Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stormfall [Closed]

Started by wufreak , May 12 2014 03:41 PM

  • This topic is locked This topic is locked

#16
wufreak
Posted 25 May 2014 - 10:26 AM

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

ESET log

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=19a696ecc52eae4e918c0593790121b4
# engine=18399
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-25 08:18:06
# local_time=2014-05-25 01:18:06 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 152549336 0 0
# scanned=277719
# found=96
# cleaned=36
# scan_time=2611
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=D8339526811E264DA87727E3C59D508C3D2CFC62 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=3BE129F8F3E197D3EF41282F0CCA6AB7E9C1C2C3 ft=1 fh=69aa9557fd9a5a56 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Temp\speedmax_3056.exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Temp\updater_134135.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Temp\nsb41BA\SpSetup.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Temp\nsjC46A\SpSetup.exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\AppData\Local\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=D8339526811E264DA87727E3C59D508C3D2CFC62 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=3BE129F8F3E197D3EF41282F0CCA6AB7E9C1C2C3 ft=1 fh=69aa9557fd9a5a56 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temp\speedmax_3056.exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temp\updater_134135.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temp\nsb41BA\SpSetup.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temp\nsjC46A\SpSetup.exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=D8339526811E264DA87727E3C59D508C3D2CFC62 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Administrator\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=3BE129F8F3E197D3EF41282F0CCA6AB7E9C1C2C3 ft=1 fh=69aa9557fd9a5a56 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\Users\Administrator\AppData\Local\Temp\speedmax_3056.exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Temp\updater_134135.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Temp\nsb41BA\SpSetup.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Temp\nsjC46A\SpSetup.exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Administrator\Downloads\ccsetup407.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Administrator\Downloads\ccsetup408.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Administrator\Downloads\ccsetup409.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Administrator\Downloads\ccsetup410.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Administrator\Downloads\ccsetup412.exe"
sh=5C0BC536345651410E61301249A101A92A8A48E2 ft=1 fh=c71c00119f1d6457 vn="a variant of Win32/InstallCore.NC potentially unwanted application" ac=I fn="C:\Users\Administrator\Downloads\ZipExtractorSetup.exe"
sh=D8339526811E264DA87727E3C59D508C3D2CFC62 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Administrator\Local Settings\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Administrator\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Administrator\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Users\Administrator\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=3BE129F8F3E197D3EF41282F0CCA6AB7E9C1C2C3 ft=1 fh=69aa9557fd9a5a56 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\Users\Administrator\Local Settings\Temp\speedmax_3056.exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Users\Administrator\Local Settings\Temp\updater_134135.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Users\Administrator\Local Settings\Temp\nsb41BA\SpSetup.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Users\Administrator\Local Settings\Temp\nsjC46A\SpSetup.exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=9984B3874E470E1B64A0E2C84AF22113B7D5B4B4 ft=1 fh=dd48cbc487adf749 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\James\Downloads\ccsetup400(1).exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\James\Downloads\ccsetup400.exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\James\Downloads\ccsetup403.exe"
sh=6B7392086BFE81C9C47D0D041CD900A239011F74 ft=1 fh=a2718fd4c56b599b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Documents and Settings\James\Downloads\ccsetup325.exe"
sh=E5515986D8BCE10A2E6183FCAADDD88E0A18CA7A ft=1 fh=ed7dd496aaa50cda vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="G:\Documents and Settings\James\Downloads\iLividSetup.exe"
sh=8E0DD2BDA79802F7DF3F86FC90C9CC412A14C604 ft=1 fh=16acd8bec228c8f0 vn="a variant of Win32/Keygen.CU potentially unsafe application" ac=I fn="H:\downloads\Battlefield_2_keygen.exe"
sh=D8339526811E264DA87727E3C59D508C3D2CFC62 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\86OZPI8V\sp-downloader[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\spstub[1].exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\931PH4LM\taskinst2028[1].exe"
sh=3BE129F8F3E197D3EF41282F0CCA6AB7E9C1C2C3 ft=1 fh=69aa9557fd9a5a56 vn="a variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\speedmax_3056.exe"
sh=7C7B6F60949092C9CA11F673A40A366647F9D243 ft=1 fh=e1a8a1bf97dc8c2a vn="Win32/Conduit.SearchProtect.O potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\updater_134135.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\nsb41BA\SpSetup.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\nsjC46A\SpSetup.exe"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\Downloads\ccsetup407.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\Downloads\ccsetup408.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\Downloads\ccsetup409.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\Downloads\ccsetup410.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\Downloads\ccsetup412.exe"
sh=5C0BC536345651410E61301249A101A92A8A48E2 ft=1 fh=c71c00119f1d6457 vn="a variant of Win32/InstallCore.NC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\Downloads\ZipExtractorSetup.exe"
sh=9984B3874E470E1B64A0E2C84AF22113B7D5B4B4 ft=1 fh=dd48cbc487adf749 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\James\AppData\Roaming\Mozilla\Firefox\Profiles\ojo3gvhu.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\James\Downloads\ccsetup400(1).exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\James\Downloads\ccsetup400.exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\James\Downloads\ccsetup403.exe"
sh=0C17E80C6CD14FEC37238344E13BEE99D48A67BA ft=1 fh=6f1833bfc1fe9fb6 vn="a variant of Win32/Conduit.SearchProtect.O potentially unwanted application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files\pcreg\pcreg.exe"
sh=16D2E5DB1D6ECBB6954D35AC8A70F26C470100E9 ft=1 fh=e4cfa4e7b96e956d vn="Win32/Conduit.SearchProtect.O potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\pcreg\service.exe"
sh=86342591D60C4E16BF83EF00950340F957F1A422 ft=1 fh=cd83749940d361f6 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=9984B3874E470E1B64A0E2C84AF22113B7D5B4B4 ft=1 fh=dd48cbc487adf749 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=0BC47DE01BA10961EE0D7D6C95A9916DA748A5C7 ft=1 fh=39158cfce6f871c9 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe"
sh=68BF1E0437E11832B4DC5E9923DCA5FFB92914AC ft=1 fh=fe3fcc60a0369b2a vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll"
sh=74ADF35C3A3456993B5D72F70AE1EDEB28987C80 ft=1 fh=90d7e36e3b85c7e4 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe"
sh=4929EB5864840E7F5A0ACA7FA5723D703F4B5E73 ft=1 fh=ce188f0b56e64136 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=8A0819C25BB2568FF451BED451955B4E69E724D7 ft=1 fh=7bc6a5dd57c41934 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=01E8A066B023DAACD6FE9CBC35372A56BE6EC5B1 ft=1 fh=832dcd421f4cfd2d vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
sh=FB7948E63D42672E50D4A521CDB6DBACD615D773 ft=1 fh=fc81cec60cf9c6da vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe"
sh=9098EC727457948747527BE9AC4C0B10C60CE229 ft=1 fh=5aa0df16ab39e37d vn="Win32/Conduit.SearchProtect.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\temp\a.exe"
sh=50FB6BB89CD7675DD1220222E9A83802878EC2E4 ft=1 fh=fd3e98b57cf7fe79 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\temp\embededstub_new2.exe"
sh=970A76CFB61B7FD30ED1DF81E3287BC60253E391 ft=1 fh=eee9e63f3276efa2 vn="Win32/Conduit.SearchProtect.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\temp\launcher.exe"
sh=5D68B62AE8F423B4DE73960E0377E1A5046B938F ft=1 fh=34706950520556ff vn="Win32/Conduit.SearchProtect.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\temp\white.exe"
sh=0848F0E35E2ED749C2D453AC0B59BB5731EFAD2D ft=1 fh=737ea40038a28763 vn="Win32/Conduit.SearchProtect.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\Temp\file_to_run551803.exe"
sh=C5B0F16F92966832876B3AF4CC94F66F5E858C01 ft=1 fh=219094f43a20f04e vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\_OTL\MovedFiles\05132014_140645\C_Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (contained infected files)" ac=C fn="${Memory}"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=19a696ecc52eae4e918c0593790121b4
# engine=18405
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-25 03:16:30
# local_time=2014-05-25 08:16:30 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 152574440 0 0
# scanned=275421
# found=3
# cleaned=3
# scan_time=2542
sh=6B7392086BFE81C9C47D0D041CD900A239011F74 ft=1 fh=a2718fd4c56b599b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="G:\Documents and Settings\James\Downloads\ccsetup325.exe"
sh=E5515986D8BCE10A2E6183FCAADDD88E0A18CA7A ft=1 fh=ed7dd496aaa50cda vn="Win32/Toolbar.SearchSuite potentially unwanted application (deleted - quarantined)" ac=C fn="G:\Documents and Settings\James\Downloads\iLividSetup.exe"
sh=8E0DD2BDA79802F7DF3F86FC90C9CC412A14C604 ft=1 fh=16acd8bec228c8f0 vn="a variant of Win32/Keygen.CU potentially unsafe application (deleted - quarantined)" ac=C fn="H:\downloads\Battlefield_2_keygen.exe"
 


  • 0

Advertisements

#17
Pyxis
Posted 26 May 2014 - 07:47 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
That's quite a lot of adware. Be careful when downloading installers from random sites--this is how adware usually propagates. Kindly produce the below scan for me so that I may see what else remains. It appears you have caught a few more of these nasties since last time.
  • Step 1

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

      Ed5W1.png

    • Click Run Scan.
    • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
    • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Extras.txt (OTL)
    • OTL.txt (OTL)

  • 0

#18
wufreak
Posted 26 May 2014 - 08:17 AM

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Here is the OTL log:

 

OTL logfile created on: 5/26/2014 7:19:01 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.88 Gb Total Physical Memory | 14.17 Gb Available Physical Memory | 89.23% Memory free
31.76 Gb Paging File | 30.01 Gb Available in Paging File | 94.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 41.81 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
Drive D: | 544.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 232.88 Gb Total Space | 96.63 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
Drive H: | 149.05 Gb Total Space | 32.30 Gb Free Space | 21.67% Space Free | Partition Type: NTFS
 
Computer Name: JAMES-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/12 14:29:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014/04/30 11:28:45 | 002,199,840 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/04/30 11:28:32 | 001,617,696 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/16 18:11:04 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Flash Update\winclient32.exe
PRC - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/09/27 11:46:26 | 000,559,696 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/08/27 17:12:56 | 003,220,640 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\APRP\aprp.exe
PRC - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
PRC - [2011/03/23 12:42:52 | 001,516,888 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G930\G930.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/06/13 11:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\n52te\n52teHid.exe
PRC - [2008/04/24 17:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\n52te\n52teTra.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/16 18:11:04 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Flash Update\winclient32.exe
MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\Flash Update\sqlite3.dll
MOD - [2008/04/24 17:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\n52te\n52teTra.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe -- (SoftXpand 2011 Watchdog)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2014/04/30 11:28:23 | 021,007,192 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/04/13 01:41:04 | 000,016,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\mfcoresvc.exe -- (mfcoresvc)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/23 16:09:18 | 000,702,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/11/09 18:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/14 09:08:42 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 09:50:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 11:28:32 | 001,617,696 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/01/25 02:22:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/11/14 22:25:52 | 000,569,768 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/11 16:09:30 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/12/11 16:07:51 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/12/11 15:54:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2010/08/10 21:37:08 | 000,334,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/30 11:28:22 | 000,018,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/04/13 03:12:50 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLib64.sys -- (wStLib64)
DRV:64bit: - [2014/04/13 01:41:04 | 000,080,312 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mfcore.sys -- (mfcore)
DRV:64bit: - [2014/03/31 09:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/01/25 02:22:44 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/11/28 06:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/07/17 17:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/04/15 11:51:58 | 000,102,808 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2013/04/15 11:51:52 | 000,410,008 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/15 05:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/22 21:03:56 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/06 23:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 07:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2007/12/16 19:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub)
DRV:64bit: - [2007/09/29 02:21:58 | 000,013,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vhidmini.sys -- (vhidmini)
DRV:64bit: - [2007/09/29 02:04:58 | 000,046,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2010/09/06 23:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...348FA851E6=
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A CB F6 7D 02 55 CF 01  [binary data]
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2014/05/13 14:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
 
O1 HOSTS File: ([2014/05/13 14:07:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Jomantha] C:\Program Files (x86)\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKLM..\Run: [Windows Client Manager] C:\Program Files (x86)\Flash Update\winclient32.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA500F9-1993-45B2-9405-43FD4F7A465B}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F612172C-EC83-4270-801B-86C90D9B0690}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/04/02 10:36:38 | 000,000,030 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell - "" = AutoRun
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell\AutoRun\command - "" = D:\Launcher.exe -- [2000/05/02 08:32:38 | 000,339,968 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/26 07:19:34 | 000,024,824 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
[2014/05/26 01:07:11 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2014/05/25 00:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/05/24 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\SearchProtect
[2014/05/24 14:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/05/23 11:02:09 | 000,338,120 | ---- | C] (SecureAssist) -- C:\Windows\SysNative\SecureAssist64.dll
[2014/05/23 11:02:07 | 000,295,080 | ---- | C] (SecureAssist) -- C:\Windows\SysWow64\SecureAssist.dll
[2014/05/23 11:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Update
[2014/05/23 11:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Update
[2014/05/23 11:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/05/23 10:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\pcreg
[2014/05/23 10:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2014/05/21 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2014/05/16 20:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2014/05/14 09:21:10 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/14 09:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/14 09:20:51 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/14 09:20:51 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/14 09:20:51 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/14 09:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/14 09:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/14 09:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/14 09:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/14 09:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/14 09:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2014/05/14 00:33:25 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/14 00:33:25 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/13 17:26:24 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/13 17:26:24 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/13 17:26:22 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/13 17:26:21 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/13 17:26:21 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/13 17:26:21 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/13 17:26:21 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/13 17:26:21 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/13 17:26:21 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/13 17:26:21 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/13 17:26:21 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/13 17:26:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/13 17:26:21 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/13 17:26:21 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/13 17:26:21 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/13 17:26:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/13 17:26:21 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/13 17:26:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/13 17:26:21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/13 17:26:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/13 17:26:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/13 17:26:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/13 17:26:21 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/13 17:26:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/13 17:26:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 14:23:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/13 14:22:03 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Administrator\Desktop\JRT.exe
[2014/05/13 14:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/05/13 14:14:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/13 14:06:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/13 14:02:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2014/05/12 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Awesomium
[2014/05/12 14:29:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/05/11 17:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/05/11 16:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2014/05/11 16:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2014/05/11 16:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2014/05/11 16:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/05/11 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/05/11 15:45:52 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/05/11 15:44:54 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/05/11 15:44:54 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/05/11 15:44:54 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/05/11 15:44:54 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/05/11 15:44:54 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/05/11 15:44:54 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/05/11 15:44:54 | 015,783,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/05/11 15:44:54 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/05/11 15:44:54 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/05/11 15:44:54 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/05/11 15:44:54 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/05/11 15:44:54 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/05/11 15:44:54 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/05/11 15:44:54 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/05/11 15:44:54 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/05/11 15:44:54 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2014/05/11 15:44:54 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/05/11 15:44:54 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/05/11 15:44:54 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/05/11 15:44:54 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/05/11 15:44:54 | 000,832,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/05/11 15:44:54 | 000,484,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/05/11 15:44:54 | 000,409,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/05/11 15:44:54 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/05/11 15:44:54 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/05/11 15:44:54 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2014/05/11 15:44:54 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2014/05/11 08:53:34 | 001,225,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/05/11 08:53:34 | 001,081,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/05/11 08:53:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NVIDIA
[2014/05/11 08:53:28 | 000,040,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/05/11 08:53:28 | 000,037,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2014/05/11 08:53:28 | 000,034,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/05/10 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Logitech
[2014/05/10 13:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2014/05/10 13:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/05/10 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logitech
[2014/05/10 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logishrd
[2014/05/10 09:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/06 00:52:44 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/26 07:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/26 07:16:08 | 4200,726,526 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/26 01:46:12 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/26 01:46:12 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/26 01:46:12 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/26 01:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/25 22:52:16 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/25 22:52:16 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/25 13:09:34 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/25 13:09:34 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/25 13:09:34 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/25 13:02:37 | 1480,833,166 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/21 17:29:10 | 000,000,202 | ---- | M] () -- C:\Users\Administrator\Desktop\Guns of Icarus Online.url
[2014/05/14 09:31:47 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/14 09:21:02 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/14 09:08:41 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 09:08:41 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/13 14:35:52 | 000,854,367 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2014/05/13 14:26:36 | 000,002,110 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/05/13 14:22:03 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Administrator\Desktop\JRT.exe
[2014/05/13 14:14:35 | 001,325,827 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2014/05/13 14:07:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/05/12 14:29:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/05/11 17:45:40 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/05/11 17:23:35 | 000,000,090 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2014/05/11 17:11:31 | 000,289,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/11 17:02:26 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/05/11 17:02:12 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2014/05/11 08:53:45 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/05/08 23:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/08 23:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/05 20:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 19:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/30 11:27:16 | 001,081,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/04/30 11:26:54 | 001,225,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
 
========== Files Created - No Company Name ==========
 
[2014/05/21 17:29:10 | 000,000,202 | ---- | C] () -- C:\Users\Administrator\Desktop\Guns of Icarus Online.url
[2014/05/14 09:21:02 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/13 14:35:52 | 000,854,367 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2014/05/13 14:14:35 | 001,325,827 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2014/05/11 17:23:16 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/11 17:02:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/11 17:02:12 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2014/05/11 17:02:12 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2014/05/11 17:02:11 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2014/05/11 17:02:11 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2014/05/11 17:02:06 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2014/05/11 17:02:06 | 000,002,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
[2014/05/11 16:59:01 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2014/05/11 08:53:45 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/04/13 02:39:01 | 000,000,090 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2014/04/13 01:41:04 | 000,387,464 | ---- | C] () -- C:\Windows\SysWow64\mfcoredll.dll
[2014/03/14 19:17:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2014/02/06 22:52:54 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2014/01/25 02:22:44 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/01/25 02:22:38 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/25 02:22:38 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/11/22 23:43:52 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2013/11/11 16:09:06 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/11/11 16:09:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/11/11 16:09:06 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/11/11 16:09:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/11/11 16:09:06 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/11/11 16:09:06 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/11/11 16:09:06 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/11/11 16:09:06 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/11/11 16:09:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/11/11 16:09:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/11/11 16:09:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/11/11 16:09:06 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/11/11 16:09:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/11/11 16:09:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/11/11 16:09:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/11/11 16:09:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/07/31 08:59:22 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/12/20 09:45:45 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/11 15:53:50 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/12/11 15:53:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/11/14 00:17:23 | 000,064,454 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/11/14 00:14:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/14 00:14:37 | 000,049,092 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/11/14 00:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/11/13 23:52:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/13 23:52:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/11/13 23:52:19 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/11/13 23:52:19 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/11/13 23:52:19 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/25 23:19:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Awesomium
[2014/03/13 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Expert PDF 7
[2013/04/25 18:20:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2013/12/27 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mumble
[2014/02/07 18:56:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\n52te
[2014/04/01 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\raidcall
[2013/03/11 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2014/05/25 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2013/07/31 20:43:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mumble
[2013/04/17 18:12:24 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\n52te
[2013/03/11 18:16:05 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Thunderbird
[2013/04/27 17:32:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TS3Client
[2013/03/15 01:20:33 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >


  • 0

#19
wufreak
Posted 26 May 2014 - 08:19 AM

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Extras log:

OTL logfile created on: 5/26/2014 7:19:01 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.88 Gb Total Physical Memory | 14.17 Gb Available Physical Memory | 89.23% Memory free
31.76 Gb Paging File | 30.01 Gb Available in Paging File | 94.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 41.81 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
Drive D: | 544.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 232.88 Gb Total Space | 96.63 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
Drive H: | 149.05 Gb Total Space | 32.30 Gb Free Space | 21.67% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/12 14:29:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014/04/30 11:28:45 | 002,199,840 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/04/30 11:28:32 | 001,617,696 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/16 18:11:04 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Flash Update\winclient32.exe
PRC - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/09/27 11:46:26 | 000,559,696 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/08/27 17:12:56 | 003,220,640 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\APRP\aprp.exe
PRC - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
PRC - [2011/03/23 12:42:52 | 001,516,888 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G930\G930.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/06/13 11:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\n52te\n52teHid.exe
PRC - [2008/04/24 17:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\n52te\n52teTra.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/16 18:11:04 | 000,640,000 | ---- | M] () -- C:\Program Files (x86)\Flash Update\winclient32.exe
MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\Flash Update\sqlite3.dll
MOD - [2008/04/24 17:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\n52te\n52teTra.exe


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe -- (SoftXpand 2011 Watchdog)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2014/04/30 11:28:23 | 021,007,192 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/04/13 01:41:04 | 000,016,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\mfcoresvc.exe -- (mfcoresvc)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/23 16:09:18 | 000,702,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/11/09 18:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/14 09:08:42 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 09:50:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 11:28:32 | 001,617,696 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/01/25 02:22:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/11/14 22:25:52 | 000,569,768 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/11 16:09:30 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/12/11 16:07:51 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/12/11 15:54:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2010/08/10 21:37:08 | 000,334,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/30 11:28:22 | 000,018,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/04/13 03:12:50 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLib64.sys -- (wStLib64)
DRV:64bit: - [2014/04/13 01:41:04 | 000,080,312 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mfcore.sys -- (mfcore)
DRV:64bit: - [2014/03/31 09:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/01/25 02:22:44 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/11/28 06:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/07/17 17:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/04/15 11:51:58 | 000,102,808 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2013/04/15 11:51:52 | 000,410,008 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/15 05:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/22 21:03:56 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/06 23:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 07:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2007/12/16 19:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub)
DRV:64bit: - [2007/09/29 02:21:58 | 000,013,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vhidmini.sys -- (vhidmini)
DRV:64bit: - [2007/09/29 02:04:58 | 000,046,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2010/09/06 23:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...48FA851E6&SSPV=
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A CB F6 7D 02 55 CF 01 [binary data]
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2014/05/13 14:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2014/05/13 14:07:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Jomantha] C:\Program Files (x86)\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKLM..\Run: [Windows Client Manager] C:\Program Files (x86)\Flash Update\winclient32.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA500F9-1993-45B2-9405-43FD4F7A465B}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F612172C-EC83-4270-801B-86C90D9B0690}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/04/02 10:36:38 | 000,000,030 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell - "" = AutoRun
O33 - MountPoints2\{eae3aeeb-43e7-11e2-96fb-3085a98fcb86}\Shell\AutoRun\command - "" = D:\Launcher.exe -- [2000/05/02 08:32:38 | 000,339,968 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/26 07:19:34 | 000,024,824 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
[2014/05/26 01:07:11 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2014/05/25 00:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/05/24 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\SearchProtect
[2014/05/24 14:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/05/23 11:02:09 | 000,338,120 | ---- | C] (SecureAssist) -- C:\Windows\SysNative\SecureAssist64.dll
[2014/05/23 11:02:07 | 000,295,080 | ---- | C] (SecureAssist) -- C:\Windows\SysWow64\SecureAssist.dll
[2014/05/23 11:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Update
[2014/05/23 11:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Update
[2014/05/23 11:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/05/23 10:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\pcreg
[2014/05/23 10:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2014/05/21 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2014/05/16 20:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2014/05/14 09:21:10 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/14 09:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/14 09:20:51 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/14 09:20:51 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/14 09:20:51 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/14 09:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/14 09:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/14 09:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/14 09:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/14 09:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/14 09:09:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2014/05/14 00:33:25 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/14 00:33:25 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/13 17:26:24 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/13 17:26:24 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/13 17:26:22 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/13 17:26:21 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/13 17:26:21 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/13 17:26:21 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/13 17:26:21 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/13 17:26:21 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/13 17:26:21 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/13 17:26:21 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/13 17:26:21 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/13 17:26:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/13 17:26:21 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/13 17:26:21 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/13 17:26:21 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/13 17:26:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/13 17:26:21 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/13 17:26:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/13 17:26:21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/13 17:26:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/13 17:26:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/13 17:26:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/13 17:26:21 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/13 17:26:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/13 17:26:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 14:23:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/13 14:22:03 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Administrator\Desktop\JRT.exe
[2014/05/13 14:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/05/13 14:14:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/13 14:06:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/13 14:02:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2014/05/12 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Awesomium
[2014/05/12 14:29:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/05/11 17:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/05/11 16:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2014/05/11 16:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2014/05/11 16:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2014/05/11 16:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/05/11 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/05/11 15:45:52 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/05/11 15:44:54 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/05/11 15:44:54 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/05/11 15:44:54 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/05/11 15:44:54 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/05/11 15:44:54 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/05/11 15:44:54 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/05/11 15:44:54 | 015,783,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/05/11 15:44:54 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/05/11 15:44:54 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/05/11 15:44:54 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/05/11 15:44:54 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/05/11 15:44:54 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/05/11 15:44:54 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/05/11 15:44:54 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/05/11 15:44:54 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/05/11 15:44:54 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2014/05/11 15:44:54 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/05/11 15:44:54 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/05/11 15:44:54 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/05/11 15:44:54 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/05/11 15:44:54 | 000,832,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/05/11 15:44:54 | 000,484,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/05/11 15:44:54 | 000,409,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/05/11 15:44:54 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/05/11 15:44:54 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/05/11 15:44:54 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2014/05/11 15:44:54 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2014/05/11 08:53:34 | 001,225,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/05/11 08:53:34 | 001,081,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/05/11 08:53:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NVIDIA
[2014/05/11 08:53:28 | 000,040,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/05/11 08:53:28 | 000,037,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2014/05/11 08:53:28 | 000,034,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/05/10 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Logitech
[2014/05/10 13:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2014/05/10 13:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/05/10 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logitech
[2014/05/10 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logishrd
[2014/05/10 09:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/06 00:52:44 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel

========== Files - Modified Within 30 Days ==========

[2014/05/26 07:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/26 07:16:08 | 4200,726,526 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/26 01:46:12 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/26 01:46:12 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/26 01:46:12 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000B-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014/05/26 01:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/25 22:52:16 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/25 22:52:16 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/25 13:09:34 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/25 13:09:34 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/25 13:09:34 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/25 13:02:37 | 1480,833,166 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/21 17:29:10 | 000,000,202 | ---- | M] () -- C:\Users\Administrator\Desktop\Guns of Icarus Online.url
[2014/05/14 09:31:47 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/14 09:21:02 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/14 09:08:41 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 09:08:41 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/13 14:35:52 | 000,854,367 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2014/05/13 14:26:36 | 000,002,110 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/05/13 14:22:03 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Administrator\Desktop\JRT.exe
[2014/05/13 14:14:35 | 001,325,827 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2014/05/13 14:07:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/05/12 14:29:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/05/11 17:45:40 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/05/11 17:23:35 | 000,000,090 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2014/05/11 17:11:31 | 000,289,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/11 17:02:26 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/05/11 17:02:12 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2014/05/11 08:53:45 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/05/08 23:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/08 23:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/05 20:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 19:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/30 11:27:16 | 001,081,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/04/30 11:26:54 | 001,225,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll

========== Files Created - No Company Name ==========

[2014/05/21 17:29:10 | 000,000,202 | ---- | C] () -- C:\Users\Administrator\Desktop\Guns of Icarus Online.url
[2014/05/14 09:21:02 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/13 14:35:52 | 000,854,367 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2014/05/13 14:14:35 | 001,325,827 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2014/05/11 17:23:16 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/11 17:02:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/11 17:02:12 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2014/05/11 17:02:12 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2014/05/11 17:02:11 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2014/05/11 17:02:11 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2014/05/11 17:02:06 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2014/05/11 17:02:06 | 000,002,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
[2014/05/11 16:59:01 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2014/05/11 08:53:45 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/04/13 02:39:01 | 000,000,090 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\WB.CFG
[2014/04/13 01:41:04 | 000,387,464 | ---- | C] () -- C:\Windows\SysWow64\mfcoredll.dll
[2014/03/14 19:17:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2014/02/06 22:52:54 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2014/01/25 02:22:44 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/01/25 02:22:38 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/25 02:22:38 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/11/22 23:43:52 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2013/11/11 16:09:06 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/11/11 16:09:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/11/11 16:09:06 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/11/11 16:09:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/11/11 16:09:06 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/11/11 16:09:06 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/11/11 16:09:06 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/11/11 16:09:06 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/11/11 16:09:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/11/11 16:09:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/11/11 16:09:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/11/11 16:09:06 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/11/11 16:09:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/11/11 16:09:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/11/11 16:09:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/11/11 16:09:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/07/31 08:59:22 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/12/20 09:45:45 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/11 15:53:50 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/12/11 15:53:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/11/14 00:17:23 | 000,064,454 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/11/14 00:14:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/14 00:14:37 | 000,049,092 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/11/14 00:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/11/13 23:52:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/13 23:52:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/11/13 23:52:19 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/11/13 23:52:19 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/11/13 23:52:19 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/25 23:19:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Awesomium
[2014/03/13 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Expert PDF 7
[2013/04/25 18:20:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2013/12/27 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mumble
[2014/02/07 18:56:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\n52te
[2014/04/01 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\raidcall
[2013/03/11 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2014/05/25 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2013/07/31 20:43:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mumble
[2013/04/17 18:12:24 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\n52te
[2013/03/11 18:16:05 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Thunderbird
[2013/04/27 17:32:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TS3Client
[2013/03/15 01:20:33 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Ubisoft

========== Purity Check ==========



< End of report >
  • 0

#20
Pyxis
Posted 26 May 2014 - 03:48 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Oops. Looks like you did catch some more adware. A few things:
  • You accidentally posted the same log twice. Could you locate Extras.txt and post it?
  • Are you still getting Stormfall ads? What is present in your system appears to be a different variant this time.
  • Did you happen to have installed Bitdefender at one point? Your log shows a component of it that remains installed.
On to the nuking!  :alarm:
  • Step 1

    Run your copy of OTL by double-clicking it.
    • Copy and paste the following into the Custom Scans/Fixes box:
      :Commands
[Createrestorepoint]

:OTL
[2014/05/24 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\SearchProtect
[2014/05/24 14:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/05/23 11:02:09 | 000,338,120 | ---- | C] (SecureAssist) -- C:\Windows\SysNative\SecureAssist64.dll
[2014/05/23 11:02:07 | 000,295,080 | ---- | C] (SecureAssist) -- C:\Windows\SysWow64\SecureAssist.dll
[2014/05/23 11:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Update
[2014/05/23 11:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Update
[2014/05/23 11:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/05/23 10:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\pcreg
[2014/05/23 10:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O4 - HKU\S-1-5-21-3912920969-2364359791-1450137467-500..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKLM..\Run: [Windows Client Manager] C:\Program Files (x86)\Flash Update\winclient32.exe ()
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...48FA851E6&SSPV=
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)

:Files
C:\PROGRA~2\SearchProtect
C:\Program Files (x86)\SearchProtect

:Commands
[emptytemp]

      cF4ib.png

    • Click Run Fix.
    • After, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Your browser settings have been altered by malware. Follow these instructions to reset them to default.

    Google Chrome
    • Open Google Chrome.
    • Click the menu on the browser toolbar.
    • Select Settings.
    • Click Show advanced settings... and scroll down to the very bottom.
    • Click the Reset browser settings button.
    • In the dialog that appears, click Reset.
    • Close Google Chrome.
    Internet Explorer
    • Open Internet Explorer.
    • Click the gear icon and then click Internet options.
    • Click the Advanced tab, and then click Reset... at the bottom.
    • Check Delete personal settings and press Reset.
    • Once done, click Close, and then click OK.
    • Close Internet Explorer.
    Mozilla Firefox
    • Open Mozilla Firefox.
    • Click the orange Firefox button at the top-left corner.
    • Select Help > Trouble Shooting Information > Reset Firefox....
    • Proceed by clicking Reset Firefox button.
    • Once done, a window will appear. Click Finish.
    • Close Mozilla Firefox.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)
    • Extras.txt (OTL)

  • 0

#21
wufreak
Posted 29 May 2014 - 03:07 PM

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Sorry about that, extras log:

OTL Extras logfile created on: 5/26/2014 7:19:01 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.88 Gb Total Physical Memory | 14.17 Gb Available Physical Memory | 89.23% Memory free
31.76 Gb Paging File | 30.01 Gb Available in Paging File | 94.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 41.81 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
Drive D: | 544.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 232.88 Gb Total Space | 96.63 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
Drive H: | 149.05 Gb Total Space | 32.30 Gb Free Space | 21.67% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hide Folder] -- attrib +h "%1" (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Unhide Folder] -- attrib -h "%1" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hide Folder] -- attrib +h "%1" (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Unhide Folder] -- attrib -h "%1" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AF218B-D04A-427E-B08E-01FA18043742}" = protocol=6 | dir=in | app=d:\routersetup\qiswizard.exe |
"{19583347-92B1-4BEC-B836-2A1A5CD51A59}" = protocol=17 | dir=in | app=c:\users\james\desktop\gw2.exe |
"{3FD3FAC6-9E18-444C-A2F3-00336711CEBC}" = protocol=6 | dir=in | app=e:\users\tenesha\appdata\roaming\spotify\spotify.exe |
"{3FD69794-14B9-43AC-A2E3-A3D90D86A987}" = protocol=17 | dir=in | app=d:\printer\printer.exe |
"{48CA02C8-DABA-4AE1-9E11-7E0C68D5101C}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n66u wireless router utilities\qiswizard.exe |
"{5086B4B8-BE6E-40AC-9731-51156707DD91}" = protocol=6 | dir=in | app=g:\programs\electronic arts\star wars-the old republic\launcher.exe |
"{59500DCA-9B95-40D4-8BBD-DCDAE24A2093}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\printer utilities\usbservice64.exe |
"{666A0582-F25A-44C7-AE57-8FDBFC2BEDC9}" = protocol=6 | dir=in | app=g:\programs\electronic arts\star wars-the old republic\launcher.exe |
"{7C0D4545-85DF-4DE2-AE19-1633C250A829}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n66u wireless router utilities\qiswizard.exe |
"{8E1B3A21-650E-4F13-864D-7CC097F9A238}" = protocol=17 | dir=in | app=e:\users\tenesha\appdata\roaming\spotify\spotify.exe |
"{94EBBD25-7A25-4C12-996A-BB8F10B3DDCE}" = protocol=6 | dir=in | app=d:\printer\printer.exe |
"{A62E6700-B260-444F-B035-41708AD3DA03}" = protocol=17 | dir=in | app=g:\programs\electronic arts\star wars-the old republic\launcher.exe |
"{B106BBA4-F4E3-496B-B3E4-CC8A65ECB6E5}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n66u wireless router utilities\discovery.exe |
"{B88131D5-2DD5-457C-B1CD-C65392929A81}" = protocol=17 | dir=in | app=g:\programs\electronic arts\star wars-the old republic\launcher.exe |
"{BBB75771-D46C-4598-8E7B-642576E38D07}" = protocol=6 | dir=in | app=c:\users\james\desktop\gw2.exe |
"{C5035772-5403-411C-ABBF-A5F31BBAEC34}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n66u wireless router utilities\rescue.exe |
"{C6FEEC22-3B46-4E1A-8CF3-F5CC343B36F1}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n66u wireless router utilities\rescue.exe |
"{F4610728-30C2-46AE-B594-C606FEAA1739}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\printer utilities\usbservice64.exe |
"{FB4005F0-E350-4D21-8F3E-5209C70D5954}" = protocol=17 | dir=in | app=d:\routersetup\qiswizard.exe |
"{FD0E22A5-AADF-4797-B1ED-E3DE746165FA}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n66u wireless router utilities\discovery.exe |
"TCP Query User{28C0AF58-4065-46ED-8BE9-60C15CE261C3}C:\users\james\desktop\gw2.exe" = protocol=6 | dir=in | app=c:\users\james\desktop\gw2.exe |
"TCP Query User{BBD20683-0F30-480A-9BFC-37F0A8271856}G:\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=g:\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{C1C61FFF-C704-48AE-A7B9-2FE4AC621D49}G:\programs\games\planetside2\planetside2.exe" = protocol=6 | dir=in | app=g:\programs\games\planetside2\planetside2.exe |
"UDP Query User{07380775-34C6-47B3-88CA-C471122D2665}G:\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=g:\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{40DFC22F-4B5B-41AD-82CF-A5C75DF3D4EB}G:\programs\games\planetside2\planetside2.exe" = protocol=17 | dir=in | app=g:\programs\games\planetside2\planetside2.exe |
"UDP Query User{9254491E-02B5-4731-B3FC-6B7DE304285E}C:\users\james\desktop\gw2.exe" = protocol=17 | dir=in | app=c:\users\james\desktop\gw2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{600DEB42-433A-40AF-BC14-082E40577BF2}" = AntimalwareEngine
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6A16ADA5-0B30-4893-84AB-961B1340D14A}" = AdAwareUpdater
"{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater" = Ad-Aware Antivirus
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91C4D79C-3579-48E8-ADFA-8818042AEB73}" = Logitech G930
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC7D612A-9805-4BB8-A8CA-4CCFE361B4B7}" = AdAwareInstaller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.0.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 12.4.67
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 12.4.67
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{E76A136D-3A4F-40AA-BBDA-D682FCC8C90D}" = Intel® Network Connections 17.0.200.2
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"7AFADC17CE5D176C218EB94F26AE53271142A857" = Windows Driver Package - Bose Corporation (usbser) Ports (08/03/2012 1.2.0.0)
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.53
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"PROSetDX" = Intel® Network Connections 17.0.200.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{88CA8932-7987-4D7A-BEE3-227BDB3CA888}" = ASUS RT-N66U Wireless Router Utilities
"{8A1FEA5E-8DB8-AD80-5C14-AEF33D16EF5A}" = Rosetta Stone TOTALe
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}" = ASUS Product Register Program
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}" = GPUTweakStreaming
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"3DMIDI" = Creative 3DMIDI Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"com.rosettastone.rosettastonetotale" = Rosetta Stone TOTALe
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative Diagnostics
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}" = GPUTweakStreaming
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Mozilla Thunderbird 24.5.0 (x86 en-US)" = Mozilla Thunderbird 24.5.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SearchProtect" = Search Protect
"Steam" = Steam
"Steam App 209080" = Guns of Icarus Online
"Steam App 48240" = Anno 2070
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Elder Scrolls Online Beta_is1" = The Elder Scrolls Online Beta
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VLC media player" = VLC media player 1.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{Minion}}_is1" = Minion
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.

< End of report >
  • 0

#22
wufreak
Posted 29 May 2014 - 03:12 PM

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Yes, I'm still getting the Stormfall pop ups.

Here is the OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Administrator\AppData\Local\SearchProtect\SearchProtect\STG folder moved successfully.
C:\Users\Administrator\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\Administrator\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect folder moved successfully.
C:\Windows\SysNative\SecureAssist64.dll moved successfully.
C:\Windows\SysWOW64\SecureAssist.dll moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Update scheduled to be moved on reboot.
C:\Program Files (x86)\Flash Update folder moved successfully.
C:\Program Files\003 folder moved successfully.
C:\Program Files\pcreg folder moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Client Manager deleted successfully.
File C:\Program Files (x86)\Flash Update\winclient32.exe not found.
HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3912920969-2364359791-1450137467-500\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
HKU\S-1-5-21-3912920969-2364359791-1450137467-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Service pcregservice stopped successfully!
Service pcregservice deleted successfully!
File C:\Program Files\pcreg\pcreg.exe not found.
========== FILES ==========
C:\PROGRA~2\SearchProtect\UI\rep folder moved successfully.
C:\PROGRA~2\SearchProtect\UI\dialogs\uninstall folder moved successfully.
C:\PROGRA~2\SearchProtect\UI\dialogs\settings folder moved successfully.
C:\PROGRA~2\SearchProtect\UI\dialogs\protectionDS folder moved successfully.
C:\PROGRA~2\SearchProtect\UI\dialogs\protection folder moved successfully.
C:\PROGRA~2\SearchProtect\UI\dialogs\libs folder moved successfully.
C:\PROGRA~2\SearchProtect\UI\dialogs\Images folder moved successfully.
C:\PROGRA~2\SearchProtect\UI\dialogs\bubble folder moved successfully.
C:\PROGRA~2\SearchProtect\UI\dialogs folder moved successfully.
C:\PROGRA~2\SearchProtect\UI\bin folder moved successfully.
C:\PROGRA~2\SearchProtect\UI folder moved successfully.
C:\PROGRA~2\SearchProtect\Main\rep folder moved successfully.
C:\PROGRA~2\SearchProtect\Main\bin folder moved successfully.
C:\PROGRA~2\SearchProtect\Main folder moved successfully.
C:\PROGRA~2\SearchProtect folder moved successfully.
File\Folder C:\Program Files (x86)\SearchProtect not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 55836894 bytes
->Temporary Internet Files folder emptied: 302222706 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 17745283 bytes
->Flash cache emptied: 4592 bytes

User: B'anca
->Temporary Internet Files folder emptied: 0 bytes

User: Default

User: hedev
->Temp folder emptied: 0 bytes

User: James
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2428661 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 189766209 bytes

Total Files Cleaned = 542.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05292014_141513

Files\Folders moved on Reboot...
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Update folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer folder moved successfully.
C:\Users\Administrator\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\26b5dc9e48691a8035dafb2b7ed76562_fce8395c8fd8a849_f3279b66e87c6f22_0_0.bin moved successfully.
C:\Users\Administrator\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\26b5dc9e48691a8035dafb2b7ed76562_fce8395c8fd8a849_f3279b66e87c6f22_0_0.toc moved successfully.
C:\Users\Administrator\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\26b5dc9e48691a8035dafb2b7ed76562_fce8395c8fd8a849_f3279b66e87c6f22_0_1.bin moved successfully.
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W94LDN6O\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W94LDN6O\V80PAcvrynR[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W94LDN6O\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGS7SPMO\page-2[1].htm moved successfully.
File\Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0VUM76A\fastbutton[1].htm not found!
File\Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM0PJY10\like[2].htm not found!
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM0PJY10\postmessageRelay[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5G34WXV0\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5G34WXV0\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5G34WXV0\V80PAcvrynR[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#23
Pyxis
Posted 30 May 2014 - 10:01 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Yes, I'm still getting the Stormfall pop ups.


Is this the case even after the last set of fixes?
  • 0

#24
wufreak
Posted 30 May 2014 - 12:03 PM

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

I am not getting the pop ups since the last fix, but there is still an option at the top of my "programs" column that says "Get Pose".  Everytime I hit it in the past it took me to the Stormfall site.


  • 0

#25
Pyxis
Posted 31 May 2014 - 07:18 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Oh, you meant a shortcut? You may remove that easily, but I'd like you to do the following instead first:
  • Carefully right-click on the entry.
  • Choose Properties.
  • Under the Shortcut tab, copy the field value corresponding to Target.
  • Close the window. Right-click on the entry again.
  • This time, choose Remove from this list.
  • Post the copied path here.
Let's look for remnants now so we can be ensured it doesn't come back:
  • Download 'Farbar Recovery Scan Tool by Farbar' and save it to your desktop.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • The program will initialize. Press Yes to accept the disclaimer.
  • Type in stormfall in the Search box. Press Search File(s).
  • It will produce a log (Search.txt) on your desktop once done. Press OK once prompted and save a copy of this file elsewhere.
  • Once done, press the Search Registry button this time. Similarly, a log of the same file name will be generated for you.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
With that said, please provide me with the following on your next post:
  • Shortcut Path
  • Search.txt (Farbar Recovery Scan Tool)

  • 0

Advertisements

#26
wufreak
Posted 02 June 2014 - 05:24 PM

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

the copied path

 

C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu


  • 0

#27
wufreak
Posted 02 June 2014 - 05:29 PM

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Farbar log:

 

Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Administrator at 2014-06-02 16:36:10
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal

================== Search Registry: "stormfall" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall FM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W2]

====== End Of Search ======


  • 0

#28
Pyxis
Posted 04 June 2014 - 04:42 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
That looks like the last of it. I trust you were able to remove the shortcut successfully? :) Let me know how your system is performing while you are at it, please.
  • Step 1

    Run your copy of OTL by double-clicking it.
    • Copy and paste the following into the Custom Scans/Fixes box:
      :Commands
[CreateRestorePoint]

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall FM]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TM]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W2]

:Commands
[Reboot]

      cF4ib.png

    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)

  • 0

#29
wufreak
Posted 05 June 2014 - 01:16 PM

wufreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall FM\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TM\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW2\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W2\ not found.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 06052014_121955

  • 0

#30
Pyxis
Posted 08 June 2014 - 05:39 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

 Topic 


That did not work out so well. Could you do this instead? Reboot your computer after.
  • Step 1

    Copy and paste the content of the code box below into an empty Notepad window.
    Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall FM]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TM]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W2]
    • Save it on your desktop as Fix.reg.
    • Open the file by double-clicking it and allow it to run. You will be prompted for an action.

      TWQ4Q.png

    • Don't be afraid as it is safe. Click Yes to proceed.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP