Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stormfall [Closed]


  • This topic is locked This topic is locked

#1
wufreak

wufreak

    Member

  • Member
  • PipPip
  • 36 posts

It's been about 5 weeks now or so, but I was downloading updated drivers for my mother board when it popped up.  Coincidentally, it was the same day that I lost the ability to use my second monitor.  I identified Stormfall in  both my internet explorer and Firefox folders and deleted it, but it's still there somehow.  What do I need to do to get rid of it?

 

 

Here is my OTL log:

 

OTL logfile created on: 5/12/2014 2:36:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.88 Gb Total Physical Memory | 14.11 Gb Available Physical Memory | 88.84% Memory free
31.76 Gb Paging File | 29.94 Gb Available in Paging File | 94.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 44.24 Gb Free Space | 39.61% Space Free | Partition Type: NTFS
Drive D: | 449.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 232.88 Gb Total Space | 104.87 Gb Free Space | 45.03% Space Free | Partition Type: NTFS
Drive H: | 149.05 Gb Total Space | 32.45 Gb Free Space | 21.77% Space Free | Partition Type: NTFS
 
Computer Name: JAMES-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/12 14:28:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2014/04/30 11:28:45 | 002,199,840 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/04/30 11:28:32 | 001,617,696 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/09/27 11:46:26 | 000,559,696 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
PRC - [2011/03/23 12:42:52 | 001,516,888 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G930\G930.exe
PRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/06/13 11:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\n52te\n52teHid.exe
PRC - [2008/04/24 17:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\n52te\n52teTra.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
MOD - [2009/06/29 11:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2008/04/24 17:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\n52te\n52teTra.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe -- (SoftXpand 2011 Watchdog)
SRV:64bit: - [2014/04/30 11:28:23 | 021,007,192 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/04/13 01:41:04 | 000,016,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\mfcoresvc.exe -- (mfcoresvc)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/23 16:09:18 | 000,702,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/11/09 18:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/10 09:50:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/03 15:28:05 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/30 11:28:32 | 001,617,696 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/01/25 02:22:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/11/14 22:25:52 | 000,569,768 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/11 16:09:30 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/12/11 16:07:51 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/12/11 15:54:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2010/08/10 21:37:08 | 000,334,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/30 11:28:22 | 000,018,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/04/13 03:12:50 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLib64.sys -- (wStLib64)
DRV:64bit: - [2014/04/13 01:41:04 | 000,080,312 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mfcore.sys -- (mfcore)
DRV:64bit: - [2014/03/31 09:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/01/25 02:22:44 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/11/28 06:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/07/17 17:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/04/15 11:51:58 | 000,102,808 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2013/04/15 11:51:52 | 000,410,008 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/15 05:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/22 21:03:56 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/06 23:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 07:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2007/12/16 19:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub)
DRV:64bit: - [2007/09/29 02:21:58 | 000,013,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vhidmini.sys -- (vhidmini)
DRV:64bit: - [2007/09/29 02:04:58 | 000,046,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2010/09/06 23:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...cr=254936427=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...cr=254936427=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...Page={startPage}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...Page={startPage}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A CB F6 7D 02 55 CF 01  [binary data]
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...&q={searchTerms}
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://start.mysearc...&cr=92668805=
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{58DE9623-883E-491E-A138-469931B3E79B}: "URL" = http://securedsearch...&q={searchTerms}
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...cr=254936427=
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Administrator\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Jomantha] C:\Program Files (x86)\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500..\Run: [EPSON Stylus CX4800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Users\ADMINI~1\AppData\Local\Temp\E_SA362.tmp" /EF "HKCU" File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA500F9-1993-45B2-9405-43FD4F7A465B}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F612172C-EC83-4270-801B-86C90D9B0690}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/03/01 14:34:30 | 000,000,184 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell - "" = AutoRun
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell\AutoRun\command - "" = D:\setup.exe -- [2001/02/28 11:14:46 | 000,476,576 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell\configure\command - "" = D:\SETUP.EXE -- [2001/02/28 11:14:46 | 000,476,576 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell\install\command - "" = D:\SETUP.EXE -- [2001/02/28 11:14:46 | 000,476,576 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/12 14:29:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/05/11 17:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/05/11 16:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2014/05/11 16:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2014/05/11 16:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2014/05/11 16:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/05/11 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/05/11 15:45:52 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/05/11 15:44:54 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/05/11 15:44:54 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/05/11 15:44:54 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/05/11 15:44:54 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/05/11 15:44:54 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/05/11 15:44:54 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/05/11 15:44:54 | 015,783,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/05/11 15:44:54 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/05/11 15:44:54 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/05/11 15:44:54 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/05/11 15:44:54 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/05/11 15:44:54 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/05/11 15:44:54 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/05/11 15:44:54 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/05/11 15:44:54 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/05/11 15:44:54 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2014/05/11 15:44:54 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/05/11 15:44:54 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/05/11 15:44:54 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/05/11 15:44:54 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/05/11 15:44:54 | 000,832,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/05/11 15:44:54 | 000,484,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/05/11 15:44:54 | 000,409,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/05/11 15:44:54 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/05/11 15:44:54 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/05/11 15:44:54 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2014/05/11 15:44:54 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2014/05/11 08:53:34 | 001,225,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/05/11 08:53:34 | 001,081,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/05/11 08:53:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NVIDIA
[2014/05/11 08:53:28 | 000,040,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/05/11 08:53:28 | 000,037,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2014/05/11 08:53:28 | 000,034,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/05/10 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Logitech
[2014/05/10 13:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2014/05/10 13:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/05/10 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logitech
[2014/05/10 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logishrd
[2014/05/10 09:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/06 00:52:44 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/05 21:33:33 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/05 21:33:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/04/22 21:22:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/04/21 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Creative
[2014/04/21 12:00:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Lavasoft
[2014/04/21 10:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2014/04/21 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\adawarebp
[2014/04/21 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2014/04/21 10:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2014/04/21 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/04/18 23:31:16 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\EmieUserList
[2014/04/18 23:31:16 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\EmieSiteList
[2014/04/17 02:37:56 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/17 02:37:56 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/17 02:37:56 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/17 02:37:55 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/17 02:37:55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/17 02:37:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/17 02:37:54 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/17 02:37:54 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/17 02:37:54 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/17 02:37:54 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/17 02:37:54 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/17 02:37:54 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/17 02:37:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/17 02:37:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/17 02:37:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/17 02:37:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/17 02:37:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/17 02:37:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/17 02:37:53 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/17 02:37:52 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/17 02:37:52 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/17 02:37:52 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/17 02:37:52 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/17 02:37:52 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/17 02:37:52 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/17 02:37:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/17 02:37:51 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/17 02:37:51 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/17 02:37:50 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/13 09:24:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\IsolatedStorage
[2014/04/13 03:12:50 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/04/13 01:44:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Optimizer Pro
[2014/04/13 01:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/13 01:41:04 | 001,312,664 | ---- | C] (MiniFrame) -- C:\Windows\SysNative\mfcoresfp.dll
[2014/04/13 01:41:04 | 001,259,568 | ---- | C] (MiniFrame) -- C:\Windows\SysNative\mfcoresfp.exe
[2014/04/13 01:41:04 | 000,519,576 | ---- | C] (MiniFrame) -- C:\Windows\SysWow64\mfcoresfp.dll
[2014/04/13 01:41:04 | 000,319,168 | ---- | C] (MiniFrame) -- C:\Windows\SysWow64\mfcoresfp.exe
[2014/04/13 01:41:04 | 000,151,440 | ---- | C] (MiniFrame) -- C:\Windows\SysNative\mfcoresfp.x64
[2014/04/13 01:41:04 | 000,067,472 | ---- | C] (MiniFrame) -- C:\Windows\SysWow64\mfcoresfp.x86
[2014/04/13 01:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MiniFrame
[2014/04/13 01:40:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
[2014/04/13 01:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2014/04/13 01:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2014/04/13 01:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/04/13 01:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/04/13 01:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/04/13 01:39:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DigitalSites
[2014/04/13 01:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/12 14:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/12 14:29:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/05/12 14:23:52 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/12 14:23:52 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/12 14:23:52 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/12 14:23:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/05/12 14:17:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/12 14:16:56 | 4200,726,526 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/12 13:40:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/05/11 19:25:03 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/11 19:25:03 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/11 19:25:03 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/11 17:45:40 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/05/11 17:23:35 | 000,000,090 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2014/05/11 17:11:31 | 000,289,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/11 17:02:26 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/05/11 17:02:12 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2014/05/11 16:32:03 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/11 16:32:03 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/11 08:53:45 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/05/03 15:28:05 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/03 15:28:05 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/30 11:27:16 | 001,081,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/04/30 11:26:54 | 001,225,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/04/22 21:10:21 | 000,000,266 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20140422_211013.reg
[2014/04/22 20:51:08 | 625,640,149 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/15 22:18:36 | 000,002,110 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/04/13 19:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/04/13 19:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/04/13 10:25:40 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/13 03:12:50 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/04/13 01:41:04 | 001,312,664 | ---- | M] (MiniFrame) -- C:\Windows\SysNative\mfcoresfp.dll
[2014/04/13 01:41:04 | 001,259,568 | ---- | M] (MiniFrame) -- C:\Windows\SysNative\mfcoresfp.exe
[2014/04/13 01:41:04 | 000,519,576 | ---- | M] (MiniFrame) -- C:\Windows\SysWow64\mfcoresfp.dll
[2014/04/13 01:41:04 | 000,426,376 | ---- | M] () -- C:\Windows\SysNative\mfcoredll.dll
[2014/04/13 01:41:04 | 000,387,464 | ---- | M] () -- C:\Windows\SysWow64\mfcoredll.dll
[2014/04/13 01:41:04 | 000,319,168 | ---- | M] (MiniFrame) -- C:\Windows\SysWow64\mfcoresfp.exe
[2014/04/13 01:41:04 | 000,151,440 | ---- | M] (MiniFrame) -- C:\Windows\SysNative\mfcoresfp.x64
[2014/04/13 01:41:04 | 000,080,312 | ---- | M] () -- C:\Windows\SysNative\drivers\mfcore.sys
[2014/04/13 01:41:04 | 000,067,472 | ---- | M] (MiniFrame) -- C:\Windows\SysWow64\mfcoresfp.x86
[2014/04/13 01:41:04 | 000,016,824 | ---- | M] () -- C:\Windows\SysNative\mfcoresvc.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/11 17:23:16 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/11 17:02:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/11 17:02:12 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2014/05/11 17:02:12 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2014/05/11 17:02:11 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2014/05/11 17:02:11 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2014/05/11 17:02:06 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2014/05/11 17:02:06 | 000,002,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
[2014/05/11 16:59:01 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2014/05/11 08:53:45 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/04/22 21:10:15 | 000,000,266 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20140422_211013.reg
[2014/04/22 20:51:08 | 625,640,149 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/21 10:01:40 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/04/13 02:39:01 | 000,000,090 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2014/04/13 01:41:04 | 000,426,376 | ---- | C] () -- C:\Windows\SysNative\mfcoredll.dll
[2014/04/13 01:41:04 | 000,387,464 | ---- | C] () -- C:\Windows\SysWow64\mfcoredll.dll
[2014/04/13 01:41:04 | 000,080,312 | ---- | C] () -- C:\Windows\SysNative\drivers\mfcore.sys
[2014/04/13 01:41:04 | 000,016,824 | ---- | C] () -- C:\Windows\SysNative\mfcoresvc.exe
[2014/04/13 01:39:45 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2014/04/13 01:39:34 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2014/03/14 19:17:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2014/02/06 22:52:54 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2014/01/25 02:22:44 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/01/25 02:22:38 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/25 02:22:38 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/11/22 23:43:52 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2013/11/11 16:09:06 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/11/11 16:09:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/11/11 16:09:06 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/11/11 16:09:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/11/11 16:09:06 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/11/11 16:09:06 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/11/11 16:09:06 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/11/11 16:09:06 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/11/11 16:09:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/11/11 16:09:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/11/11 16:09:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/11/11 16:09:06 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/11/11 16:09:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/11/11 16:09:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/11/11 16:09:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/11/11 16:09:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/07/31 08:59:22 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/12/20 09:45:45 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/11 15:53:50 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/12/11 15:53:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/11/14 00:17:23 | 000,064,454 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/11/14 00:14:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/14 00:14:37 | 000,049,092 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/11/14 00:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/11/13 23:52:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/13 23:52:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/11/13 23:52:19 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/11/13 23:52:19 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/11/13 23:52:19 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:
  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    Run your copy of OTL by double-clicking it.
    • Copy and paste the following into the Custom Scans/Fixes box:
      :Commands
      [CreateRestorePoint]
      
      :OTL
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...cr=254936427=
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
      IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...cr=254936427=
      IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
      IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...&q={searchTerms}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
      IE - HKU\.DEFAULT\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...Page={startPage}
      IE - HKU\S-1-5-18\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...Page={startPage}
      IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
      IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...&q={searchTerms}
      IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://start.mysearc...&cr=92668805=
      IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{58DE9623-883E-491E-A138-469931B3E79B}: "URL" = http://securedsearch...&q={searchTerms}
      IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...cr=254936427=
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2:64bit: - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
      O3:64bit: - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
      O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
      [2014/04/13 01:44:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Optimizer Pro
      [2014/04/13 01:40:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
      [2014/04/13 01:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
      [2014/04/13 01:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
      [2014/04/13 01:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
      [2014/04/13 01:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
      [2014/04/13 01:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
      [2014/04/13 01:39:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DigitalSites
      [2014/04/13 01:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
      [2014/04/13 01:39:45 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
      [2014/04/13 01:39:34 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:373E1720
      O4 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500..\Run: [EPSON Stylus CX4800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Users\ADMINI~1\AppData\Local\Temp\E_SA362.tmp" /EF "HKCU" File not found
      O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found 
      O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found 
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
      
      :Commands
      [emptytemp]
      [resethosts]
      

      cF4ib.png

    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      SNBlQhy.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      dir "%systemdrive%\*" /S /A:L /C
      /md5start
      services.*
      explorer.exe
      Userinit.exe
      svchost.exe
      /md5stop
      CREATERESTOREPOINT
    • Click Run Scan.
    • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
    • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Step 5

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)
    • Extras.txt (OTL)
    • OTL.txt (OTL)
    • AdwCleaner[S*].txt (AdwCleaner)
    • checkup.txt (SecurityCheck)
    • JRT.txt (Junkware Removal Tool)

  • 1

#4
wufreak

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Thank you very much for your reply.  Here is my log after reboot:

 

 

 

 

 

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}\ not found.
HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Internet Explorer\SearchScopes\{58DE9623-883E-491E-A138-469931B3E79B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58DE9623-883E-491E-A138-469931B3E79B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ deleted successfully.
File BHO: (Ad-Aware not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ deleted successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ deleted successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
File C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll not found.
C:\Users\Administrator\Documents\Optimizer Pro folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall folder moved successfully.
File 14/04/13 01:39:49 | not found.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2014-04-13-09h22m58s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2014-04-13-01h39m48s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs folder moved successfully.
C:\ProgramData\NortonInstaller folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E\newdefs-trigger folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData folder moved successfully.
C:\ProgramData\Symantec\Definitions folder moved successfully.
C:\ProgramData\Symantec folder moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 scheduled to be moved on reboot.
C:\Users\Administrator\AppData\Roaming\DigitalSites folder moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! scheduled to be moved on reboot.
C:\Windows\Tasks\MySearchDial.job moved successfully.
C:\Windows\Tasks\Digital Sites.job moved successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File EPSON Stylus not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\\\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 182705115 bytes
->Temporary Internet Files folder emptied: 141200220 bytes
->Java cache emptied: 8197 bytes
->Flash cache emptied: 8867 bytes
 
User: B'anca
->Temporary Internet Files folder emptied: 786834 bytes
 
User: Default
 
User: hedev
->Temp folder emptied: 43164427 bytes
 
User: James
->Temp folder emptied: 2725105 bytes
->Temporary Internet Files folder emptied: 869487 bytes
->Java cache emptied: 1605258 bytes
->FireFox cache emptied: 66880438 bytes
->Flash cache emptied: 1050 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2177688 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8020459 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42288831 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 470.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05132014_140645

Files\Folders moved on Reboot...
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! folder moved successfully.
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#5
wufreak

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

This is my AdwCleaner log:

 

# AdwCleaner v3.208 - Report created 13/05/2014 at 14:18:27
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Administrator - JAMES-PC
# Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Administrator\AppData\Local\iac
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\adawaretb
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\Extensions\[email protected]
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\Extensions\staged\[email protected]
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\searchplugins\Web Search.xml
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\user.js
File Deleted : C:\Windows\System32\Tasks\Digital Sites
File Deleted : C:\Windows\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseMark_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseMark_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{169349CB-5EDB-48D0-9D62-630CEFDEE9FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1D5C5714-E466-4D35-B7A6-D74D12B06614}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2736053D-1398-4791-B032-8CEF898A6208}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F4A085D-4BF0-4CAE-B668-78F1123BD706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4ECF3505-C397-4E95-BA9C-1B4921BED076}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5308D535-9409-40F7-9857-6AE2E5C3A962}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5B9AFA9A-424A-4B0F-A665-D6DC3D51C837}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{670593B8-D230-4521-A3EF-59D400A645B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72581E0D-724E-4F3E-850C-97A7AA22695C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744DDF68-A2C6-47D5-BDAE-146C6EA23B56}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77B7DC62-D647-4A3E-971D-723D9F49625A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{784B84DA-D5B3-46A9-8492-A9B872B37718}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7991D62C-DE2C-4F05-A12D-228BC7F357B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7D0B0305-0302-4B6B-BCE1-C4DCDCBF7239}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{826E0DB1-7BBE-48A4-B548-31ABD5A07A78}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8442E942-AB01-47DB-8E3C-38E3E14320E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8953967E-9D15-4C6C-A1F1-D73EC0E8D0F0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8968BBE7-1429-4015-A8EF-2FD913EA5B27}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8A21CC5C-3AEF-477C-9939-AD565F0EACE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DF27CC6-3E08-4368-A1AC-9BEB795D0CB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{920354F8-AA6D-4801-B277-D916472E2127}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A189396C-EB06-4361-A69D-1D5AC9EA9DBD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA66FB1C-413E-4053-A863-5982A55E2A44}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B140F2D1-BF2D-402A-AA19-0FC57AD53B25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD68C8B7-6214-449A-B2F3-2C99903CEAF6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F35F23E4-B079-42A2-9089-1A1BF5C1C70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseMark

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

*************************

AdwCleaner[R0].txt - [12730 octets] - [13/05/2014 14:17:58]
AdwCleaner[S0].txt - [12393 octets] - [13/05/2014 14:18:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12454 octets] ##########


  • 0

#6
wufreak

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Here is my Junkware log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Administrator on Tue 05/13/2014 at 14:23:16.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/13/2014 at 14:26:19.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#7
wufreak

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Here is the log from OTL:

 

OTL logfile created on: 5/13/2014 2:28:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.88 Gb Total Physical Memory | 13.98 Gb Available Physical Memory | 88.01% Memory free
31.76 Gb Paging File | 29.80 Gb Available in Paging File | 93.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 44.08 Gb Free Space | 39.46% Space Free | Partition Type: NTFS
Drive D: | 449.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 232.88 Gb Total Space | 104.87 Gb Free Space | 45.03% Space Free | Partition Type: NTFS
Drive H: | 149.05 Gb Total Space | 32.45 Gb Free Space | 21.77% Space Free | Partition Type: NTFS
 
Computer Name: JAMES-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/13 14:20:18 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/05/12 14:29:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014/04/30 11:28:45 | 002,199,840 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/04/30 11:28:32 | 001,617,696 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
PRC - [2011/03/23 12:42:52 | 001,516,888 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G930\G930.exe
PRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/06/13 11:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\n52te\n52teHid.exe
PRC - [2008/04/24 17:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\n52te\n52teTra.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/13 14:20:18 | 003,019,888 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/05/13 14:20:18 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/05/13 14:20:18 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
MOD - [2009/06/29 11:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2008/04/24 17:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\n52te\n52teTra.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe -- (SoftXpand 2011 Watchdog)
SRV:64bit: - [2014/04/30 11:28:23 | 021,007,192 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/04/13 01:41:04 | 000,016,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\mfcoresvc.exe -- (mfcoresvc)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/23 16:09:18 | 000,702,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/11/09 18:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/10 09:50:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/03 15:28:05 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/30 11:28:32 | 001,617,696 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/01/25 02:22:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/11/14 22:25:52 | 000,569,768 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/11 16:09:30 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/12/11 16:07:51 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/12/11 15:54:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2010/08/10 21:37:08 | 000,334,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/30 11:28:22 | 000,018,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/04/13 03:12:50 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLib64.sys -- (wStLib64)
DRV:64bit: - [2014/04/13 01:41:04 | 000,080,312 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mfcore.sys -- (mfcore)
DRV:64bit: - [2014/03/31 09:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/01/25 02:22:44 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/11/28 06:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/07/17 17:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/04/15 11:51:58 | 000,102,808 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2013/04/15 11:51:52 | 000,410,008 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/15 05:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/22 21:03:56 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/06 23:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 07:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2007/12/16 19:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub)
DRV:64bit: - [2007/09/29 02:21:58 | 000,013,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vhidmini.sys -- (vhidmini)
DRV:64bit: - [2007/09/29 02:04:58 | 000,046,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2010/09/06 23:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A CB F6 7D 02 55 CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Administrator\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2014/05/13 14:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
 
O1 HOSTS File: ([2014/05/13 14:07:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Jomantha] C:\Program Files (x86)\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [EPSON Stylus CX4800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Users\ADMINI~1\AppData\Local\Temp\E_SA362.tmp" /EF "HKCU" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA500F9-1993-45B2-9405-43FD4F7A465B}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F612172C-EC83-4270-801B-86C90D9B0690}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/03/01 14:34:30 | 000,000,184 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell - "" = AutoRun
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell\AutoRun\command - "" = D:\setup.exe -- [2001/02/28 11:14:46 | 000,476,576 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell\configure\command - "" = D:\SETUP.EXE -- [2001/02/28 11:14:46 | 000,476,576 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell\install\command - "" = D:\SETUP.EXE -- [2001/02/28 11:14:46 | 000,476,576 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/13 14:23:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/13 14:22:03 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Administrator\Desktop\JRT.exe
[2014/05/13 14:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/05/13 14:14:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/13 14:06:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/13 14:02:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2014/05/12 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Awesomium
[2014/05/12 14:29:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/05/11 17:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/05/11 16:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2014/05/11 16:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2014/05/11 16:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2014/05/11 16:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/05/11 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/05/11 15:45:52 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/05/11 15:44:54 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/05/11 15:44:54 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/05/11 15:44:54 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/05/11 15:44:54 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/05/11 15:44:54 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/05/11 15:44:54 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/05/11 15:44:54 | 015,783,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/05/11 15:44:54 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/05/11 15:44:54 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/05/11 15:44:54 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/05/11 15:44:54 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/05/11 15:44:54 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/05/11 15:44:54 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/05/11 15:44:54 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/05/11 15:44:54 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/05/11 15:44:54 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2014/05/11 15:44:54 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/05/11 15:44:54 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/05/11 15:44:54 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/05/11 15:44:54 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/05/11 15:44:54 | 000,832,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/05/11 15:44:54 | 000,484,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/05/11 15:44:54 | 000,409,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/05/11 15:44:54 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/05/11 15:44:54 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/05/11 15:44:54 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2014/05/11 15:44:54 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2014/05/11 08:53:34 | 001,225,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/05/11 08:53:34 | 001,081,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/05/11 08:53:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NVIDIA
[2014/05/11 08:53:28 | 000,040,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/05/11 08:53:28 | 000,037,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2014/05/11 08:53:28 | 000,034,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/05/10 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Logitech
[2014/05/10 13:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2014/05/10 13:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/05/10 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logitech
[2014/05/10 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logishrd
[2014/05/10 09:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/06 00:52:44 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/05 21:33:33 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/05 21:33:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/04/22 21:22:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/04/21 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Creative
[2014/04/21 12:00:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Lavasoft
[2014/04/21 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\adawarebp
[2014/04/21 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2014/04/21 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/04/18 23:31:16 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\EmieUserList
[2014/04/18 23:31:16 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\EmieSiteList
[2014/04/17 02:37:56 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/17 02:37:56 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/17 02:37:56 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/17 02:37:55 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/17 02:37:55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/17 02:37:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/17 02:37:54 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/17 02:37:54 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/17 02:37:54 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/17 02:37:54 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/17 02:37:54 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/17 02:37:54 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/17 02:37:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/17 02:37:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/17 02:37:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/17 02:37:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/17 02:37:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/17 02:37:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/17 02:37:53 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/17 02:37:52 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/17 02:37:52 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/17 02:37:52 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/17 02:37:52 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/17 02:37:52 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/17 02:37:52 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/17 02:37:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/17 02:37:51 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/17 02:37:51 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/17 02:37:50 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/13 14:26:45 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/13 14:26:45 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/13 14:26:45 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/13 14:26:36 | 000,002,110 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/05/13 14:22:03 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Administrator\Desktop\JRT.exe
[2014/05/13 14:19:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/13 14:19:48 | 4200,726,526 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/13 14:19:30 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/13 14:19:30 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/13 14:19:30 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/13 14:14:35 | 001,325,827 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2014/05/13 14:07:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/05/13 13:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/12 14:29:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/05/11 17:45:40 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/05/11 17:23:35 | 000,000,090 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2014/05/11 17:11:31 | 000,289,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/11 17:02:26 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/05/11 17:02:12 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2014/05/11 16:32:03 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/11 16:32:03 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/11 08:53:45 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/05/03 15:28:05 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/03 15:28:05 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/30 11:27:16 | 001,081,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/04/30 11:26:54 | 001,225,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/04/22 21:10:21 | 000,000,266 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20140422_211013.reg
[2014/04/22 20:51:08 | 625,640,149 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/13 19:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/04/13 19:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
 
========== Files Created - No Company Name ==========
 
[2014/05/13 14:14:35 | 001,325,827 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2014/05/11 17:23:16 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/11 17:02:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/11 17:02:12 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2014/05/11 17:02:12 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2014/05/11 17:02:11 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2014/05/11 17:02:11 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2014/05/11 17:02:06 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2014/05/11 17:02:06 | 000,002,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
[2014/05/11 16:59:01 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2014/05/11 08:53:45 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/04/22 21:10:15 | 000,000,266 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20140422_211013.reg
[2014/04/22 20:51:08 | 625,640,149 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/21 10:01:40 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/04/13 02:39:01 | 000,000,090 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2014/04/13 01:41:04 | 000,387,464 | ---- | C] () -- C:\Windows\SysWow64\mfcoredll.dll
[2014/03/14 19:17:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2014/02/06 22:52:54 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2014/01/25 02:22:44 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/01/25 02:22:38 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/25 02:22:38 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/11/22 23:43:52 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2013/11/11 16:09:06 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/11/11 16:09:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/11/11 16:09:06 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/11/11 16:09:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/11/11 16:09:06 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/11/11 16:09:06 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/11/11 16:09:06 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/11/11 16:09:06 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/11/11 16:09:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/11/11 16:09:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/11/11 16:09:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/11/11 16:09:06 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/11/11 16:09:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/11/11 16:09:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/11/11 16:09:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/11/11 16:09:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/07/31 08:59:22 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/12/20 09:45:45 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/11 15:53:50 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/12/11 15:53:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/11/14 00:17:23 | 000,064,454 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/11/14 00:14:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/14 00:14:37 | 000,049,092 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/11/14 00:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/11/13 23:52:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/13 23:52:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/11/13 23:52:19 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/11/13 23:52:19 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/11/13 23:52:19 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 06:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 06:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 06:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 06:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 06:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 06:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 06:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 06:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 06:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/08/03 15:10:42 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 06:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 06:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 06:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 06:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 06:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 06:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 8AA9-8A10
 Directory of C:\
07/13/2009  10:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Roaming]
03/06/2013  12:14 AM    <JUNCTION>     Local Settings [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2013  12:14 AM    <JUNCTION>     Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [.]
03/06/2013  12:14 AM    <JUNCTION>     History [.]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Roaming]
03/06/2013  12:14 AM    <JUNCTION>     Local Settings [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2013  12:14 AM    <JUNCTION>     Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [.]
03/06/2013  12:14 AM    <JUNCTION>     History [.]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
03/06/2013  12:14 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
03/06/2013  12:14 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
03/06/2013  12:14 AM    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
             249 Dir(s)  47,329,337,344 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/06/07 04:56:09 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/06/07 04:55:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/06/07 04:10:02 | 002,871,296 | ---- | M] (Microsoft Corporation) MD5=77B1DFCA3230190B999A60E517FB8A81 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/06/07 04:55:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/06/08 07:54:29 | 002,873,344 | ---- | M] (Microsoft Corporation) MD5=A185677FE318CA65DBDFAEA938B23E94 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/06/07 04:56:09 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/06/07 04:55:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2010/06/07 04:56:09 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/06/07 04:55:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: SERVICES  >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2012/12/18 12:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.DAT  >
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\AppData\Local\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\Administrator\Local Settings\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\AppData\Local\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Application Data\Temp\jrt\services.dat
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Administrator\Local Settings\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< End of report >


  • 0

#8
wufreak

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

I only received the one log for OTL?


  • 0

#9
wufreak

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Here is my Security check log:

 

 Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Ad-Aware Antivirus  
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 25 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 13.0.0.206 
 Adobe Reader XI 
 Mozilla Thunderbird (24.5.0)
````````Process Check: objlist.exe by Laurent```````` 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareService.exe
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareTray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 


  • 0

#10
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

I only received the one log for OTL?


You might not have followed the correct settings as indicated in the image I included.  :laughing: It's fine. Anyway, a few questions:
  • How is your computer running? Do you still see ads?
  • Do you use Windows Sidebar?
For this post, let's do a few more scans. :)
  • Step 1

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
    • Adobe Flash Player -- Update
    • Java Runtime Environment -- Update
    Note: Please untick any optional offers Adobe products might come with. Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Step 2

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, ensure a check mark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      9C5bx.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, use Notepad to open and save C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt to your desktop.
    • Select Uninstall application on close and click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • log.txt (ESET Online Scan)
    • mbam-log-*.txt (Malwarebytes Anti-Malware)

  • 0

Advertisements


#11
wufreak

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

I had a version of Malwarebytes already on my machine, but it didn't have all of the tabs that you mentioned.  I deleted it and dl'd the one from your link.  The interface was completely different.  It reminded me that I had dl'd Malwarebytes the day my stormfall troubles began.  Could this have been the program that introduced it to my system?

 

Here is the Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/14/2014
Scan Time: 9:29:05 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.14.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319712
Time Elapsed: 6 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
Trojan.Agent, C:\Users\Administrator\AppData\Local\Temp\services.exe.mui, Quarantined, [9d63639d7c84f60ae3bf426c06fd48b8], 
PUP.Optional.SnapDo.A, C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://feed.snapdo.c...hlcLgd-fQv1Yerw,,");), Replaced,[ee12f10f0ef24eb268b5462e0004847c]
PUP.Optional.SnapDo.A, C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://feed.snapdo.c...u126LkK6YQ,,&q=");), Replaced,[57a9a15f8b75fc04af6f6f05fd0742be]
PUP.Optional.MySearchDial.A, C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://start.mysearc...r=254936427&ir=");), Replaced,[02fe0df3e917a55bf46e41333aca41bf]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#12
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Could this have been the program that introduced it to my system?

 
Ah, I highly doubt it. However, if you downloaded the program from untrustworthy sites (which bundle their adware-infested installers with legitimate programs), it could be possible. Anyway, I must ask again:
  • How is your computer running? Do you still see ads?
  • Do you use Windows Sidebar?
Please post the other log once ready. :)
  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Topic re-opened per OP's request...
  • 0

#15
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
As stated via PMs, please complete the 3rd step from my last post. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP