Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SysWOW64 - Conduit Virus [Closed] [Solved]

Started by jacob98 , Feb 05 2014 09:11 PM

  • This topic is locked This topic is locked

#1
jacob98
Posted 05 February 2014 - 09:11 PM

jacob98

    Member

  • Member
  • PipPip
  • 19 posts
Dear,
Geekstogo

I got this virus called conduit and i think it was from utorrent but anyways my computer has been running a bit slower then normal. But now, Everytime I start my computer up I get this Error!? RunDLL " There was a problem starting c:\Users\Jacob\Appdata\Local\Conduit\BackgroundContainer\BackgroundContainer.dll "The Specified Module Could not be found."

I recently discovered that it was a virus and I also found out where on the computer it was : C:\Windows\SysWOW64\rundll32.exe
I tried to delete it, but of course that never works. I downloaded AVG, Malwarebytes, Norton, Windows security essentials, and HitmanPro. I ran the Highest scans and they finished. They all found something different, they deleted or cleaned they items they found. But for some reason I still get the error? Please Help, Thanks
  • 0

Advertisements

#2
pystryker
Posted 05 February 2014 - 09:37 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Let's run a couple of scans and see what's going on here. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



Step 1: Download and Scan with OTL


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

  • Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  • Please make sure the following boxes are checked.
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Please check Use Safelist is checked under Extra Registry.
  • Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button.

Posted Image

  • Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient. :)
  • When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  • Please post each log in your next reply.



Step 2: Download and Scan with aswMBR


  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit


Things I need to see in your next post:

OTL Log

Extras.txt Log

aswMBR Log
  • 0

#3
jacob98
Posted 06 February 2014 - 10:44 PM

jacob98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the files:

Attached Files

  • Attached File  OTL.Txt   147.14KB   164 downloads
  • Attached File  asw.txt   2.14KB   157 downloads
  • Attached File  Extras.Txt   80.34KB   199 downloads

  • 0

#4
pystryker
Posted 07 February 2014 - 06:42 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

In the future, please do not attach the logs, copy and paste them into the body of your replies. That makes them easier for me to analyze. I'll paste the 3 that you have attached into a reply and get started on them. :)




OTL logfile created on: 2/6/2014 10:02:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jacob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 82.52% Memory free
8.10 Gb Paging File | 6.74 Gb Available in Paging File | 83.24% Paging File free
Paging file location(s): c:\pagefile.sys 512 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 209.34 Gb Total Space | 138.82 Gb Free Space | 66.31% Space Free | Partition Type: NTFS
Drive D: | 19.38 Gb Total Space | 2.10 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32

Computer Name: JACOB-HP | User Name: Jacob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/06 21:55:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jacob\Desktop\OTL.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/08 23:35:01 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/06 22:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/09/29 14:33:42 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/08/19 16:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/27 18:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/10 06:47:16 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/06 16:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/05 15:08:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/02/05 07:08:00 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/27 14:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/08 23:35:01 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/12/27 18:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/03 08:34:40 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/10/23 09:11:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 15:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 15:11:03 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/14 15:11:03 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/05 15:50:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 14:32:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/16 05:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 05:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/15 13:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/16 14:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/07 14:20:22 | 000,448,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E199F18C-D3C4-4B8D-9431-E60179ECCB6E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {DF9F6A1F-9E5F-4F2A-A205-75E7C156A3A0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 BD 1A 59 48 01 CF 01 [binary data]
IE - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\..\SearchScopes,DefaultScope = {82A8AA25-0EED-4B99-B2BC-A45FAAB87830}
IE - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\..\SearchScopes\{82A8AA25-0EED-4B99-B2BC-A45FAAB87830}: "URL" = https://www.google.c...q={searchTerms}
IE - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: James White = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: Spotify - Music for every moment = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Dropbox = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: Google Wallet = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe File not found
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-2221766237-2576600611-1707243153-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B03D8AF-5E00-49FE-8A09-A86944AF7761}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D500B3F1-070F-47C2-86A6-C8087C6CE780}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A1B64D-5F28-45CE-98AE-855A66FBCA4F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\G\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\G\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/06 22:01:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Jacob\Desktop\aswmbr.exe
[2014/02/06 21:54:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jacob\Desktop\OTL.exe
[2014/02/03 19:36:56 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\.minecraft
[2014/02/03 19:32:18 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Dropbox
[2014/02/03 19:28:41 | 037,660,568 | ---- | C] (Dropbox, Inc.) -- C:\Users\Jacob\Desktop\Dropbox 2.6.2.exe
[2014/02/03 16:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/02/03 16:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/02/03 16:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2014/02/03 16:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/02/03 16:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/02/03 16:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/02/03 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/02/03 16:32:20 | 000,000,000 | ---D | C] -- C:\AMD
[2014/02/03 16:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/02/03 15:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/03 11:12:06 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\SlimWare Utilities Inc
[2014/02/03 11:11:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014/02/03 11:11:23 | 000,739,704 | ---- | C] (SlimWare Utilities, Inc.) -- C:\Users\Jacob\Desktop\DriverUpdate-setup.exe
[2014/02/03 02:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Macromedia
[2014/02/02 23:23:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/02/02 20:02:29 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Oracle
[2014/02/02 15:11:34 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Security
[2014/02/02 14:50:01 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/02/02 14:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/02/02 14:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/02/02 14:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/02 14:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/02 14:39:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/02 14:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/02 14:32:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/02 13:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2014/02/02 13:11:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014/02/02 03:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/02/02 03:35:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/02/02 03:28:54 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\computer
[2014/02/02 03:27:49 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Backup
[2014/02/02 03:23:51 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Mods
[2014/02/02 03:21:46 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Videos
[2014/02/02 03:21:37 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Music
[2014/02/02 03:19:35 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Important Items
[2014/02/02 03:19:22 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Games
[2014/02/02 03:17:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/02 03:17:03 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\MFAData
[2014/02/02 03:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/02/02 03:14:03 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Roxio Log Files
[2014/02/02 03:07:59 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Tools
[2014/02/02 03:05:14 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Stuff
[2014/02/02 03:05:10 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Skate Videos
[2014/02/02 03:03:02 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Recycle Bin
[2014/02/02 02:59:06 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Pictures
[2014/02/01 01:02:26 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Xpadder5-3
[2014/01/31 01:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Windows Live Writer
[2014/01/31 01:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\Windows Live Writer
[2014/01/31 01:03:50 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Science Notes
[2014/01/29 14:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\websavee
[2014/01/29 14:53:48 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\Packages
[2014/01/29 14:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\websavee
[2014/01/29 14:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SetApp
[2014/01/29 14:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\9f034431ec6a0e7d
[2014/01/29 14:49:53 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\Comodo
[2014/01/29 14:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/01/26 01:36:49 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\.technic
[2014/01/25 15:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Ipod touch 4g
[2014/01/24 23:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/24 23:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/24 23:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/24 23:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/24 23:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/12 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\eSupport.com
[2014/01/12 23:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[2014/01/12 23:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSupport.com
[2014/01/12 19:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/01/12 19:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/01/09 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\Apple Computer
[2014/01/09 20:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/06 22:01:32 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Jacob\Desktop\aswmbr.exe
[2014/02/06 21:55:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jacob\Desktop\OTL.exe
[2014/02/06 21:49:40 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/06 21:49:40 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/06 21:47:53 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/06 21:47:53 | 000,661,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/06 21:47:53 | 000,121,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/06 21:42:57 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/06 21:42:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/06 21:42:15 | 1828,904,959 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/05 22:17:31 | 001,346,898 | ---- | M] () -- C:\Users\Jacob\Desktop\20140204_085714.jpg
[2014/02/05 22:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/05 21:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/05 21:33:25 | 000,001,264 | ---- | M] () -- C:\Users\Jacob\Desktop\rundll32 - Shortcut.lnk
[2014/02/05 15:36:19 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/04 19:20:08 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/03 23:38:30 | 000,004,064 | ---- | M] () -- C:\Users\Jacob\Desktop\DolphinanaFox.png
[2014/02/03 19:29:07 | 037,660,568 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jacob\Desktop\Dropbox 2.6.2.exe
[2014/02/03 19:21:23 | 000,107,764 | ---- | M] () -- C:\Users\Jacob\Desktop\XRayInstaller.jar
[2014/02/03 19:20:31 | 3846,942,971 | ---- | M] () -- C:\Users\Jacob\Desktop\Garry's mod.zip
[2014/02/03 19:10:15 | 000,098,550 | ---- | M] () -- C:\Users\Jacob\Desktop\[1.7.4] XRay.zip
[2014/02/03 19:07:07 | 000,811,067 | ---- | M] () -- C:\Users\Jacob\Desktop\OptiFine_1.7.4_HD_U_C7 (1).jar
[2014/02/03 18:25:35 | 002,406,621 | ---- | M] () -- C:\Users\Jacob\Desktop\TechnicLauncher.exe
[2014/02/03 14:42:46 | 000,675,988 | ---- | M] () -- C:\Users\Jacob\Desktop\Minecraft.exe
[2014/02/03 12:43:13 | 006,019,965 | ---- | M] () -- C:\Users\Jacob\Desktop\faithful32pack.zip
[2014/02/03 11:17:24 | 005,837,483 | ---- | M] () -- C:\Users\Jacob\Desktop\lwjgl-2.9.1.zip
[2014/02/03 11:11:27 | 000,739,704 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Users\Jacob\Desktop\DriverUpdate-setup.exe
[2014/02/03 09:34:05 | 000,007,605 | ---- | M] () -- C:\Users\Jacob\AppData\Local\Resmon.ResmonCfg
[2014/02/03 08:34:40 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/02 14:50:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/02/02 13:36:50 | 000,005,817 | ---- | M] () -- C:\Users\Jacob\Desktop\error.png
[2014/02/02 13:26:52 | 000,442,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/01 01:15:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2014/02/01 01:01:56 | 000,564,533 | ---- | M] () -- C:\Users\Jacob\Desktop\Xpadder with minecraft (1).zip
[2014/02/01 01:00:47 | 000,564,533 | ---- | M] () -- C:\Users\Jacob\Desktop\Xpadder with minecraft.zip
[2014/01/31 19:23:43 | 000,803,731 | ---- | M] () -- C:\Users\Jacob\Desktop\OptiFine_1.7.4_HD_U_C5.jar
[2014/01/31 01:49:33 | 000,312,910 | ---- | M] () -- C:\Users\Jacob\Documents\Scan0004.jpg
[2014/01/31 01:49:33 | 000,278,037 | ---- | M] () -- C:\Users\Jacob\Documents\Scan0003.jpg
[2014/01/31 01:49:32 | 000,346,283 | ---- | M] () -- C:\Users\Jacob\Documents\Scan0001.jpg
[2014/01/31 01:49:32 | 000,331,582 | ---- | M] () -- C:\Users\Jacob\Documents\Scan0002.jpg
[2014/01/24 23:25:31 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/16 23:14:03 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/01/13 00:05:54 | 000,002,243 | ---- | M] () -- C:\Users\Jacob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/12 19:39:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/01/12 19:38:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2014/01/12 19:34:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/01/11 18:26:03 | 002,886,112 | ---- | M] () -- C:\Users\Jacob\Desktop\cat-mario.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/05 22:16:56 | 001,346,898 | ---- | C] () -- C:\Users\Jacob\Desktop\20140204_085714.jpg
[2014/02/05 21:33:25 | 000,001,264 | ---- | C] () -- C:\Users\Jacob\Desktop\rundll32 - Shortcut.lnk
[2014/02/05 21:24:40 | 000,001,148 | ---- | C] () -- C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2014/02/03 23:38:29 | 000,004,064 | ---- | C] () -- C:\Users\Jacob\Desktop\DolphinanaFox.png
[2014/02/03 19:21:20 | 000,107,764 | ---- | C] () -- C:\Users\Jacob\Desktop\XRayInstaller.jar
[2014/02/03 19:10:13 | 000,098,550 | ---- | C] () -- C:\Users\Jacob\Desktop\[1.7.4] XRay.zip
[2014/02/03 19:06:57 | 000,811,067 | ---- | C] () -- C:\Users\Jacob\Desktop\OptiFine_1.7.4_HD_U_C7 (1).jar
[2014/02/03 18:48:14 | 3846,942,971 | ---- | C] () -- C:\Users\Jacob\Desktop\Garry's mod.zip
[2014/02/03 18:23:03 | 002,406,621 | ---- | C] () -- C:\Users\Jacob\Desktop\TechnicLauncher.exe
[2014/02/03 14:42:43 | 000,675,988 | ---- | C] () -- C:\Users\Jacob\Desktop\Minecraft.exe
[2014/02/03 12:42:46 | 006,019,965 | ---- | C] () -- C:\Users\Jacob\Desktop\faithful32pack.zip
[2014/02/03 11:17:00 | 005,837,483 | ---- | C] () -- C:\Users\Jacob\Desktop\lwjgl-2.9.1.zip
[2014/02/03 09:34:05 | 000,007,605 | ---- | C] () -- C:\Users\Jacob\AppData\Local\Resmon.ResmonCfg
[2014/02/03 08:34:40 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/02 13:36:50 | 000,005,817 | ---- | C] () -- C:\Users\Jacob\Desktop\error.png
[2014/02/02 13:26:20 | 000,442,920 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/01 01:15:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2014/02/01 01:01:47 | 000,564,533 | ---- | C] () -- C:\Users\Jacob\Desktop\Xpadder with minecraft (1).zip
[2014/02/01 01:00:38 | 000,564,533 | ---- | C] () -- C:\Users\Jacob\Desktop\Xpadder with minecraft.zip
[2014/01/31 19:23:19 | 000,803,731 | ---- | C] () -- C:\Users\Jacob\Desktop\OptiFine_1.7.4_HD_U_C5.jar
[2014/01/31 01:49:33 | 000,312,910 | ---- | C] () -- C:\Users\Jacob\Documents\Scan0004.jpg
[2014/01/31 01:49:32 | 000,346,283 | ---- | C] () -- C:\Users\Jacob\Documents\Scan0001.jpg
[2014/01/31 01:49:32 | 000,331,582 | ---- | C] () -- C:\Users\Jacob\Documents\Scan0002.jpg
[2014/01/31 01:49:32 | 000,278,037 | ---- | C] () -- C:\Users\Jacob\Documents\Scan0003.jpg
[2014/01/24 23:25:31 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/13 19:56:45 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/01/12 19:39:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/01/12 19:38:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2014/01/12 19:34:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/01/11 18:25:55 | 002,886,112 | ---- | C] () -- C:\Users\Jacob\Desktop\cat-mario.zip
[2013/12/25 01:56:43 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/12/25 01:40:44 | 000,770,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/09 23:01:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/12/08 23:35:03 | 000,291,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/12/08 23:35:00 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/12/06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/12/06 16:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/12/06 16:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/12/06 15:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/12/06 15:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/06 21:52:55 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\.minecraft
[2014/02/03 18:26:01 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\.technic
[2013/12/07 15:41:34 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\DictAddon
[2014/01/24 23:57:35 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Notepad++
[2014/02/02 20:02:29 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Oracle
[2013/12/07 04:25:23 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\PowerISO
[2013/12/06 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Synaptics
[2014/02/02 14:10:11 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\uTorrent
[2013/12/07 03:41:10 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\WildTangent
[2014/01/31 01:55:44 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/10/14 15:00:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/10/14 15:00:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/10/14 15:00:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/10/14 15:00:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/10/14 15:00:13 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/10/14 15:00:13 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: RPCSS.DLL >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2013/09/03 08:54:30 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2013/09/03 08:54:30 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2013/09/03 08:54:20 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2013/09/03 08:54:14 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2013/09/03 08:54:18 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2013/09/03 08:54:18 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2013/09/03 08:54:20 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2013/09/03 08:54:26 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2013/09/03 08:54:06 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2013/09/03 08:54:22 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2013/09/03 08:54:04 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2013/09/03 08:54:28 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2013/09/03 08:54:02 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2013/09/03 08:54:16 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2013/09/03 08:54:04 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2013/09/03 08:54:32 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2013/09/03 08:54:22 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2013/09/03 08:54:34 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2013/09/03 08:54:34 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2013/09/03 08:54:12 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2013/09/03 08:54:26 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2013/09/03 08:54:08 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2013/09/03 08:54:26 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/15 23:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2013/09/03 08:54:12 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2013/09/03 08:54:10 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2013/09/03 08:54:08 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >
[2010/11/15 23:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >
[2010/11/15 23:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >
[2010/11/15 23:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >
[2010/11/15 23:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >
[2010/11/15 23:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >
[2010/11/15 23:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >
[2010/11/15 23:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >
[2010/11/15 23:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >
[2010/11/15 23:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >
[2010/11/15 23:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >
[2010/11/15 23:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >
[2010/11/15 23:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >
[2010/11/15 23:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >
[2010/11/15 23:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >
[2010/11/15 23:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >
[2010/11/15 23:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >
[2010/11/15 23:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >
[2010/11/15 23:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >
[2010/11/15 23:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >
[2010/11/15 23:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >
[2010/11/15 23:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >
[2010/11/15 23:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >
[2010/11/15 23:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >
[2010/11/15 23:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >
[2010/11/15 23:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2013/12/18 13:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/15 23:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.DAT >
[2014/01/01 04:20:33 | 000,004,134 | ---- | M] () MD5=C9B4F36E8BE111CCBC44A2A8FD32C5EC -- C:\Users\Jacob\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is E66E-919C
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [D:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Evernote
10/14/2011 03:38 PM <SYMLINKD> Evernote3.5 [D:\Program Files (x86)\Evernote\Evernote]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [D:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [D:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [D:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [D:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [D:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [D:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [D:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [D:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [D:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [D:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [D:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [D:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [D:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [D:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [D:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [D:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [D:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [D:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Jacob
12/06/2013 10:06 PM <JUNCTION> Application Data [C:\Users\Jacob\AppData\Roaming]
12/06/2013 10:06 PM <JUNCTION> Cookies [C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Cookies]
12/06/2013 10:06 PM <JUNCTION> Local Settings [C:\Users\Jacob\AppData\Local]
12/06/2013 10:06 PM <JUNCTION> My Documents [C:\Users\Jacob\Documents]
12/06/2013 10:06 PM <JUNCTION> NetHood [C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/06/2013 10:06 PM <JUNCTION> PrintHood [C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/06/2013 10:06 PM <JUNCTION> Recent [C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Recent]
12/06/2013 10:06 PM <JUNCTION> SendTo [C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\SendTo]
12/06/2013 10:06 PM <JUNCTION> Start Menu [C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu]
12/06/2013 10:06 PM <JUNCTION> Templates [C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Jacob\AppData\Local
12/06/2013 10:06 PM <JUNCTION> Application Data [C:\Users\Jacob\AppData\Local]
12/06/2013 10:06 PM <JUNCTION> History [C:\Users\Jacob\AppData\Local\Microsoft\Windows\History]
12/06/2013 10:06 PM <JUNCTION> Temporary Internet Files [C:\Users\Jacob\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Jacob\Documents
12/06/2013 10:06 PM <JUNCTION> My Music [C:\Users\Jacob\Music]
12/06/2013 10:06 PM <JUNCTION> My Pictures [C:\Users\Jacob\Pictures]
12/06/2013 10:06 PM <JUNCTION> My Videos [C:\Users\Jacob\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [D:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [D:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [D:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
45 Dir(s) 149,059,801,088 bytes free

< End of report >



OTL Extras logfile created on: 2/6/2014 10:02:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jacob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 82.52% Memory free
8.10 Gb Paging File | 6.74 Gb Available in Paging File | 83.24% Paging File free
Paging file location(s): c:\pagefile.sys 512 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 209.34 Gb Total Space | 138.82 Gb Free Space | 66.31% Space Free | Partition Type: NTFS
Drive D: | 19.38 Gb Total Space | 2.10 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32

Computer Name: JACOB-HP | User Name: Jacob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2221766237-2576600611-1707243153-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A37E19-3181-4EDC-A449-160E3546DD25}" = lport=445 | protocol=6 | dir=in | app=system |
"{04D0FD67-93F9-4E02-AD88-C387AFCD13EC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10BAD5C5-B5E4-4EBF-A597-DD34D45AD4FF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{12485372-E6AD-4BE5-8C0C-4155A1E56ABA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{17E64D09-50CE-45DB-818D-F0064C204ACB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2484F486-27D0-4C3F-ADA2-16F9D80EF289}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{317E2C07-EC01-4C8B-BC11-33A8D5F810CD}" = rport=139 | protocol=6 | dir=out | app=system |
"{333A2E81-81DD-4FE6-BBAA-4F53DA9BF008}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4CCB3288-84CC-4C2A-B333-86A6E777DB45}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D6375E8-15B5-45A8-8E09-F1F7A783480D}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{53122041-9395-4489-96C0-9D5E74D55E04}" = rport=137 | protocol=17 | dir=out | app=system |
"{5861F10C-E1E7-4342-B1C5-9038A604CEA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{6936DA98-89E3-415B-BA9F-DAF4D9D4E16E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D232DB9-634A-4063-AC88-1EFB096756CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{881400CB-B045-418E-AF28-1EFF936E83EB}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{890F8A0D-B912-4ADE-8608-828D147661E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DE839A8-A3C0-4315-AF29-1BAFC93A8136}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1FB3587-0119-4AAC-A679-8051A19BEB24}" = rport=445 | protocol=6 | dir=out | app=system |
"{A22DCFC9-EED8-40A8-9E68-8D4EA2E0A5AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ADA3C150-277A-489B-B516-C011C53141C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE4A2ECE-ACFF-4673-BB8C-0EF54F45FC43}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{D3875090-2DAA-4664-8BEB-190AA8CDCBDE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E0CA709B-C36A-4FD0-BA84-9419799E635D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E4E3D36D-3B14-45DB-A8D6-C168965D9087}" = rport=138 | protocol=17 | dir=out | app=system |
"{F7AC7C02-1E3A-4473-B1AD-302EBD32F14D}" = lport=137 | protocol=17 | dir=in | app=system |
"{F8FABCD0-7D87-4185-8515-A55A4C213317}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF207DCD-FF08-4B08-BFF3-E08CB9CABCBD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D05F0E-EE76-41C7-A482-F78F9B9A2905}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{086D2D05-359D-45CF-A551-89E5F3E51319}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{08D35156-D596-4F05-8871-D3E231A9426A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{0F1780C0-8232-4081-A382-6B5FAE0F0C55}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{17483DED-D6DE-445B-8378-D0F512B8BA3C}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicatorcom.exe |
"{27E2AD31-D824-4E29-B7BE-68DF7061803B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{30659396-075A-46DC-A87C-2A37B1B0E6B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3399FF4A-36B5-4FA1-AFFE-65C4BC9C8E18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{36B6984D-A1BD-4E4C-8425-65AE7BFEA579}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\rtl8187 wireless lan utility\rtwlan.exe |
"{382D6C2C-EBEE-438E-9535-915953D60E09}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{3854EF04-E4E8-49D1-9FC6-E0E92D17DBEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{394A728B-3C1C-43BA-BD22-CE9F7DEDEB6D}" = protocol=6 | dir=out | app=system |
"{3DFD1819-7E7D-438D-9080-C4FACD382873}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{4771D0A0-D5B7-467F-9E06-AA22CAACDD67}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{477BB202-CBD6-47CF-B930-31FD250173EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{4ED0692B-11DB-4351-92D0-8721CC736FA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F4393AF-C655-4450-889B-8DE1E28205B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52461BE7-575F-419B-9C75-2EA0FAB7D548}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6462E1DF-58F6-4B3B-8B95-C8B4B10EA285}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{73E8C173-2DC7-4D44-9C95-14C172DC653B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{7490E63C-F3EE-4A5E-AB5C-CD7E719EBFDD}" = protocol=58 | dir=out | [email protected],-28546 |
"{7BCB25AF-FF7E-4C68-AF82-08429B2CBBBC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{819A2B05-7572-4ACA-B7C1-06811674FD27}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe |
"{82852BA0-34BB-4CD7-9E64-F56006FC6B54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84C53051-9951-469E-92DB-879F04C0DE0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{90EE0C41-9A5A-4D9B-B5D6-7E77C443F5DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93BDFBE6-9E13-4176-AF2C-B5E8EA7B0FD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A52299C5-3198-4706-B3B1-2846850EF61E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A65169FC-CBA6-46D3-9497-97D78EE1FF33}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A66E4FEA-6087-4243-9EAA-AB2EDCD0AEA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A83597A8-213C-4534-B3B9-990A5578D5FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A95E3C25-F620-4AB0-9D99-85B11AC4F220}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AB4E4C9F-F548-4695-9CEB-A59E872A030B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACE5861C-772A-4410-A15B-D2E204D165B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B12E0B69-EF8E-40CD-9C34-E17D85B65322}" = protocol=1 | dir=in | [email protected],-28543 |
"{B4C33B3F-986F-4CCE-922D-11BC7816F5F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4F9D095-48ED-4F68-9EAC-FDF6B536D138}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe |
"{B8E8342E-2832-4FE2-BBA1-474A0FAF753D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{CD4743DA-D993-42CD-B0E5-A1AA7BFA9177}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\rtl8187 wireless lan utility\rtwlan.exe |
"{D46ABB83-5A37-4418-8CEF-43B2F45D661A}" = protocol=1 | dir=out | [email protected],-28544 |
"{D80F2E71-F818-43D5-A13E-7DC60ACC61AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D828F1EA-147D-473A-AF38-DF05E2E07337}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{D9660903-E6FE-43CA-8D11-4A645802A409}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DB2C7298-CBD2-45F7-810C-CDE166F32834}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E076034E-06F8-4382-B98D-9C5BB95D06B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{E2509722-F4DD-427E-A65C-69060E79DBD6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EB7E0E8E-329A-477F-BB26-11B2C694C7FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{F6961357-7ACB-425F-9C0A-9A8F9D07532D}" = protocol=58 | dir=in | [email protected],-28545 |
"{F911E2F8-130C-4262-A79A-D82A5D3A6BCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"TCP Query User{1596816B-6B5A-45A8-B738-3A7A7C14F5F0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8F74B35F-553C-497E-ADA5-00176C03F298}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{97589663-176F-440B-AC61-F6507C137040}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A1FC4D3D-837C-4A9B-9A0A-922403A1F232}C:\users\jacob\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jacob\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{CE8D474A-3C1E-4541-B608-5CFC291090DC}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{8CD79F7B-60AB-4726-9ECE-9FB0ACD0B23E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{8FFE2671-09E4-4E25-8631-666D8469C7EE}C:\users\jacob\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jacob\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{C1057B13-0E26-4666-9238-E16B0AFC9DF9}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{CFF0C1D5-88DF-4861-8A3D-B229E718B822}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{D7F7A581-A8DC-40EE-9628-85820D21DF37}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager
"{44AAA767-F540-F091-4571-ADCBC10B0C92}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{678A75C7-5953-B109-57EE-46C7BA4C29C1}" = AMD Drag and Drop Transcoding
"{68C0736C-3E47-43A6-B14D-236BEF198A5F}" = HP Photosmart 5520 series Basic Device Software
"{723AEA0A-E9CF-44F7-AFE4-0617E8D4755A}" = AMD Steady Video Plug-In
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64
"{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0
"{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.68
"HitmanPro37" = HitmanPro 3.7
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"SynTPDeinstKey" = Synaptics TouchPad Driver
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
"{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center
"{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{41298BF3-DF6B-449C-BFB7-83663ECB5108}" = HP QuickWeb
"{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian
"{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish
"{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}" = HP Software Framework
"{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai
"{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian
"{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Notepad++" = Notepad++
"PowerISO" = PowerISO
"Steam" = Steam
"Steam App 4000" = Garry's Mod
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2221766237-2576600611-1707243153-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/5/2014 11:21:55 PM | Computer Name = Jacob-HP | Source = Application Error | ID = 1000
Description = Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513,
time stamp: 0x4dcdb214 Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting
process id: 0x10ac Faulting application start time: 0x01cf22ea95a7999d Faulting application
path: C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: d4103132-8edd-11e3-a035-ec9a74f6f041

Error - 2/5/2014 11:24:39 PM | Computer Name = Jacob-HP | Source = WinMgmt | ID = 10
Description =

Error - 2/5/2014 11:25:01 PM | Computer Name = Jacob-HP | Source = Application Error | ID = 1000
Description = Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513,
time stamp: 0x4dcdb214 Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting
process id: 0xcdc Faulting application start time: 0x01cf22eb0328d3ca Faulting application
path: C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 42738e1a-8ede-11e3-af66-ec9a74f6f041

Error - 2/5/2014 11:25:17 PM | Computer Name = Jacob-HP | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting
process id: 0x334 Faulting application start time: 0x01cf22eb0dd7e0e3 Faulting application
path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 4c79997f-8ede-11e3-af66-ec9a74f6f041

Error - 2/5/2014 11:26:30 PM | Computer Name = Jacob-HP | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting
process id: 0x131c Faulting application start time: 0x01cf22eb39def48b Faulting application
path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 77acd2af-8ede-11e3-af66-ec9a74f6f041

Error - 2/6/2014 10:43:02 PM | Computer Name = Jacob-HP | Source = WinMgmt | ID = 10
Description =

Error - 2/6/2014 10:46:44 PM | Computer Name = Jacob-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.10.0.116, time stamp:
0x50001496 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x000332b0 Faulting process id:
0xfb0 Faulting application start time: 0x01cf23aecc2de3e8 Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 13bf6baa-8fa2-11e3-9e00-ec9a74f6f041

Error - 2/6/2014 10:46:56 PM | Computer Name = Jacob-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.10.0.116, time stamp:
0x50001496 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x7723e770 Faulting process id: 0xfb0 Faulting application
start time: 0x01cf23aecc2de3e8 Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
module path: unknown Report Id: 1b028152-8fa2-11e3-9e00-ec9a74f6f041

Error - 2/6/2014 10:52:34 PM | Computer Name = Jacob-HP | Source = Office 2013 Licensing Service | ID = 0
Description =

Error - 2/6/2014 11:03:59 PM | Computer Name = Jacob-HP | Source = Application Error | ID = 1000
Description = Faulting application name: msosqm.exe, version: 15.0.4551.1007, time
stamp: 0x52714e76 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting
process id: 0x10a4 Faulting application start time: 0x01cf23b13ecd7d58 Faulting application
path: C:\Program Files\Common Files\Microsoft Shared\Office15\msosqm.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7d0ffee9-8fa4-11e3-9e00-ec9a74f6f041

[ Hewlett-Packard Events ]
Error - 12/29/2013 3:49:02 PM | Computer Name = Jacob-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/29/2013 3:52:47 PM | Computer Name = Jacob-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/29/2013 3:52:47 PM | Computer Name = Jacob-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/29/2013 3:55:05 PM | Computer Name = Jacob-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/29/2013 3:55:06 PM | Computer Name = Jacob-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 12/6/2013 11:09:08 PM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2013/12/06 22:09:08.025|00001024|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/6/2013 11:09:13 PM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2013/12/06 22:09:13.366|00001110|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/7/2013 4:25:51 AM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2013/12/07 03:25:51.159|00000930|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/8/2013 3:29:48 PM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2013/12/08 14:29:48.963|00000984|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/16/2013 5:25:12 PM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2013/12/16 16:25:12.875|00001108|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/22/2013 3:39:33 PM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2013/12/22 14:39:33.302|00000B18|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/29/2013 3:54:53 PM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2013/12/29 14:54:53.161|00000B40|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/6/2014 9:02:18 PM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2014/01/06 20:02:18.915|0000089C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/12/2014 8:34:22 PM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2014/01/12 19:34:22.325|00000F78|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/19/2014 4:09:25 PM | Computer Name = Jacob-HP | Source = CaslWmi | ID = 5
Description = 2014/01/19 15:09:25.724|00001404|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 2/3/2014 7:22:15 PM | Computer Name = Jacob-HP | Source = DCOM | ID = 10010
Description =

Error - 2/4/2014 10:27:12 PM | Computer Name = Jacob-HP | Source = DCOM | ID = 10010
Description =

Error - 2/5/2014 8:07:31 AM | Computer Name = Jacob-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 2/5/2014 8:13:47 AM | Computer Name = Jacob-HP | Source = DCOM | ID = 10010
Description =

Error - 2/5/2014 9:30:05 PM | Computer Name = Jacob-HP | Source = DCOM | ID = 10010
Description =

Error - 2/5/2014 10:27:56 PM | Computer Name = Jacob-HP | Source = DCOM | ID = 10010
Description =

Error - 2/5/2014 10:28:00 PM | Computer Name = Jacob-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.3332.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0

Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 2/5/2014 10:28:00 PM | Computer Name = Jacob-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.3332.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0

Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 2/5/2014 11:23:09 PM | Computer Name = Jacob-HP | Source = DCOM | ID = 10010
Description =

Error - 2/5/2014 11:31:30 PM | Computer Name = Jacob-HP | Source = DCOM | ID = 10010
Description =


< End of report >



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-06 22:45:04
-----------------------------
22:45:04.605 OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:04.605 Number of processors: 2 586 0x200
22:45:04.605 ComputerName: JACOB-HP UserName: Jacob
22:45:06.555 Initialize success
22:50:36.616 AVAST engine defs: 14020601
22:52:58.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
22:52:58.171 Disk 0 Vendor: ST925031 0005 Size: 238475MB BusType: 11
22:52:58.296 Disk 0 MBR read successfully
22:52:58.296 Disk 0 MBR scan
22:52:58.358 Disk 0 Windows 7 default MBR code
22:52:58.374 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:52:58.467 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 214361 MB offset 409600
22:52:58.561 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19850 MB offset 439420928
22:52:58.655 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 480073728
22:52:59.138 Disk 0 scanning C:\Windows\system32\drivers
22:53:25.299 Service scanning
22:54:19.744 Modules scanning
22:54:19.759 Disk 0 trace - called modules:
22:54:19.822 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
22:54:19.837 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800719f060]
22:54:19.853 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8006c51ac0]
22:54:19.868 5 amd_xata.sys[fffff880010f3a1d] -> nt!IofCallDriver -> [0xfffffa8006c4f7a0]
22:54:19.884 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8006c4d780]
22:54:22.021 AVAST engine scan C:\Windows
22:54:27.887 AVAST engine scan C:\Windows\system32
23:03:00.566 AVAST engine scan C:\Windows\system32\drivers
23:03:32.312 AVAST engine scan C:\Users\Jacob
23:16:41.096 AVAST engine scan C:\ProgramData
23:17:53.044 Scan finished successfully
23:40:17.552 Disk 0 MBR has been saved successfully to "C:\Users\Jacob\Desktop\MBR.dat"
23:40:17.661 The log file has been saved successfully to "C:\Users\Jacob\Desktop\asw.txt"
  • 0

#5
jacob98
Posted 07 February 2014 - 08:58 AM

jacob98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry...
  • 0

#6
pystryker
Posted 07 February 2014 - 09:04 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
No need to be sorry, you've done nothing wrong. :) I have your logs, and we'll get this taken care of, no worries. :thumbsup: :)
  • 0

#7
pystryker
Posted 08 February 2014 - 11:15 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hi :)

I just wanted to update you. I've submitted my fix, and I'm awaiting my teacher to approve it, then we'll get started getting rid of the junk. :) :thumbsup:
  • 0

#8
jacob98
Posted 08 February 2014 - 11:43 AM

jacob98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay, thank you sooo much. :D
  • 0

#9
pystryker
Posted 08 February 2014 - 12:00 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Okay, thank you sooo much. :D


You're very welcome :) Let's get to work getting your machine cleaned. :thumbsup:


Step 1: Hitman Pro Uninstall


Programs to Uninstall

Please uninstall Hitman Pro from your machine. This software has a reputation of doing more harm than good. Even to the point of rendering a machine unbootable.



Step 2: Windows Sidebar and P2P Warning


Windows Fix It

You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.



The Dangers of P2P Programs

I noticed that you have or have had a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.



Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
[2014/02/03 11:12:06 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\SlimWare Utilities Inc
[2014/02/03 11:11:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014/02/03 11:11:23 | 000,739,704 | ---- | C] (SlimWare Utilities, Inc.) -- C:\Users\Jacob\Desktop\DriverUpdate-setup.exe
[2014/02/02 14:50:01 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/02/02 14:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/02/02 14:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/02/02 14:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/12/08 23:35:03 | 000,291,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/12/08 23:35:00 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[emptytemp]
[resethosts]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, "Pending, uncheck elements you don't want to remove."
    click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 5: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 6: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.


Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

Question: How is the computer running now?
  • 0

#10
jacob98
Posted 09 February 2014 - 10:27 AM

jacob98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
AdwCleaner:

# AdwCleaner v3.018 - Report created 09/02/2014 at 10:12:46
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jacob - JACOB-HP
# Running from : C:\Users\Jacob\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Users\Jacob\AppData\Local\eSupport.com

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1475 octets] - [09/02/2014 10:10:13]
AdwCleaner[S0].txt - [1213 octets] - [09/02/2014 10:12:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1273 octets] ##########

OTL Fix:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Users\Jacob\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs folder moved successfully.
C:\Users\Jacob\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images folder moved successfully.
C:\Users\Jacob\AppData\Local\SlimWare Utilities Inc\DriverUpdate folder moved successfully.
C:\Users\Jacob\AppData\Local\SlimWare Utilities Inc folder moved successfully.
C:\Users\Public\Documents\Downloaded Installers\{65C92136-6AF0-4E70-88D2-D19E739CE285} folder moved successfully.
C:\Users\Public\Documents\Downloaded Installers folder moved successfully.
C:\Users\Jacob\Desktop\DriverUpdate-setup.exe moved successfully.
C:\Windows\SysNative\bootdelete.exe moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\ not found.
Folder C:\Program Files\HitmanPro\ not found.
C:\ProgramData\HitmanPro\Quarantine folder moved successfully.
C:\ProgramData\HitmanPro\Logs folder moved successfully.
C:\ProgramData\HitmanPro folder moved successfully.
C:\Windows\SysWOW64\PnkBstrB.exe moved successfully.
C:\Windows\SysWOW64\PnkBstrA.exe moved successfully.
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\Jacob\Desktop\cmd.bat deleted successfully.
C:\Users\Jacob\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Jacob\Desktop\cmd.bat deleted successfully.
C:\Users\Jacob\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Guest

User: HomeGroupUser$

User: Jacob
->Temp folder emptied: 144871534 bytes
->Temporary Internet Files folder emptied: 119991829 bytes
->Java cache emptied: 8402 bytes
->Google Chrome cache emptied: 429498352 bytes
->Flash cache emptied: 812 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 231773363 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43257594 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 644 bytes
RecycleBin emptied: 7639446 bytes

Total Files Cleaned = 932.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02092014_093627

Files\Folders moved on Reboot...
C:\Users\Jacob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jacob\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Scan:

OTL logfile created on: 2/9/2014 11:06:45 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jacob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 80.20% Memory free
8.10 Gb Paging File | 6.47 Gb Available in Paging File | 79.81% Paging File free
Paging file location(s): c:\pagefile.sys 512 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 209.34 Gb Total Space | 140.92 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive D: | 19.38 Gb Total Space | 2.10 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32

Computer Name: JACOB-HP | User Name: Jacob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/06 21:55:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jacob\Desktop\OTL.exe
PRC - [2014/02/01 18:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/06 22:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/09/29 14:33:42 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/08/19 16:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/27 18:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/01 18:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2013/12/10 06:47:16 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/06 16:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/05 15:08:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/02/05 07:08:00 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/27 14:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/12/27 18:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/03 08:34:40 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/10/23 09:11:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 15:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 15:11:03 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/14 15:11:03 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/05 15:50:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 14:32:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/16 05:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 05:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/15 13:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/16 14:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/07 14:20:22 | 000,448,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E199F18C-D3C4-4B8D-9431-E60179ECCB6E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 BD 1A 59 48 01 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{82A8AA25-0EED-4B99-B2BC-A45FAAB87830}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: James White = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: Spotify - Music for every moment = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Dropbox = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: Google Wallet = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/09 09:47:29 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe File not found
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B03D8AF-5E00-49FE-8A09-A86944AF7761}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D500B3F1-070F-47C2-86A6-C8087C6CE780}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2A1B64D-5F28-45CE-98AE-855A66FBCA4F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\G\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\G\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 10:27:23 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\Jacob\Desktop\JRT_NEW.exe
[2014/02/09 10:07:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 09:36:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/06 22:01:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Jacob\Desktop\aswmbr.exe
[2014/02/06 21:54:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jacob\Desktop\OTL.exe
[2014/02/05 15:34:59 | 013,670,584 | ---- | C] (Microsoft Corporation) -- C:\Users\Jacob\Desktop\mseinstall.exe
[2014/02/04 07:00:00 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/02/03 19:36:56 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\.minecraft
[2014/02/03 19:32:18 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Dropbox
[2014/02/03 19:28:41 | 037,660,568 | ---- | C] (Dropbox, Inc.) -- C:\Users\Jacob\Desktop\Dropbox 2.6.2.exe
[2014/02/03 16:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/02/03 16:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/02/03 16:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2014/02/03 16:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/02/03 16:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/02/03 16:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/02/03 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/02/03 16:32:20 | 000,000,000 | ---D | C] -- C:\AMD
[2014/02/03 16:10:35 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/02/03 16:10:20 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/02/03 16:10:20 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/02/03 16:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/02/03 15:55:50 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/02/03 15:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/03 02:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Macromedia
[2014/02/02 23:23:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/02/02 20:02:29 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Oracle
[2014/02/02 15:11:34 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Security
[2014/02/02 14:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/02 14:39:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/02 14:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/02 14:32:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/02 13:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2014/02/02 13:11:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014/02/02 03:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/02/02 03:35:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/02/02 03:28:54 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\computer
[2014/02/02 03:27:49 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Backup
[2014/02/02 03:23:51 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Mods
[2014/02/02 03:21:46 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Videos
[2014/02/02 03:21:37 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Music
[2014/02/02 03:19:35 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Important Items
[2014/02/02 03:19:22 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Games
[2014/02/02 03:17:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/02 03:17:03 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\MFAData
[2014/02/02 03:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/02/02 03:14:03 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Roxio Log Files
[2014/02/02 03:07:59 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Tools
[2014/02/02 03:05:14 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Stuff
[2014/02/02 03:05:10 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Skate Videos
[2014/02/02 03:03:02 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Recycle Bin
[2014/02/02 02:59:06 | 000,000,000 | R--D | C] -- C:\Users\Jacob\Desktop\Pictures
[2014/02/01 01:02:26 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Xpadder5-3
[2014/01/31 01:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Windows Live Writer
[2014/01/31 01:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\Windows Live Writer
[2014/01/31 01:03:50 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Science Notes
[2014/01/29 14:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\websavee
[2014/01/29 14:53:48 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\Packages
[2014/01/29 14:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\websavee
[2014/01/29 14:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SetApp
[2014/01/29 14:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\9f034431ec6a0e7d
[2014/01/29 14:49:53 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\Comodo
[2014/01/29 14:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/01/26 01:36:49 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\.technic
[2014/01/25 15:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Desktop\Ipod touch 4g
[2014/01/24 23:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/24 23:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/24 23:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/24 23:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/24 23:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/15 00:37:27 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 00:37:26 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 00:37:23 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/13 00:03:45 | 000,819,176 | ---- | C] (Google Inc.) -- C:\Users\Jacob\Desktop\ChromeSetup.exe
[2014/01/12 19:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/01/12 19:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center

========== Files - Modified Within 30 Days ==========

[2014/02/09 11:10:31 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/09 11:10:31 | 000,661,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/09 11:10:31 | 000,121,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/09 10:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/09 10:23:02 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 10:23:02 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 10:16:08 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/09 10:15:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/09 10:15:32 | 1828,904,959 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/09 10:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/09 10:05:04 | 001,166,132 | ---- | M] () -- C:\Users\Jacob\Desktop\adwcleaner.exe
[2014/02/09 09:47:29 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/07 13:10:09 | 000,014,848 | ---- | M] () -- C:\Users\Jacob\Desktop\Computer Specs.png
[2014/02/06 23:40:17 | 000,000,512 | ---- | M] () -- C:\Users\Jacob\Desktop\MBR.dat
[2014/02/06 22:01:32 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Jacob\Desktop\aswmbr.exe
[2014/02/06 21:55:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jacob\Desktop\OTL.exe
[2014/02/05 22:17:31 | 001,346,898 | ---- | M] () -- C:\Users\Jacob\Desktop\20140204_085714.jpg
[2014/02/05 21:33:25 | 000,001,264 | ---- | M] () -- C:\Users\Jacob\Desktop\rundll32 - Shortcut.lnk
[2014/02/05 15:36:19 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/05 15:36:06 | 013,670,584 | ---- | M] (Microsoft Corporation) -- C:\Users\Jacob\Desktop\mseinstall.exe
[2014/02/05 07:08:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/05 07:07:59 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/04 19:20:08 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/04 02:38:30 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\Jacob\Desktop\JRT_NEW.exe
[2014/02/03 23:38:30 | 000,004,064 | ---- | M] () -- C:\Users\Jacob\Desktop\DolphinanaFox.png
[2014/02/03 19:29:07 | 037,660,568 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jacob\Desktop\Dropbox 2.6.2.exe
[2014/02/03 19:21:23 | 000,107,764 | ---- | M] () -- C:\Users\Jacob\Desktop\XRayInstaller.jar
[2014/02/03 19:20:31 | 3846,942,971 | ---- | M] () -- C:\Users\Jacob\Desktop\Garry's mod.zip
[2014/02/03 19:10:15 | 000,098,550 | ---- | M] () -- C:\Users\Jacob\Desktop\[1.7.4] XRay.zip
[2014/02/03 19:07:07 | 000,811,067 | ---- | M] () -- C:\Users\Jacob\Desktop\OptiFine_1.7.4_HD_U_C7 (1).jar
[2014/02/03 18:25:35 | 002,406,621 | ---- | M] () -- C:\Users\Jacob\Desktop\TechnicLauncher.exe
[2014/02/03 16:10:06 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/02/03 16:10:03 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/02/03 16:10:03 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/02/03 16:10:02 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/02/03 14:42:46 | 000,675,988 | ---- | M] () -- C:\Users\Jacob\Desktop\Minecraft.exe
[2014/02/03 12:43:13 | 006,019,965 | ---- | M] () -- C:\Users\Jacob\Desktop\faithful32pack.zip
[2014/02/03 11:17:24 | 005,837,483 | ---- | M] () -- C:\Users\Jacob\Desktop\lwjgl-2.9.1.zip
[2014/02/03 09:34:05 | 000,007,605 | ---- | M] () -- C:\Users\Jacob\AppData\Local\Resmon.ResmonCfg
[2014/02/03 08:34:40 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/02 13:36:50 | 000,005,817 | ---- | M] () -- C:\Users\Jacob\Desktop\error.png
[2014/02/02 13:26:52 | 000,442,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/01 01:15:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2014/02/01 01:01:56 | 000,564,533 | ---- | M] () -- C:\Users\Jacob\Desktop\Xpadder with minecraft (1).zip
[2014/02/01 01:00:47 | 000,564,533 | ---- | M] () -- C:\Users\Jacob\Desktop\Xpadder with minecraft.zip
[2014/01/31 19:23:43 | 000,803,731 | ---- | M] () -- C:\Users\Jacob\Desktop\OptiFine_1.7.4_HD_U_C5.jar
[2014/01/31 01:49:33 | 000,312,910 | ---- | M] () -- C:\Users\Jacob\Documents\Scan0004.jpg
[2014/01/31 01:49:33 | 000,278,037 | ---- | M] () -- C:\Users\Jacob\Documents\Scan0003.jpg
[2014/01/31 01:49:32 | 000,346,283 | ---- | M] () -- C:\Users\Jacob\Documents\Scan0001.jpg
[2014/01/31 01:49:32 | 000,331,582 | ---- | M] () -- C:\Users\Jacob\Documents\Scan0002.jpg
[2014/01/24 23:25:31 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/16 23:14:03 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/01/13 00:05:54 | 000,002,243 | ---- | M] () -- C:\Users\Jacob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/13 00:03:50 | 000,819,176 | ---- | M] (Google Inc.) -- C:\Users\Jacob\Desktop\ChromeSetup.exe
[2014/01/12 19:39:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/01/12 19:38:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2014/01/12 19:34:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/01/11 18:26:03 | 002,886,112 | ---- | M] () -- C:\Users\Jacob\Desktop\cat-mario.zip

========== Files Created - No Company Name ==========

[2014/02/09 11:05:25 | 006,110,041 | ---- | C] () -- C:\Users\Jacob\Desktop\GEDC0003.JPG
[2014/02/09 11:05:25 | 006,059,700 | ---- | C] () -- C:\Users\Jacob\Desktop\GEDC0004.JPG
[2014/02/09 11:05:25 | 006,017,555 | ---- | C] () -- C:\Users\Jacob\Desktop\GEDC0002.JPG
[2014/02/09 10:04:44 | 001,166,132 | ---- | C] () -- C:\Users\Jacob\Desktop\adwcleaner.exe
[2014/02/07 13:10:09 | 000,014,848 | ---- | C] () -- C:\Users\Jacob\Desktop\Computer Specs.png
[2014/02/06 23:40:17 | 000,000,512 | ---- | C] () -- C:\Users\Jacob\Desktop\MBR.dat
[2014/02/05 22:16:56 | 001,346,898 | ---- | C] () -- C:\Users\Jacob\Desktop\20140204_085714.jpg
[2014/02/05 21:33:25 | 000,001,264 | ---- | C] () -- C:\Users\Jacob\Desktop\rundll32 - Shortcut.lnk
[2014/02/03 23:38:29 | 000,004,064 | ---- | C] () -- C:\Users\Jacob\Desktop\DolphinanaFox.png
[2014/02/03 19:21:20 | 000,107,764 | ---- | C] () -- C:\Users\Jacob\Desktop\XRayInstaller.jar
[2014/02/03 19:10:13 | 000,098,550 | ---- | C] () -- C:\Users\Jacob\Desktop\[1.7.4] XRay.zip
[2014/02/03 19:06:57 | 000,811,067 | ---- | C] () -- C:\Users\Jacob\Desktop\OptiFine_1.7.4_HD_U_C7 (1).jar
[2014/02/03 18:48:14 | 3846,942,971 | ---- | C] () -- C:\Users\Jacob\Desktop\Garry's mod.zip
[2014/02/03 18:23:03 | 002,406,621 | ---- | C] () -- C:\Users\Jacob\Desktop\TechnicLauncher.exe
[2014/02/03 14:42:43 | 000,675,988 | ---- | C] () -- C:\Users\Jacob\Desktop\Minecraft.exe
[2014/02/03 12:42:46 | 006,019,965 | ---- | C] () -- C:\Users\Jacob\Desktop\faithful32pack.zip
[2014/02/03 11:17:00 | 005,837,483 | ---- | C] () -- C:\Users\Jacob\Desktop\lwjgl-2.9.1.zip
[2014/02/03 09:34:05 | 000,007,605 | ---- | C] () -- C:\Users\Jacob\AppData\Local\Resmon.ResmonCfg
[2014/02/03 08:34:40 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/02 13:36:50 | 000,005,817 | ---- | C] () -- C:\Users\Jacob\Desktop\error.png
[2014/02/02 13:26:20 | 000,442,920 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/01 01:15:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2014/02/01 01:01:47 | 000,564,533 | ---- | C] () -- C:\Users\Jacob\Desktop\Xpadder with minecraft (1).zip
[2014/02/01 01:00:38 | 000,564,533 | ---- | C] () -- C:\Users\Jacob\Desktop\Xpadder with minecraft.zip
[2014/01/31 19:23:19 | 000,803,731 | ---- | C] () -- C:\Users\Jacob\Desktop\OptiFine_1.7.4_HD_U_C5.jar
[2014/01/31 01:49:33 | 000,312,910 | ---- | C] () -- C:\Users\Jacob\Documents\Scan0004.jpg
[2014/01/31 01:49:32 | 000,346,283 | ---- | C] () -- C:\Users\Jacob\Documents\Scan0001.jpg
[2014/01/31 01:49:32 | 000,331,582 | ---- | C] () -- C:\Users\Jacob\Documents\Scan0002.jpg
[2014/01/31 01:49:32 | 000,278,037 | ---- | C] () -- C:\Users\Jacob\Documents\Scan0003.jpg
[2014/01/24 23:25:31 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/13 19:56:45 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/01/12 19:39:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/01/12 19:38:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2014/01/12 19:34:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/01/11 18:25:55 | 002,886,112 | ---- | C] () -- C:\Users\Jacob\Desktop\cat-mario.zip
[2013/12/25 01:56:43 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/12/25 01:40:44 | 000,770,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/09 23:01:43 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/12/06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/12/06 16:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/12/06 16:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/12/06 15:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/12/06 15:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jacob on Sun 02/09/2014 at 10:28:14.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/09/2014 at 10:46:46.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

How is your computer Running?

Better then before.
  • 0

Advertisements

#11
pystryker
Posted 10 February 2014 - 06:50 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hi, let's run a sweep for remnants and check for out of date programs on your machine.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



Step 1: Scan with Malwarebytes

I see you have Malwarebytes' Anti-Malware installed.

  • Please open the program.
  • Click on the Update tab then click Check for Updates

    Posted Image
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, check the following settings:
    • On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.

    Posted Image
  • On the Scanner tab, check Perform quick scan.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.




Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log
  • 0

#12
jacob98
Posted 11 February 2014 - 09:34 PM

jacob98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ESet Log:

Didn't work, tried google chrome and internet explorer

Security Check Scan:

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 12.0.0.43 Flash Player out of Date!
Adobe Reader 10.1.9 Adobe Reader out of Date!
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Malwarebytes Scan:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jacob :: JACOB-HP [administrator]

2/10/2014 11:22:20 PM
mbam-log-2014-02-10 (23-22-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 218759
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#13
pystryker
Posted 11 February 2014 - 10:09 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Try this link here for the ESET scan. Some times those links change a bit on their server.

ESET Online Scanner

Also, are you still getting the module error upon boot up?
  • 0

#14
pystryker
Posted 13 February 2014 - 05:34 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

I wanted to check in with you as I haven't heard from you in a couple of days. Please let me know if you have had the opportunity to run the ESET scan, and thanks! :)
  • 0

#15
Dakeyras
Posted 14 February 2014 - 08:10 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP