
03/24/2012 10:27 AM <JUNCTION> Start Menu [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu]
03/24/2012 10:27 AM <JUNCTION> Templates [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Myles\AppData\Local
03/24/2012 10:27 AM <JUNCTION> Application Data [C:\Users\Myles\AppData\Local]
03/24/2012 10:27 AM <JUNCTION> History [C:\Users\Myles\AppData\Local\Microsoft\Windows\History]
03/24/2012 10:27 AM <JUNCTION> Temporary Internet Files [C:\Users\Myles\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Myles\AppData\LocalLow
03/24/2012 06:27 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Myles\Documents
03/24/2012 10:27 AM <JUNCTION> My Music [C:\Users\Myles\Music]
03/24/2012 10:27 AM <JUNCTION> My Pictures [C:\Users\Myles\Pictures]
03/24/2012 10:27 AM <JUNCTION> My Videos [C:\Users\Myles\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
03/24/2012 10:38 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
03/24/2012 10:38 AM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
03/24/2012 10:38 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
03/24/2012 10:38 AM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
03/24/2012 10:38 AM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/24/2012 10:38 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/24/2012 10:38 AM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
03/24/2012 10:38 AM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
03/24/2012 10:38 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
03/24/2012 10:38 AM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
03/24/2012 10:38 AM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
03/24/2012 10:38 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
03/24/2012 10:38 AM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC
03/24/2012 10:40 AM <JUNCTION> Application Data [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming]
03/24/2012 10:40 AM <JUNCTION> Cookies [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Cookies]
03/24/2012 10:40 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser.Myles-PC\AppData\Local]
03/24/2012 10:40 AM <JUNCTION> My Documents [C:\Users\UpdatusUser.Myles-PC\Documents]
03/24/2012 10:40 AM <JUNCTION> NetHood [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/24/2012 10:40 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/24/2012 10:40 AM <JUNCTION> Recent [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Recent]
03/24/2012 10:40 AM <JUNCTION> SendTo [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\SendTo]
03/24/2012 10:40 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
03/24/2012 10:40 AM <JUNCTION> Templates [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC\Documents
03/24/2012 10:40 AM <JUNCTION> My Music [C:\Users\UpdatusUser.Myles-PC\Music]
03/24/2012 10:40 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser.Myles-PC\Pictures]
03/24/2012 10:40 AM <JUNCTION> My Videos [C:\Users\UpdatusUser.Myles-PC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC.000
06/10/2013 05:47 PM <JUNCTION> Application Data [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming]
06/10/2013 05:47 PM <JUNCTION> Cookies [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Cookies]
06/10/2013 05:47 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser.Myles-PC.000\AppData\Local]
06/10/2013 05:47 PM <JUNCTION> My Documents [C:\Users\UpdatusUser.Myles-PC.000\Documents]
06/10/2013 05:47 PM <JUNCTION> NetHood [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/10/2013 05:47 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/10/2013 05:47 PM <JUNCTION> Recent [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Recent]
06/10/2013 05:47 PM <JUNCTION> SendTo [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\SendTo]
06/10/2013 05:47 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu]
06/10/2013 05:47 PM <JUNCTION> Templates [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC.000\AppData\Local
06/10/2013 05:47 PM <JUNCTION> Application Data [C:\Users\UpdatusUser.Myles-PC.000\AppData\Local]
06/10/2013 05:47 PM <JUNCTION> History [C:\Users\UpdatusUser.Myles-PC.000\AppData\Local\Microsoft\Windows\History]
06/10/2013 05:47 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser.Myles-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC.000\Documents
06/10/2013 05:47 PM <JUNCTION> My Music [C:\Users\UpdatusUser.Myles-PC.000\Music]
06/10/2013 05:47 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser.Myles-PC.000\Pictures]
06/10/2013 05:47 PM <JUNCTION> My Videos [C:\Users\UpdatusUser.Myles-PC.000\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
92 Dir(s) 630,884,552,704 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >



And here is the extras.txt file:

OTL Extras logfile created on: 11/21/2013 11:02:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.18% Memory free
15.96 Gb Paging File | 13.67 Gb Available in Paging File | 85.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.29 Gb Total Space | 586.31 Gb Free Space | 62.96% Space Free | Partition Type: NTFS

Computer Name: MYLES-PC | User Name: Myles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D66143-E47C-45C0-BB8E-0E1BD1B813B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D832C66-D5E0-4C37-AF37-EA3DA6470527}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1231C6D1-BA8B-4A78-8716-90181EB511F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{12D47E10-796A-4632-B0FD-15272DDC247D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{349733E0-0DC5-49E2-9872-A88C10D30BE8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D93FE99-7DA2-4442-8748-ABB99FDB433E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6178C7B8-425E-4A1A-A5D2-00FE047063EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6196179A-890C-4F27-8044-A92103A704AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{6597F990-A698-4248-B736-B31A1B0A8461}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A4DC08F-1B86-4A29-B35C-BBE447FDFD99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{784506E5-58CB-40B5-A6C9-F0E346575D75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{801A0B09-C343-4A86-94A7-D94D231F0C18}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B8DD141-2649-4330-B8AD-7A3BB19E7DC2}" = lport=138 | protocol=17 | dir=in | app=system |
"{8BFC0550-BE47-4F1D-9C3C-262F85731A97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8D473ED5-AEE3-4CF7-BCD3-2DC48E1262BB}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9CCAA42F-797C-46E4-B828-3B1BEBA8C624}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9DA061D2-4196-4F8D-8621-A3BE31BB1E6A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A382EDD4-82AC-4415-B7CE-539D98984F42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBB0CE6B-3191-45E1-A4C8-023D423A3359}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C390F5B3-92FE-47E1-A6B0-DF3E684AA717}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C39B2BD6-F4FE-447A-B13D-B7B362AF74CA}" = lport=445 | protocol=6 | dir=in | app=system |
"{C45BADA4-18C1-442A-A7CC-1F4C81862847}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB2928B5-0D46-4B26-975F-B666CCF039AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0717429-155D-4CBA-B2F4-790D28B5B20A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{DB3724DA-6B0D-4962-A51C-B47EAC0928CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF5D3BA8-A1B0-4ACE-9E84-09A6EC963E47}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9EA6496-64C6-4D24-9597-D582A522E386}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F0148293-DDF4-45A2-A2BD-1B434F1CFC59}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F485DE1E-333D-4ACB-B173-CBE825E25E5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C12DFE-AECE-440D-935A-A74AB954E3EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0549CB99-8EAB-4A62-8795-1BE3CE1D6285}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{08A32408-5CF5-498C-81EB-45DA38BE0A6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{098BFFA9-EF5A-475C-9647-1C2C6EAB3839}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trapped dead\bin\trappeddead.exe |
"{09FE88E4-2994-4A42-943A-46751F467518}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gone home\gonehome.exe |
"{0ACC83FC-DE99-4CC7-A8B6-DAE03D8E79D1}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{0C75CFE2-1F18-41A8-8131-D422F92E42B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{0DA959AC-2118-4DB2-90F4-48475B0334D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10A7ABEB-7DBE-4F85-A1A3-42E82970804A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{1238D9C9-096F-4A2D-8A39-F7F13D28A306}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe |
"{13097945-0AD8-4CAE-B78A-8D64CEB075F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{1354F660-8915-47C4-A571-5F9332ECEE59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{150DFC85-2C7E-4D57-A164-06553BE9207F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1685974E-579E-4EFA-BD17-826AB1074314}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1690B243-5970-4982-AACB-768632275058}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{183EBFA2-262E-432F-B684-53EAC95E87F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{19507A6C-2AC6-4BB2-ABAA-1A215B79CCAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{1A4436FE-11BF-4E77-9ED4-F232804F311B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1BE94941-5E61-4075-998D-E7054684BF90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{1D169CFA-93ED-492F-9A7D-66DBD5BEEC7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E2CB5BD-E645-46C4-8E36-932E5679639D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1F7F8538-D341-4EBD-A98E-0353586C49EE}" = protocol=1 | dir=out | [email protected],-28544 |
"{25F9C4C8-BB57-4741-AB0C-7A5603A74A83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{2889E284-4810-487E-A32A-F204AEE9A97C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{2A1C5246-6D8F-4FDF-A4A8-9F08D877AD98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{2E97EA62-AA33-4FC3-91EB-B54448FB3BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{33F80C95-3117-40E3-9ECC-0374F57548D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{341C99AA-4F9D-474A-B87E-7766996DD655}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics\grotesquetactics.exe |
"{3489B0E6-85C1-45B1-A5F9-9444084A1CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{34BCB00E-ADB0-4192-8F95-537F1C19F77C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics\grotesquetactics.exe |
"{39AEF6DD-A5B8-4E14-824B-3EBBD777BE5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{3B7C35D5-6006-4DCB-B376-31CCD26841DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{3BFFBB01-209D-40D1-A443-1158BA538CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{3C61AAC1-6809-4B0A-8885-A4226019F106}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3C7CADBD-0A97-4E68-A3C0-A335B5A926BC}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{3E359A1B-B1A9-4EE9-A53C-CF287AD22A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{412E7C4F-58E2-4098-BAAE-AB29F8DCA5DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{42FFD4FD-A028-4F6C-8F94-F520E004794B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{44197956-10BC-4077-B9DC-474333366674}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{44967388-FA08-4844-8321-53173F0C68B7}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{457B5B66-486F-4314-8ECE-C375E1A869C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{45968691-34AD-4F95-81DC-82C741991A21}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{47CBB285-01AE-499C-A889-1979769F3178}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4A3C0CB6-DE49-45FC-BEAC-DD136189F2A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4AA8E620-DB0F-4A38-924A-F90AF8A56FDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{4D2C51A5-CDCB-41A6-BC1F-9EAEB482872D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{4D2CA66C-49EE-4F3F-9122-2A3D3DEAB003}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{4EAFAA7D-23EE-437B-A84C-DEC1044F20E2}" = protocol=1 | dir=in | [email protected],-28543 |
"{4F52C4E6-F2B5-4B74-AE5B-A1183E3108A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{5213118D-2C91-45BB-B054-201761FB7AF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{57455248-9F5F-4ADD-A45E-78AA39AB9867}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{583580C9-3A73-41E0-BBC9-0B597103E913}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{5979E03A-6F09-4660-BC8D-1F3EC7940593}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{5ADA51C7-F264-467A-9AFD-5C21A0550F58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{5B8520B1-41D1-40DE-8E54-A0ED60AFE669}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stardrive\stardrive.exe |
"{5E7E4337-C739-4B4F-886A-0C353EB00624}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{5EA41AD1-F90A-4D98-A8A4-D543DA5BE8D7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{60B88EC6-4C0D-45AC-9FBD-1259BE1AE83C}" = protocol=58 | dir=in | [email protected],-28545 |
"{62FF912C-DE07-4C57-B374-71DC0048FFF6}" = protocol=17 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"{64012932-9F62-43CE-AA4B-0048120D087C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{64E83EC5-79DB-461C-8265-C203FC271132}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{658AE215-581B-4410-954D-CB54EF9A10D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{66DB37A8-9EF9-4795-9659-74B3A1EBF4F8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6A3716D9-26B5-4B6A-9C86-AEF560DD173B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E41F7ED-9932-4F66-92F2-34BC7AFEA735}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space empires iv deluxe\se4\se4.exe |
"{6EC4F2C1-F596-421E-AE7E-4205C0021748}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{6EFF87DE-E746-4740-A6DE-AADFE7273A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guardians of graxia\guardiansofgraxia.exe |
"{6F8783B2-217A-4B50-A28C-943E1CCA304A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gone home\gonehome.exe |
"{70921912-F69C-4E50-970F-1DBCB72CFDAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{7288CF57-0496-4CBA-AA8A-6339BF3B7E86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{73EC398C-E445-4879-8900-E0F1304E0972}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space empires iv deluxe\se4\se4.exe |
"{779C70FC-0CEC-4CD4-B508-A05329D59232}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{7AF89370-8A48-43BA-A5A0-4F5B06FA2D8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{7B866909-3042-43E6-967B-AB6487E5803B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{7C92ECFB-BE33-4BA9-8C6D-F8E154C33420}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{7CAE4AB5-FFDF-482B-A5D3-2F073C7F7B3A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{7EC36B26-6380-49F3-8742-D892A66F63C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{7FEE8FE9-D11C-4603-BF7B-0F1B65A1A46D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{7FFEFEAB-8C3A-4688-89FE-C3C302A8F721}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{80067DB2-02D0-4229-989A-65634D97E0A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{804E190A-F2E7-4DA1-8F9C-3F5E05D358B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{812B7CAD-2306-4915-B9CD-6E162F9A6682}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trapped dead\bin\trappeddead.exe |
"{81FFFD55-9795-4AE7-A6E7-86DF762280E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{82AC63D0-5D00-495D-9B81-625FD50B8448}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{83776F58-1E29-44A3-A0C9-65110658C42B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{83ED6D5D-326F-49F6-836D-226E0C514525}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stardrive\stardrive.exe |
"{846B2A8F-1E8A-463C-B558-0D391B47DE57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87452239-3B1D-4168-B40F-AC6B25FD204B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{87A077E3-AECD-4DB1-9350-7DF4A75E98CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{89ED1725-BC86-4DD6-B3C8-72CB0352AA26}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8ED0626E-DE06-4F83-AB59-C8FCDB6148BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{8F67DA75-146E-421A-AE7C-28800E249465}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{967CF37B-2BF6-43D3-A27A-69F800C53CA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96B463C5-4939-4330-BA22-239A9C40C785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{974ED5E1-8043-4A57-A487-A420739F493F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{9811C2C3-950E-4C54-A4AA-21B479A62175}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{99246C68-82B8-4420-A830-E14EEAFBCB75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{9B2EE76B-7A6B-4E2B-BB78-74E14B35F60F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{9E8D86F2-B9C7-4120-AE76-39A2B688BE7F}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{9EAC0AA5-631B-47F8-8728-8DEE8824DAE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{9EBAA2DF-ABC1-4F71-83A5-55970124238A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\avadon 2\avadon 2.exe |
"{A0876377-714F-4810-B22F-AA3E88742DAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2E6B7ED-DC29-4E8A-BD2C-3146372443D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9F5DE89-BC5A-4399-BA37-E205BB633E4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{ACE7F08F-91B6-4B13-AC36-F878757FADEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{AE1C441B-BD2F-4B2B-A91F-861F96921D96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{B0F6FDFB-DEC5-4F9E-9D04-3048657C52E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{B10DDEBF-5662-4C8C-9E98-C3887DDFB3E9}" = protocol=6 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"{B255AA07-AF46-48F7-933C-2D2818FD7939}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\avadon 2\avadon 2.exe |
"{B30F6B0F-5579-4F2B-AC5D-0AD6B1F07FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{B4BE68EE-116B-4E83-96C4-C548598673AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{B4C69B92-F203-4354-AA70-485D74F23BCD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{B4F4697B-741E-4151-BA8C-29B4C3D2EA38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B624695E-FD6D-4B8D-895D-479B56CA4613}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B6C50D82-0167-4930-A537-726450074717}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{BAF8FBF5-B558-41DB-B337-EB4CB7B8C29D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BB7D3911-53E6-44D4-8CFE-89D5F90DE87F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{C0427416-02F3-4699-B925-D019481CB6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{C1EC0BC2-569A-4C06-A04B-B4EDA0A54F86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{C250184A-AED4-4C23-9427-65B6466F300C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C3DED884-A227-4301-93C6-1CA9C9C355F0}" = protocol=58 | dir=out | [email protected],-28546 |
"{C444A5CA-A098-4F8F-80DD-503D65CADBC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5A6279A-96FA-4306-94FB-032BB46148FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C64DA20F-414E-4FF2-BCC2-C63C03E1E24F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C8A1685E-185A-4A37-B9C8-6D79FA45B229}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C934E2D9-AA20-4973-91B0-BDD11D8F687B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{C9AFCF07-2A85-490E-AB33-A6280C4A570A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{CC40E6F9-9221-49BC-9A34-32802DE052EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guardians of graxia\guardiansofgraxia.exe |
"{D2A504F9-F240-4248-B31F-58EE42D059CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{D2EDCCA0-5B76-47B0-8E63-6F057993EFCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe |
"{D3FFAB9D-1AD1-4235-9A6E-A4D3BBCD1BAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{D576BC9F-E1AE-4B5B-8E6A-A1E05F55AEDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{D5CF4FBC-D804-40AC-BE35-6A34B7C57540}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{D7172C19-E64C-4122-A0DA-D781B70BAEE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{D9FEE864-0265-4154-8DBE-AAFF712D1781}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe |
"{DBDA7F61-388A-4274-83CC-8B3B748B18D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{DE24C6D5-188C-477F-8261-0CAB133936B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE2DBBA8-1FBF-4D72-926C-8149B95F9114}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{E371421A-4822-40A3-A58D-EE38383395FF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E5D54795-BBC7-4051-84DC-16271D79B416}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{ECFE4FDB-B32D-4A6D-848F-712B58B60299}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{ED795C2F-F2F5-4784-BA8D-E9C5B8A6AF88}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F041B25F-BC17-461D-B712-928F5E999D9D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{F28C8806-4F47-43BB-9B28-1B58999631C2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2B3FFA9-A5CF-48CE-BDED-C0CC0F3989BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3A227C1-732A-4184-A683-084A765B0B1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{F64E5BC2-3906-4E16-B00B-9EC942BEEBF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{F6914475-D3B3-4C20-A1B0-B6473BB747C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{F8F28D47-F054-4CF5-9ADD-FB72558B423F}" = protocol=6 | dir=out | app=system |
"{FACAD286-A4BF-4413-94F8-BB775F80EB90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{FB7C3D2B-DF10-4792-9238-7D7896482263}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe |
"{FC1C19AD-C89C-4A89-A27B-77B71C0627E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD884226-4FFE-4D80-8ED1-2B2EB404F207}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FFD74733-575F-443B-84BF-A48E5474A889}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"TCP Query User{01791B73-BDE9-44ED-9538-3E1B77A12C1A}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{045157BD-B212-4E99-8929-B5DE087A8F88}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{083CD629-AFBC-45F0-B80B-959D928A139B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{0CE0381A-6595-407D-B33D-4134281E6E13}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{17F814FF-7D3C-4B55-B45A-1592C56B7F03}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{22A62C8A-9748-47E8-A8F0-3709D3CAC363}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{324D50DB-47C0-47A2-B360-6E71521AC512}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{430FC42C-F64B-4F5D-BD2A-4B8954875FD7}C:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{55F77E05-5755-449B-B74D-17A0E3E8EC3B}C:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd |
"TCP Query User{727F42B5-70C3-40B0-9C82-0D1D0943B9E5}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"TCP Query User{7A69930C-08B8-4AB1-AE42-C55FEB5BC99F}C:\users\myles\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\myles\appdata\local\temp\gw2.exe |
"TCP Query User{819A6CFF-452C-4559-99F0-31B4734CE2FC}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{97ABDDC1-69AD-4882-9C1E-C40B80678F96}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{B6A83A28-7C70-4540-88D8-2CECBCA893DA}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{BBCDC8D2-0235-4743-84F7-3E59C19BA72E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{BCD73650-332D-47DB-B412-EEF65AC55327}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{C4CC05DB-668C-4EC6-91C5-0B52261ED6D0}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{0009FE65-84DD-4173-B0AE-3A7600A62E26}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{252B1274-05FE-4EBF-9043-F54969FB4E37}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{2AF89F9F-9B5D-413F-AAA1-D317AD19C2B7}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{340BE2BA-1C6F-460A-B2D6-31EEB8B4F9D3}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{3B7F8174-0F73-4006-8DA3-71C320C16E66}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{41D772E4-B295-4718-B75B-40BA5EF93727}C:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{52EA4CF7-F5F9-487E-BF83-F7382A339FFE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{5F95A5DB-5856-4F20-961D-A49C223681EA}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{6D32F26D-827D-4C91-AA0E-6614921C8255}C:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd |
"UDP Query User{6ED4A3A7-E278-4BA0-A625-01EDA9A8BBFD}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{705C2CEA-2450-447B-854D-1829B2027514}C:\users\myles\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\myles\appdata\local\temp\gw2.exe |
"UDP Query User{86F03813-8A8F-4664-864C-25C35C0E2FAB}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"UDP Query User{AFE9D224-2652-442F-AFCB-1227290E3BC9}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{B5E43604-7BD7-41F5-BF7D-4B449CAF31E6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{CC0DA8EE-30DF-45C6-A045-47BCB90AEF13}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{EDBF0675-8E94-4B4D-BCFB-CEA96B4BC879}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{F2C6FA87-26F5-4670-A45E-24E76E905A91}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A04DCB25-7040-4935-A30D-8E0A893ABF2D}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}" = WinZip 17.5
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217000F0}" = Java™ 7
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{CA328CDF-A284-445E-AAE7-B24A11E97201}" = MechWarrior Online
"{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}" = DayZ Commander
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.152
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A2BAF Data cache removal" = ARMA 2: British Armed Forces - Data cache removal
"A2PMC Data cache removal" = ARMA 2: Private Military Company - Data cache removal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Diablo III" = Diablo III
"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
"Guild Wars 2" = Guild Wars 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenIt Open It!" = Open It!
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"Steam App 1610" = Space Empires IV Deluxe
"Steam App 17450" = Dragon Age: Origins
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 200710" = Torchlight II
"Steam App 203770" = Crusader Kings II
"Steam App 205530" = Gratuitous Tank Battles
"Steam App 208480" = Assassin’s Creed® III
"Steam App 208580" = Star Wars: Knights of the Old Republic II
"Steam App 212160" = Vindictus
"Steam App 212680" = FTL: Faster Than Light
"Steam App 219150" = Hotline Miami
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 220660" = StarDrive
"Steam App 22380" = Fallout: New Vegas
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 22600" = Worms Reloaded
"Steam App 231430" = Company of Heroes 2 – OPEN BETA
"Steam App 232430" = Gone Home
"Steam App 233310" = Avadon 2: The Corruption
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 33900" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 46450" = Grotesque Tactics: Evil Heroes
"Steam App 46540" = Trapped Dead
"Steam App 46570" = Grotesque Tactics 2 - Dungeons and Donuts
"Steam App 48220" = Might & Magic ® Heroes ® VI
"Steam App 49520" = Borderlands 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 57690" = Tropico 4
"Steam App 65700" = Arma 2: British Armed Forces
"Steam App 65720" = Arma 2: Private Military Company
"Steam App 6860" = Hitman: Blood Money
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 90500" = Guardians of Graxia
"Steam App 9900" = Star Trek Online
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4f004f4a-1930-4b55-83e6-61660211787f}" = MechWarrior Online
"Dropbox" = Dropbox
"SOE-C:/Users/Myles/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
"Zip Opener Packages" = Zip Opener Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2013 10:29:45 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/2/2013 1:29:12 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/2/2013 6:14:06 PM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/2/2013 11:34:44 PM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/4/2013 9:24:26 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 11/21/2013 9:49:49 AM | Computer Name = Myles-PC | Source = DCOM | ID = 10010
Description =

Error - 11/21/2013 12:12:35 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/21/2013 12:15:32 PM | Computer Name = Myles-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/21/2013 12:16:26 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/21/2013 12:18:52 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 11/21/2013 12:20:11 PM | Computer Name = Myles-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 11/21/2013 12:29:08 PM | Computer Name = Myles-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 11/21/2013 4:27:59 PM | Computer Name = Myles-PC | Source = nvlddmkm | ID = 11141134
Description =

Error - 11/21/2013 8:06:16 PM | Computer Name = Myles-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:28:14 PM on ?11/?21/?2013 was unexpected.

Error - 11/22/2013 12:52:40 AM | Computer Name = Myles-PC | Source = nvlddmkm | ID = 11141134
Description =


< End of report >



Here is the ASWMBR scan results:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-21 23:12:33
-----------------------------
23:12:33.201 OS Version: Windows x64 6.1.7601 Service Pack 1
23:12:33.201 Number of processors: 4 586 0x2A07
23:12:33.201 ComputerName: MYLES-PC UserName: Myles
23:12:33.261 Initialze error 1
23:12:53.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:12:53.033 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11
23:12:53.043 Disk 0 MBR read successfully
23:12:53.043 Disk 0 MBR scan
23:12:53.043 Disk 0 unknown MBR code
23:12:53.053 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
23:12:53.053 Disk 0 scanning C:\Windows\system32\drivers
23:12:53.053 Service scanning
23:12:53.893 Modules scanning
23:12:53.893 Disk 0 trace - called modules:
23:12:53.903 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:12:53.903 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077d0060]
23:12:53.903 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8007520520]
23:12:53.913 5 ACPI.sys[fffff88000f287a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007510060]
23:12:53.913 Scan finished successfully
23:13:07.785 Disk 0 MBR has been saved successfully to "C:\Users\Myles\Desktop\MBR.dat"
23:13:07.785 The log file has been saved successfully to "C:\Users\Myles\Desktop\aswMBR.txt"


Security Check Log:

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 7
Java 7 Update 15
Java version out of Date!
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Virus Total

I'm unsure on these file(s) so let's double check them with Virus Total:

  • Go to VirusTotal
  • Click Posted Image
  • Navigate to the following file, select it, then press OK

    • C:\Users\Myles\Desktop\MBR.dat
  • Then click the Scan button
  • If you receive a message saying the File has already been analyzed, click Reanalyze file now.
  • Once it has finished scanning, copy and paste the results into your next post


OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    DRV:64bit: - [2013/10/02 15:14:52 | 000,058,192 | ---- | M] (Linksicle) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\lsnfd.sys -- (lsnfd)
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/...ATR340880308803
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis....q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
    IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..\SearchScopes\{5E823D00-ECE1-401D-B659-4C245A5E7483}: "URL" = http://www.mysearchr...q={searchTerms}
    O2:64bit: - BHO: (Linksicle) - {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files\Linksicle\IE\LinksicleClientIE.dll (Linksicle)
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    [2013/11/21 09:44:00 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
    [2013/11/21 09:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Linksicle
    [2013/11/21 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\DigitalSite
    [2013/11/21 09:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

OTL QuickScan

  • Run OTL by double-clicking on it.
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Questions

How is your computer running? Any issues?
  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
For the OTL Fix above :

After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.


You needn't do this - this was an error in the canned speech. After the reboot a log will open - please post the contents of that file into your next reply. Thanks. Please don't do this Quick Scan, please do the Quickscan after you finished with the JRT Tool.
  • 0

#6
badcomputer!

badcomputer!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Machiavelli,


Here are the results of the file scan:

SHA256: 40a0006f4b07795c624c318bfc3fd4355d5318d6811e83ca1d612d96843a6e06
File name: MBR.dat
Detection ratio: 0 / 47
Analysis date: 2013-11-22 16:51:08 UTC ( 0 minutes ago )

Agnitum 20131122
AhnLab-V3 20131122
AntiVir 20131122
Antiy-AVL 20131122
Avast 20131122
AVG 20131122
Baidu-International 20131122
BitDefender 20131122
Bkav 20131122
ByteHero 20131118
CAT-QuickHeal 20131122
ClamAV 20131122
Commtouch 20131122
Comodo 20131122
DrWeb 20131122
Emsisoft 20131122
ESET-NOD32 20131122
F-Prot 20131122
F-Secure 20131122
Fortinet 20131122
GData 20131122
Ikarus 20131122
Jiangmin 20131122
K7AntiVirus 20131122
K7GW 20131122
Kaspersky 20131122
Kingsoft 20130829
Malwarebytes 20131122
McAfee 20131122
McAfee-GW-Edition 20131121
Microsoft 20131122
MicroWorld-eScan 20131122
NANO-Antivirus 20131122
Norman 20131122
nProtect 20131122
Panda 20131122
Rising 20131122
Sophos 20131122
SUPERAntiSpyware 20131122
Symantec 20131122
TheHacker 20131122
TotalDefense 20131121
TrendMicro 20131122
TrendMicro-HouseCall 20131122
VBA32 20131122
VIPRE 20131122
ViRobot 20131122


MD5 a06974400bfb3b97b027499498cd4473
SHA1 521c4e7abdf2654012b6ff46707a3b7e841d0ad6
SHA256 40a0006f4b07795c624c318bfc3fd4355d5318d6811e83ca1d612d96843a6e06
ssdeep
3:Q7lHLaRktLt/s:G0Cx1s

File size 512 bytes ( 512 bytes )
File type unknown
Magic literal
x86 boot sector

TrID Lotus 123 Worksheet (generic) (27.3%)
Game Music Creator Music (15.3%)
MacBinary 1 header (14.0%)
Targa bitmap (Original TGA Format - No Image ID) (13.7%)
MacBinary 2 header (13.6%)
VirusTotal metadata
First submission 2013-11-22 16:51:08 UTC ( 2 minutes ago )
Last submission 2013-11-22 16:51:08 UTC ( 2 minutes ago )
File names MBR.dat





I ran the OTL with the processes you provided and here is the log that corresponds:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: Unable to stop service lsnfd!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsnfd deleted successfully.
C:\Windows\SysNative\drivers\lsnfd.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-186217316-381863959-1373005331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5E823D00-ECE1-401D-B659-4C245A5E7483}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E823D00-ECE1-401D-B659-4C245A5E7483}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}\ deleted successfully.
File C:\Program Files\Linksicle\IE\LinksicleClientIE.dll not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
C:\Users\Myles\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages folder moved successfully.
C:\Users\Myles\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z folder moved successfully.
Folder C:\Program Files\Linksicle\ not found.
C:\Users\Myles\AppData\Roaming\DigitalSite folder moved successfully.
C:\ProgramData\Fighters\Suite\Logs folder moved successfully.
C:\ProgramData\Fighters\Suite folder moved successfully.
C:\ProgramData\Fighters folder moved successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users


Here is the AdwCleaner logs and actions taken:

# AdwCleaner v3.012 - Report created 22/11/2013 at 11:12:01
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Myles - MYLES-PC
# Running from : C:\Users\Myles\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\Myles\AppData\Local\jZip
File Deleted : C:\Users\Public\Desktop\Open It!.lnk

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Myles\Desktop\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Myles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Myles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Myles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\aartemisSoftware
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Myles\AppData\Roaming\Mozilla\Firefox\Profiles\ghs0xp66.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [13505 octets] - [22/11/2013 11:10:39]
AdwCleaner[S0].txt - [12694 octets] - [22/11/2013 11:12:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12755 octets] ##########



Here is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Myles on Fri 11/22/2013 at 11:19:03.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/22/2013 at 11:22:32.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Here is the final OTL Log requested:

OTL logfile created on: 11/22/2013 11:25:43 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 79.78% Memory free
15.96 Gb Paging File | 14.29 Gb Available in Paging File | 89.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.29 Gb Total Space | 587.76 Gb Free Space | 63.11% Space Free | Partition Type: NTFS

Computer Name: MYLES-PC | User Name: Myles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
PRC - [2013/11/12 21:39:06 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/08 14:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/25 10:57:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/06/05 11:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Myles\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2013/11/12 21:39:45 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Myles\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Myles\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/04/13 12:52:23 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/08 14:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/11/21 08:01:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/12 21:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/25 10:57:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/06 16:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/15 11:52:34 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/19 20:04:57 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 17:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/16 06:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 26 5F F0 C9 88 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{196A6F2A-C603-4280-985F-EEC73134E040}: "URL" = http://search.yahoo....47,20028,0,25,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/11/21 09:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myles\AppData\Roaming\Mozilla\Extensions
[2013/11/21 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/21 09:54:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/21 10:16:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Myles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D551E6-FAF4-4665-A20F-9C942AADF7E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0737EED-D3B9-4BE7-89B8-E8A9E3010A59}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/22 11:19:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/22 11:17:16 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Myles\Desktop\JRT.exe
[2013/11/22 11:10:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/22 10:57:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/22 10:46:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/21 22:52:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
[2013/11/21 18:08:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Myles\Desktop\aswmbr.exe
[2013/11/21 10:18:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/21 10:17:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/21 10:05:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/21 10:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/11/21 09:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/11/21 09:54:24 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\Mozilla
[2013/11/21 09:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/21 09:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/11/21 09:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/21 09:21:37 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\QuickPar
[2013/11/21 09:18:09 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013/11/21 09:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013/11/21 09:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2013/11/21 09:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/11/19 18:07:16 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\NVIDIA Corporation
[2013/11/03 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\Myles\Documents\Spiderweb Software
[2013/10/25 18:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/25 10:57:27 | 000,000,000 | ---D | C] -- C:\Users\Myles\Documents\Assassin's Creed III

========== Files - Modified Within 30 Days ==========

[2013/11/22 11:21:23 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/22 11:21:23 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/22 11:18:10 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/22 11:18:10 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/22 11:18:10 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/22 11:17:20 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Myles\Desktop\JRT.exe
[2013/11/22 11:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/22 11:13:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/22 11:13:24 | 2132,717,567 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/22 11:12:03 | 000,001,166 | ---- | M] () -- C:\Users\Myles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/22 11:12:03 | 000,000,959 | ---- | M] () -- C:\Users\Myles\Desktop\Internet Explorer (64-bit).lnk
[2013/11/22 11:10:14 | 001,085,542 | ---- | M] () -- C:\Users\Myles\Desktop\AdwCleaner.exe
[2013/11/22 10:46:14 | 847,644,172 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/21 23:13:07 | 000,000,512 | ---- | M] () -- C:\Users\Myles\Desktop\MBR.dat
[2013/11/21 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
[2013/11/21 18:09:10 | 000,891,200 | ---- | M] () -- C:\Users\Myles\Desktop\SecurityCheck.exe
[2013/11/21 18:09:00 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Myles\Desktop\aswmbr.exe
[2013/11/21 10:16:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/21 09:54:18 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/19 23:57:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/01 07:41:04 | 000,000,222 | ---- | M] () -- C:\Users\Myles\Desktop\Avadon 2 The Corruption.url
[2013/10/25 18:32:56 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/25 10:57:26 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/25 10:57:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Files Created - No Company Name ==========

[2013/11/22 11:10:07 | 001,085,542 | ---- | C] () -- C:\Users\Myles\Desktop\AdwCleaner.exe
[2013/11/22 10:46:14 | 847,644,172 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/21 23:13:07 | 000,000,512 | ---- | C] () -- C:\Users\Myles\Desktop\MBR.dat
[2013/11/21 18:09:07 | 000,891,200 | ---- | C] () -- C:\Users\Myles\Desktop\SecurityCheck.exe
[2013/11/21 09:54:18 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/21 09:54:18 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/01 07:41:04 | 000,000,222 | ---- | C] () -- C:\Users\Myles\Desktop\Avadon 2 The Corruption.url
[2013/10/25 10:57:26 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/25 10:57:25 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/10/25 10:57:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/04/08 14:27:06 | 000,000,258 | RHS- | C] () -- C:\Users\Myles\ntuser.pol
[2012/09/24 16:08:32 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/05/13 18:06:38 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/24 12:26:53 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 10:29:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/03/24 10:29:52 | 000,030,387 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/22 11:14:18 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Dropbox
[2013/04/10 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Kalypso Media
[2013/05/16 18:00:10 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Might & Magic Heroes VI
[2012/04/13 13:22:15 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\OpenOffice.org
[2013/04/28 08:49:11 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\StarDrive
[2013/11/09 23:44:18 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\TS3Client
[2012/09/06 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\wargaming.net
[2012/08/05 20:51:09 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Xilisoft

========== Purity Check ==========



< End of report >



Question answer:


Machiavelli, so far, so good. The IE page is no longer running a hijack browser and the internet connection itself is running smoothly. I appreciate your help greatly and want to thank you for taking this on and walking me through it. I'll look around a bit more here and repost here if anything still seems amiss.
  • 0

#7
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
We aren't finished. Only some steps to do. :cool:

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    [2013/11/21 10:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

Malwarebytes' Anti-Malware

  • Start Malwarebytes as Administrator
  • Go to the tab Updates and click search for Updates
  • Go to the tab Scanner
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Eset Scan


Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first! Then paste the Logfile in the thread
  • Then click on: Finish

  • 0

#8
badcomputer!

badcomputer!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Machivelli,

Here is the OTL log:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\ProgramData\TEMP folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Myles
->Temp folder emptied: 2232132 bytes
->Temporary Internet Files folder emptied: 832516 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17121937 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.Myles-PC
->Temp folder emptied: 0 bytes

User: UpdatusUser.Myles-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2672 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1888 bytes

Total Files Cleaned = 19.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11222013_161149

Files\Folders moved on Reboot...
C:\Users\Myles\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Myles\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



The Malware log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.22.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Myles :: MYLES-PC [administrator]

11/22/2013 4:25:47 PM
mbam-log-2013-11-22 (16-25-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271837
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Here is the ESET Log:

C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11222013_105758\C_Users\Myles\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe Win32/InstallCore.AZ application cleaned
  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
OK, we're finished now. If you like my help it would be really cool and nice to give me feedback in this forum here. For example what I did good in your opinion, what I did bad etc. :)

- FIRST -

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

- NEXT -

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Posted Image

- NEXT -

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):

  • ESET

What's with MBAM?

Malwarebytes is a very good free scanner! It isn't a one demand scanner so it won't have any problems with your AntiVirus! It would be good if you scan your PC after Malware every 1-2 months (of course with Malwarebytes).
But if you like to uninstall it, then make that:

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):

  • Malwarebytes

- NEXT -

Download File-Hippo Updatechecker http://www.filehippo.../updatechecker/ Please run it monthly - it will scan your Updatestatus. For example a program is out dated the UpdateChecker will give you a link where you can download the newest version of the respective program.

How to update programs with FileHippo Updatechecker?

  • Start FileHippo Updatechecker
  • You get redirected to a Website
  • You probably see a list of updates (if not then are probably all programs up to date)
  • Click on the first item of the list, download the Update , after that reboot the Computer and take the next item of the list!

- NEXT -

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrade Java : (64 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) Version 7 Update 45 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit (jre-7u45-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u25-windows-x64.exe and select "Run as an Administrator.")



Please also update these/this Program(s):

  • AdobeReader


- NEXT -


Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide (http://www.geekstogo...g-your-machine/) written by tech expert Artellos.

Keep safe! :thumbsup:
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP