Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan process running that slows video 5 seconds after idling [Solved

Started by wickkidda , May 26 2014 05:09 PM

This topic is locked

#1
wickkidda

Posted 26 May 2014 - 05:09 PM

Member

Member
129 posts

I ran MBAM and it found the process and ended it, and when I rebooted it was back with a different name. Here's my OTL log:

OTL logfile created on: 5/26/2014 7:00:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.61% Memory free
15.94 Gb Paging File | 13.71 Gb Available in Paging File | 85.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 123.65 Gb Free Space | 13.28% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/26 18:56:20 | 010,173,724 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\ZPWNp88WnXi.exe
PRC - [2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2014/05/24 13:59:53 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/21 13:39:10 | 001,775,808 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2013/10/15 13:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/13 11:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/09/08 18:16:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2013/07/25 12:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 13:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/20 08:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 17:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 17:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/26 18:56:20 | 010,173,724 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\ZPWNp88WnXi.exe
MOD - [2014/05/24 13:59:52 | 003,845,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/21 13:39:16 | 001,145,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/16 21:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/01 19:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 20:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 20:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 20:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 20:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 20:37:36 | 002,198,720 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/04/28 20:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/05/16 11:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 11:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 13:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/26 18:20:01 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/24 13:59:52 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/08 18:16:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 02:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/14 16:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 16:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/02/25 01:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 23:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 23:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 18:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 18:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 18:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 18:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 04:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 02:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 12:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 02:21:54 | 000,404,584 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 16:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.default-s...&tm=314&src=hmp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "default-search.net"
FF - prefs.js..browser.search.order.1: "default-search.net"
FF - prefs.js..browser.search.selectedEngine: "default-search.net"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.25
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/24 13:59:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/24 13:59:51 | 000,000,000 | ---D | M]

[2011/10/14 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/05/26 18:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2014/04/11 13:19:58 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}
[2013/09/05 02:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/05/10 20:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2014/05/26 18:57:14 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2013/11/20 10:58:36 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2014/05/21 16:19:27 | 000,533,335 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/30 21:38:20 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/13 21:22:30 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/05/09 00:21:09 | 000,552,220 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/05/24 13:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/24 13:59:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/11/19 13:01:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [CrashHandle] C:\Users\Matt\AppData\Local\Temp\RarSFX7\SystemWhileIdle.exe ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4:64bit: - HKLM..\Run: [System Idle] C:\Users\Matt\AppData\Roaming\Systems Cache\IdleServ.exe (Microsoft)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll) - File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/26 18:41:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs 2
[2014/05/25 02:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watch Dogs
[2014/05/25 02:28:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2014/05/25 02:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs
[2014/05/24 13:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/22 22:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlast
[2014/05/21 02:16:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{899BE80F-ADD3-4C38-967B-1B4B5629B33D}
[2014/05/19 18:56:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F8D4F893-D597-45A5-8A7F-FF0176899829}
[2014/05/10 13:23:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{79A89416-0584-4F76-B7AD-031B6D5487E4}
[2014/05/05 03:09:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{26691A4E-0C40-46ED-9F8F-94F02E02C185}
[2014/05/04 17:06:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\NCSOFT
[2014/05/01 22:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
[2014/05/01 22:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSOFT
[2014/05/01 22:12:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\NCSOFT
[2014/05/01 22:12:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\NCSOFT
[2014/05/01 13:59:13 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{FE93D8E7-2387-45C1-B9CF-F86AD24DA6C9}
[2014/04/28 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{12938EEF-01D2-499E-9BA5-E9CE8FBCE3C6}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/26 19:03:11 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/26 19:03:11 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/26 18:55:04 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2014/05/26 18:55:02 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2014/05/26 18:54:36 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/05/26 18:54:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/26 18:54:03 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/26 18:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 18:22:49 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/26 16:38:05 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Watch Dogs.lnk
[2014/05/23 21:40:18 | 000,000,219 | ---- | M] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | M] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/05/19 18:59:12 | 000,022,528 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 12:44:19 | 000,779,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/17 12:44:19 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/17 12:44:19 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/01 22:13:09 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\WildStar.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/26 16:38:05 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Watch Dogs.lnk
[2014/05/23 21:40:18 | 000,000,219 | ---- | C] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | C] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/05/01 22:13:09 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\WildStar.lnk
[2014/03/05 16:28:26 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2013/09/08 18:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 18:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 18:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 13:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 11:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 14:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 12:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 01:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 01:16:15 | 000,000,123 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 05:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/11/30 14:16:01 | 000,022,528 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/29 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 22:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2014/05/25 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2014/01/03 18:09:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2014/05/26 18:40:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2013/12/16 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\eBookConverter
[2013/09/10 12:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 23:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2013/09/14 21:23:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2012/04/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/06 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2014/05/01 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\NCSOFT
[2012/11/07 19:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 03:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 16:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2014/05/25 02:28:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2011/10/27 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 02:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2014/05/16 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2014/03/17 01:31:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/12/24 22:40:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2014/05/21 02:18:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 07:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG

========== Purity Check ==========

< End of report >

#2
Biscuithd

Posted 27 May 2014 - 08:05 AM

Trusted Helper

Malware Removal
2,573 posts

Hi there wickkidda, wavey.gif.pagespeed.ce.4AQn4GwL8t.gif Welcome back to the forums!
welcome.gif.pagespeed.ce.jM2aDq5TfO.gif . My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

Carefully read every post completely before doing anything.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Ok, let's get started.

I saw your posted OTL scan. You should also have a file called Extras.txt that was produced at the same time that OTL.txt was produced. I you have that, please post it. I you don't, I'll need you to re-run OTL to produce the file. And, it you're going to re-run OTL, I'd like you to do it a little differently than you did the first time. There are instructions for a Custom script below along with instructions. Do this ONLY if you can't find the Extras.txt.

Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

Simply double-click the program icon to run it. It will ask for administrator privileges.
Copy and paste the following into the Custom Scans/Fixes box:

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

Click Run Scan.
Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt.
Alternatively, you can also find these at your desktop.
Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.

#3
wickkidda

Posted 27 May 2014 - 03:47 PM

Member

Topic Starter
Member
129 posts

I saved the Extras in case you asked for it.

OTL Extras logfile created on: 5/26/2014 7:00:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 74.61% Memory free
15.94 Gb Paging File | 13.71 Gb Available in Paging File | 85.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 123.65 Gb Free Space | 13.28% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19492405-116B-4C16-8587-585F73E308CF}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F91DBED-2374-4FCD-A03D-29E7BF1CB0B0}" = lport=139 | protocol=6 | dir=in | app=system |
"{29916B2D-BFED-471A-BCF7-CCEAFA46B7CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{7BA639D5-4525-4412-B595-400268CDD28B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86BC6A55-D774-472A-A361-50AD38328947}" = lport=137 | protocol=17 | dir=in | app=system |
"{8BE488EA-40D3-49E1-8F89-88CB9D8BC486}" = rport=445 | protocol=6 | dir=out | app=system |
"{91EC6C89-8357-4A3D-905F-21F77505F410}" = rport=137 | protocol=17 | dir=out | app=system |
"{B6CB9092-C4DB-40F1-94E1-F1E8D3088B1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{BD6D2D7B-4ABA-4FF5-887A-A342FAEDF91B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB8EACE0-774D-43E3-8A3E-68FD06BAC896}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F53FF8AA-3E37-4D7D-B04B-0002EA94F0AB}" = rport=139 | protocol=6 | dir=out | app=system |
"{F7F388E5-3BFD-44AC-B535-8026CC87AB0E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15DD0FE4-707E-4AE8-A4E4-7F282AF668AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{17107CF4-4572-47EA-BF26-AC5FAF8BC67A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{1DC9102D-803F-4508-A070-4C6E7A95B33C}" = dir=out | app=c:\program files\pcreg\pcreg.exe |
"{215DB82C-9768-4286-956F-27A4B27EF01C}" = protocol=1 | dir=out | [email protected],-28544 |
"{24AF78E9-5EDB-476A-A84C-9061E8BD9FBE}" = protocol=17 | dir=in | app=c:\downloads\znes\zsnesw.exe |
"{2E22D728-F4DA-441E-A21C-F83659376975}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{3EA982F4-EEE3-4409-87DB-8788BC8DF51A}" = dir=in | app=c:\users\matt\appdata\local\temp\file_to_run5586.exe |
"{4E1C82F5-B2D5-4B9E-824E-B747F893361E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{54796DE1-55B9-4A6E-80BB-D94DBC23AA21}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{5B3D8775-6549-46B8-951E-3552025EBC10}" = dir=out | app=c:\users\matt\appdata\local\temp\file_to_run55261.exe |
"{61CC3F7C-B28E-4265-837B-5EC529162977}" = dir=in | app=c:\users\matt\appdata\local\temp\file_to_run55261.exe |
"{635F2543-E7BB-4D21-B2F3-2FE2C88D3401}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{63870CA2-469F-48BF-85EB-7F59F8110D06}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{69DC3C76-8DEA-4D46-B2F1-5929FAA049E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{6EAD8E23-C040-4148-8F9C-DD6E414A1785}" = dir=in | app=c:\program files\pcreg\pcreg.exe |
"{6F787993-06CB-42B2-868C-5B05AEF13518}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{7DFBF196-B92F-4FFF-B5F3-215ECE72993A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{813B6968-1C8D-46E9-973A-D62E4EF57F36}" = dir=in | app=c:\program files\pcreg\service.exe |
"{8641363F-2CB1-4624-9410-9539640686A4}" = dir=out | app=c:\program files\pcreg\service.exe |
"{957A40E9-5FA6-459A-9EC9-581DF4940610}" = protocol=58 | dir=out | [email protected],-28546 |
"{95D501D6-A558-43F2-AF9F-D122948B9FC6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{96AB4C54-32C5-43F7-984C-CE4FF9CD8C7F}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9CA46197-4202-41F5-8DA9-24F87F227FFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{A1B64878-CCEC-4338-9F5C-7A6AB7590103}" = dir=in | app=c:\users\matt\appdata\local\temp\speedmax.exe |
"{A54E86C2-E1D6-48E9-A68F-65A5C59608D1}" = dir=out | app=c:\users\matt\appdata\local\temp\file_to_run5586.exe |
"{AE29F816-B319-4525-AFA0-71F1D3E1526A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{B0C0E71E-269B-4E2D-9D41-4C2D8E491EF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B276A483-58B0-4E6A-AC35-D1E7DCEB1C5D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{B79C12D8-9B59-4914-A4D7-7C78F81B3A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{C058E474-E099-4A01-9483-16BA1912E20B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{C2BF8B68-41BE-4A96-9921-821AF6224B10}" = protocol=58 | dir=in | [email protected],-28545 |
"{C9B5E093-0C96-4775-820D-275CBAE1C2AF}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{D2A474E7-EABA-4FB2-A1E7-B30E93C46F80}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{D5100D08-71B3-43A3-A7E1-AAD87EB80A35}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{DCC5981C-B146-4837-BE4F-6CC67F20265D}" = protocol=1 | dir=in | [email protected],-28543 |
"{DF5D1590-F6D3-4796-934A-E0A1DE9AAD36}" = dir=in | app=c:\users\matt\appdata\local\temp\file_138362.exe |
"{E339CA18-EE3D-47D1-A014-88DA09DE1D38}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{EDFBC401-B6AB-42E9-84A7-9090D8AB1B41}" = dir=in | app=c:\users\matt\appdata\local\temp\file_3835173994.exe |
"{FD911714-7217-4581-88F4-483E39003B4C}" = protocol=6 | dir=in | app=c:\downloads\znes\zsnesw.exe |
"TCP Query User{0B9AA824-6B9A-4107-891A-C1F7767C5F28}C:\downloads\teamspeak3-server_win64-3.0.10.3\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\downloads\teamspeak3-server_win64-3.0.10.3\teamspeak3-server_win64\ts3server_win64.exe |
"TCP Query User{31526959-90E5-451C-892D-BA8FFF5BAD75}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{39C884D9-D241-4BB3-A32F-95BEAA09DF4B}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe |
"TCP Query User{7B397D50-C9AC-47C9-979C-1F8CF3B56E47}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{83CCE00B-6F7B-4B34-B0F4-ADDC7DA99C37}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{86EB689C-3411-471F-9ACC-818D8C62C25B}C:\downloads\snes\snes9x-x64.exe" = protocol=6 | dir=in | app=c:\downloads\snes\snes9x-x64.exe |
"TCP Query User{A48F28DB-D342-4835-923B-2A7F3280E089}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{A89504E4-A5F0-41A2-93A1-4A27B98B719A}C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe |
"TCP Query User{AB088312-A574-4716-B736-4F41833FD6DD}C:\downloads\znes\zsnesw.exe" = protocol=6 | dir=in | app=c:\downloads\znes\zsnesw.exe |
"TCP Query User{AD99195A-0ED3-4244-80C1-95C31580C53C}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{D69429F5-C2D8-4581-9872-4732878233C8}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe |
"TCP Query User{DCB5FBE8-CD14-4264-9632-85B3131D855A}C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe" = protocol=6 | dir=in | app=c:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe |
"TCP Query User{E4FC49B1-07AF-4CBF-9DD2-502CFB2C2D8E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{073DFB5C-DE1B-47B4-B884-6B7461C4A3AD}C:\downloads\snes\snes9x-x64.exe" = protocol=17 | dir=in | app=c:\downloads\snes\snes9x-x64.exe |
"UDP Query User{39263CBD-D557-4476-A2BE-62E78D0D001D}C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe" = protocol=17 | dir=in | app=c:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe |
"UDP Query User{5B9F035A-2EA4-40A6-80DA-C9E0343D9057}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7504A561-8E0B-419E-81BD-C2182165756D}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{9E5EC4B0-8EEA-4CD1-8FF9-67C94ED9EF49}C:\downloads\teamspeak3-server_win64-3.0.10.3\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\downloads\teamspeak3-server_win64-3.0.10.3\teamspeak3-server_win64\ts3server_win64.exe |
"UDP Query User{AD16BAA9-8D7E-4B47-A9B8-A6A53224F7E8}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base26490\sc2.exe |
"UDP Query User{AF960801-2A53-4ECA-90B9-C1E82BE9E88A}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{D34E9A59-ADFF-4B98-9659-7DFE2846CCA6}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{D3D7E09D-4356-4272-8468-AD1B3C7518A0}C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe |
"UDP Query User{D4C8C8E8-2498-48B8-83C1-97A1519CE95F}C:\downloads\znes\zsnesw.exe" = protocol=17 | dir=in | app=c:\downloads\znes\zsnesw.exe |
"UDP Query User{DAAF06BA-C304-4A13-BB59-58DCEC372B9B}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{EDAB1813-ECA0-464F-9D03-FA547C72EB41}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base28667\sc2.exe |
"UDP Query User{F91C7410-8B15-44C6-B42A-09DE84AA7C9F}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1151BCF8-3246-4E34-9C17-22E66318C41C}" = HP Photosmart 6520 series Basic Device Software
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A05D2328-5096-4748-981B-493B1D56BBEB}" = MOTU Hardware
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F144E07C-4019-4092-BE25-B57819C97D2F}" = HP Photosmart 6520 series Product Improvement Study
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PreSonus Studio One 2" = PreSonus Studio One 2 x64
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VidCoder-x64_is1" = VidCoder 1.4.25 (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}" = MorphVOX Pro
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2032DA39-C844-43AE-B638-6A4F7496686E}" = Furry Voices for Second Life
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{27D9C90F-575C-4088-85F5-6F25A24B4B2B}_is1" = Aiseesoft Streaming Video Recorder
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2CC32E0E-9A10-4BCC-94F0-614F85375F59}" = Male Voice Pack
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.25
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4B886E97-AF5B-46F0-9F48-6BE03149D972}" = Personality Voices
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50AF8559-F490-381F-A6E7-06A07DE227DC}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{573F9269-A022-4C6F-97BD-CF1316A76369}" = Creatures of Darkness
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}" = Fantasy Voice Pack
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{67CEC218-B250-4B4C-B23F-A597EC8DB153}" = Deep Space Voices
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6F2C6EC4-A386-4CAA-9C63-51FCF07A8A42}" = Translate Genius
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}" = Galactic Voices
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B10C9F10-2ED9-46BE-8B3A-EA039558E641}_is1" = Watch Dogs version 1.0
"{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}" = Belkin N600 DB USB Wireless Adapter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BC038C91-D3C6-4E43-8439-B65976FE7937}" = Sci-Fi Voice Pack
"{C39768C1-82E7-4466-8526-2D8AC44B768F}" = Translator Fun Voice Pack
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3293275-1002-41F5-BC37-099B4251FF5B}" = HP Photosmart 6520 series Help
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D947A225-8C23-4E52-866E-CF3967476BFC}" = Female Voice Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1" = Pazera Free FLV to AVI Converter 1.4
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F68B404C-0E04-337F-A132-796508EE337A}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AIM_7" = AIM 7
"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.4.7.2)
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Botanicula_is1" = Botanicula
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cisco Connect" = Cisco Connect
"Dishonored_is1" = Dishonored
"DivX Setup" = DivX Setup
"DOOM Collector's Edition" = DOOM Collector's Edition
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Fallout New Vegas_is1" = Fallout New Vegas
"FileHippo.com" = FileHippo.com Update Checker
"FL Studio 10" = FL Studio 10
"FLV Player2.0.25" = FLV Player
"Fraps" = Fraps
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GOGPACKHOTLINEMIAMI_is1" = Hotline Miami
"Gunpoint_is1" = Gunpoint
"HP Photo Creations" = HP Photo Creations
"ImTOO Movie Maker 6" = ImTOO Movie Maker 6
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"mIRC" = mIRC
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MUSHclient" = MUSHclient (remove only)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"PDFePubRMRemoval" = PDF ePub DRM Removal
"Rochard_is1" = Rochard
"Satinav" = The Dark Eye - Chains of Satinav
"Soulseek2" = SoulSeek 157 NS 13e
"South Park The Stick of Truth_is1" = South Park The Stick of Truth, âåðñèÿ 1.0
"SpeedFan" = SpeedFan (remove only)
"Steam App 105600" = Terraria
"Steam App 200710" = Torchlight II
"Steam App 550" = Left 4 Dead 2
"T3V0bGFzdA==_is1" = Outlast
"The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1" = The Elder Scrolls V Skyrim - High Resolution Texture Pack
"The Stanley Parable_is1" = The Stanley Parable
"The Swapper_is1" = The Swapper
"Torchlight II © Runic Games_is1" = Torchlight II © Runic Games version 1
"Tunngle beta_is1" = Tunngle beta
"UmF5bWFuTGVnZW5kcw==_is1" = Rayman Legends
"Uplay" = Uplay
"VirtualCloneDrive" = VirtualCloneDrive
"Warcraft III" = Warcraft III
"WildStar" = WildStar
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Xenimus" = Xenimus
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-C:/Users/Matt/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"SOE-PlanetSide 2" = PlanetSide 2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2014 11:22:16 AM | Computer Name = Matt-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 4/9/2014 11:56:28 AM | Computer Name = Matt-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 4/11/2014 12:00:08 PM | Computer Name = Matt-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 4/11/2014 1:19:11 PM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Downloads\SoftonicDownloader_for_audio-amplifier-pro.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/11/2014 1:19:14 PM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Downloads\SoftonicDownloader_for_audio-amplifier-pro.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/11/2014 1:19:19 PM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Downloads\SoftonicDownloader_for_audio-amplifier-pro.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/11/2014 1:21:17 PM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Downloads\SoftonicDownloader_for_audio-amplifier-pro.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/16/2014 6:34:27 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca54 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
time stamp: 0x50b8479b Exception code: 0xc0000002 Fault offset: 0x0000000000009e5d
Faulting
process id: 0x18f4 Faulting application start time: 0x01cf59c33c41d510 Faulting application
path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 44751ef2-c5b7-11e3-89a6-8c89a5136da5

Error - 5/4/2014 4:09:40 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 30.0.0.5231,
time stamp: 0x535f6bd8 Faulting module name: mozalloc.dll, version: 30.0.0.5231,
time stamp: 0x535f34b8 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting
process id: 0xa3c Faulting application start time: 0x01cf676b771bf547 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: 70574b05-d363-11e3-888d-8c89a5136da5

Error - 5/26/2014 5:58:05 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 30.0.0.5255,
time stamp: 0x537e7731 Faulting module name: mozalloc.dll, version: 30.0.0.5255,
time stamp: 0x537e46c7 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting
process id: 0x3adc Faulting application start time: 0x01cf792cb2046440 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: cffa8664-e520-11e3-aa17-8c89a5136da5

[ System Events ]
Error - 5/23/2014 5:16:29 PM | Computer Name = Matt-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 5/25/2014 9:46:10 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Updating Service service to connect.

Error - 5/25/2014 9:46:10 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error:   %%1053

Error - 5/26/2014 4:22:42 PM | Computer Name = Matt-PC | Source = volsnap | ID = 393251
Description = The shadow copies of volume C: were aborted because the shadow copy
storage failed to grow.

Error - 5/26/2014 6:51:31 PM | Computer Name = Matt-PC | Source = DCOM | ID = 10010
Description =

Error - 5/26/2014 6:54:13 PM | Computer Name = Matt-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:52:48 PM on ?5/?26/?2014 was unexpected.

Error - 5/26/2014 6:55:24 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 5/26/2014 6:55:24 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error:   %%1053

Error - 5/26/2014 6:55:56 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Updating Service service to connect.

Error - 5/26/2014 6:55:56 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error:   %%1053

< End of report >

#4
Biscuithd

Posted 28 May 2014 - 05:49 AM

Trusted Helper

Malware Removal
2,573 posts

Glad you had the Extras file.

Let's start by running RogueKiller and then another OTL scan.

Please download RogueKiller and and save it to your desktop.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

Now that RogueKiller is complete, please Run OTL again, but this time just do a Quick Scan.

When this is compelte post the results of both the RogueKiller scan from the text file located on your desktop and the OTL.txt (there won't be an Extras.txt this time and that's ok).

Also, let me know if there is any improvement in the computer.

Please make sure you return as there are other infections that needs to be fixed.

#5
wickkidda

Posted 28 May 2014 - 11:59 AM

Member

Topic Starter
Member
129 posts

There were two of these RK logs.

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Scan -- Date : 05/28/2014 13:43:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 5 ¤¤¤
[SUSP PATH] Runservice.exe -- C:\Windows\runservice.exe [-] -> KILLED [TermProc]
[SUSP PATH] IdleServ.exe -- C:\Users\Matt\AppData\Roaming\Systems Cache\IdleServ.exe [-] -> KILLED [TermProc]
[SUSP PATH] SystemWhileIdle.exe -- C:\Users\Matt\AppData\Local\Temp\RarSFX8\SystemWhileIdle.exe [-] -> KILLED [TermProc]
[SUSP PATH] K8BJ6tet3QX.exe -- C:\Users\Matt\AppData\Local\Temp\K8BJ6tet3QX.exe [-] -> KILLED [TermProc]
[SUSP PATH] SystemWhileIdle.exe -- C:\Users\Matt\AppData\Local\Temp\RarSFX9\SystemWhileIdle.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 47 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : System Idle (C:\Users\Matt\AppData\Roaming\Systems Cache\IdleServ.exe [-]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : CrashHandle (C:\Users\Matt\AppData\Local\Temp\RarSFX9\SystemWhileIdle.exe [-]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{8F283811-EC66-4EA4-8717-98882A73DA42} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{8F283811-EC66-4EA4-8717-98882A73DA42} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{8F283811-EC66-4EA4-8717-98882A73DA42} : NameServer (75.126.206.18,184.173.169.186 [UNITED STATES (US) - (Unknown Country?) (XX)]) -> FOUND
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\jumpflip : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchinstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\umbrella.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\volaro : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\vonteera : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroids.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroidsservice.exe : Debugger (tasklist.exe [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Remove -- Date : 05/28/2014 13:44:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 5 ¤¤¤
[SUSP PATH] Runservice.exe -- C:\Windows\runservice.exe [-] -> KILLED [TermProc]
[SUSP PATH] IdleServ.exe -- C:\Users\Matt\AppData\Roaming\Systems Cache\IdleServ.exe [-] -> KILLED [TermProc]
[SUSP PATH] SystemWhileIdle.exe -- C:\Users\Matt\AppData\Local\Temp\RarSFX8\SystemWhileIdle.exe [-] -> KILLED [TermProc]
[SUSP PATH] K8BJ6tet3QX.exe -- C:\Users\Matt\AppData\Local\Temp\K8BJ6tet3QX.exe [-] -> KILLED [TermProc]
[SUSP PATH] SystemWhileIdle.exe -- C:\Users\Matt\AppData\Local\Temp\RarSFX9\SystemWhileIdle.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 35 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : System Idle (C:\Users\Matt\AppData\Roaming\Systems Cache\IdleServ.exe [-]) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : CrashHandle (C:\Users\Matt\AppData\Local\Temp\RarSFX9\SystemWhileIdle.exe [-]) -> DELETED
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\jumpflip : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchinstaller.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchsettings.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchsettings64.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\umbrella.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\volaro : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\vonteera : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\websteroids.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\websteroidsservice.exe : Debugger (tasklist.exe [7]) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] d3f46c37a9ab7ff5b185f12a994dd2af
[BSP] 05ecf90ba81d1d4660ffc41c7cacff4f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05282014_134449.txt >>
RKreport[0]_S_05282014_134318.txt

OTL logfile created on: 5/28/2014 1:48:23 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.51% Memory free
15.94 Gb Paging File | 13.57 Gb Available in Paging File | 85.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 124.17 Gb Free Space | 13.33% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/28 13:40:34 | 003,972,608 | ---- | M] () -- C:\Users\Matt\Desktop\RogueKiller.exe
PRC - [2014/05/27 19:35:16 | 001,775,808 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2014/05/24 13:59:53 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2013/10/15 13:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/13 11:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 13:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/20 08:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 17:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 17:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/27 19:36:08 | 002,200,256 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/27 19:35:22 | 001,145,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/24 13:59:52 | 003,845,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/16 21:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/01 19:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 20:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 20:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 20:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 20:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 20:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 13:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/26 18:20:01 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/24 13:59:52 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/08 18:16:16 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 02:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/14 16:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 16:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/02/25 01:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 23:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 23:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 18:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 18:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 18:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 18:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 04:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 02:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 12:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 02:21:54 | 000,404,584 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 16:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.default-s...&tm=314&src=hmp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "default-search.net"
FF - prefs.js..browser.search.order.1: "default-search.net"
FF - prefs.js..browser.search.selectedEngine: "default-search.net"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/24 13:59:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/24 13:59:51 | 000,000,000 | ---D | M]

[2011/10/14 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/05/27 21:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2014/04/11 13:19:58 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}
[2013/09/05 02:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/05/10 20:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2014/05/26 18:57:14 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2013/11/20 10:58:36 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2014/05/27 21:07:02 | 000,533,329 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/30 21:38:20 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/13 21:22:30 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/05/09 00:21:09 | 000,552,220 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/05/24 13:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/24 13:59:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/11/19 13:01:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll) - File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/28 13:41:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
[2014/05/27 14:54:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F9C7AB47-3689-4C31-8051-CC8B1DEE4892}
[2014/05/26 18:41:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs 2
[2014/05/25 02:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watch Dogs
[2014/05/25 02:28:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2014/05/25 02:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs
[2014/05/24 13:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/22 22:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlast
[2014/05/21 02:16:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{899BE80F-ADD3-4C38-967B-1B4B5629B33D}
[2014/05/19 18:56:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F8D4F893-D597-45A5-8A7F-FF0176899829}
[2014/05/10 13:23:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{79A89416-0584-4F76-B7AD-031B6D5487E4}
[2014/05/05 03:09:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{26691A4E-0C40-46ED-9F8F-94F02E02C185}
[2014/05/04 17:06:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\NCSOFT
[2014/05/01 22:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
[2014/05/01 22:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSOFT
[2014/05/01 22:12:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\NCSOFT
[2014/05/01 22:12:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\NCSOFT
[2014/05/01 13:59:13 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{FE93D8E7-2387-45C1-B9CF-F86AD24DA6C9}
[2014/04/28 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{12938EEF-01D2-499E-9BA5-E9CE8FBCE3C6}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/28 13:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/28 13:40:34 | 003,972,608 | ---- | M] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2014/05/28 13:30:51 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/28 13:30:51 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/28 13:23:20 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2014/05/28 13:22:14 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2014/05/28 13:22:10 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/05/28 13:21:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/28 13:21:46 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 18:22:49 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/23 21:40:18 | 000,000,219 | ---- | M] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | M] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/05/19 18:59:12 | 000,022,528 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 12:44:19 | 000,779,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/17 12:44:19 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/17 12:44:19 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/01 22:13:09 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\WildStar.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/28 13:40:30 | 003,972,608 | ---- | C] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2014/05/23 21:40:18 | 000,000,219 | ---- | C] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | C] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/05/01 22:13:09 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\WildStar.lnk
[2014/03/05 16:28:26 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2013/09/08 18:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 18:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 18:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 13:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 11:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 14:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 12:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 01:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 01:16:15 | 000,000,123 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 05:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/11/30 14:16:01 | 000,022,528 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/29 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 22:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2014/05/28 05:07:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2014/01/03 18:09:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2014/05/26 18:40:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2013/12/16 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\eBookConverter
[2013/09/10 12:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 23:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2013/09/14 21:23:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2012/04/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/06 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2014/05/01 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\NCSOFT
[2012/11/07 19:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 03:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 16:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2014/05/25 02:28:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2011/10/27 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 02:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2014/05/16 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2014/03/17 01:31:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/12/24 22:40:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2014/05/21 02:18:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 07:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG

========== Purity Check ==========

< End of report >

#6
Biscuithd

Posted 29 May 2014 - 08:16 AM

Trusted Helper

Malware Removal
2,573 posts

Ok, next. Please perform the following steps.

OTL Fix

Run OTL as you did before.
Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

xotlrunfix.jpg.pagespeed.ic.wT-vY4tHzw.j

:Commands
[createrestorepoint]

:OTL
PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.default-s...&tm=314&src=hmp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
[2014/04/11 13:19:58 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}
[2013/09/05 02:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014/05/27 21:07:02 | 000,533,329 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/30 21:38:20 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/13 21:22:30 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/05/09 00:21:09 | 000,552,220 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/05/24 13:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll) - File not found
[2014/05/27 14:54:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F9C7AB47-3689-4C31-8051-CC8B1DEE4892}
[2014/05/19 18:59:12 | 000,022,528 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Files

C:\Program Files\pcreg

:commands

[resethosts]
[emptytemp]

Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.

Next, download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

Right-click on AdwCleaner.exe and select Run as administrator.
Click Scan and let the scan run.
When it finishes, click Clean, following the on screen prompts
After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Next, download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Last, re-run OTL as you have done before and this time select Quick Scan. When complete, post the results.

To summarize, please post results of the adwCleaner, Junkware Removal Tool and the OTL scan.

Also, how is the computer running?

#7
wickkidda

Posted 29 May 2014 - 01:30 PM

Member

Topic Starter
Member
129 posts

There keeps being a service.exe that wants to start every time i reboot and asks me permission and I say no. It says it's associated with Safer Search, Inc. It didn't start happening until today.

# AdwCleaner v3.211 - Report created 29/05/2014 at 15:03:33
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Users\Matt\AppData\LocalLow\DataMngr
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_audio-amplifier-pro_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_audio-amplifier-pro_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\Linkey
Key Deleted : HKLM\Software\SystemK
Key Deleted : [x64] HKLM\SOFTWARE\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "default-search.net");
Line Deleted : user_pref("browser.search.order.1", "default-search.net");
Line Deleted : user_pref("browser.search.selectedEngine", "default-search.net");

[ File : C:\Users\Matt2\AppData\Roaming\Mozilla\Firefox\Profiles\sf0i1fpi.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [25242 octets] - [17/11/2013 11:28:40]
AdwCleaner[R1].txt - [6627 octets] - [29/05/2014 14:37:27]
AdwCleaner[S0].txt - [25657 octets] - [17/11/2013 11:29:43]
AdwCleaner[S1].txt - [5723 octets] - [29/05/2014 15:03:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5783 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Matt on Thu 05/29/2014 at 15:10:51.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\getrighttogo"
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{008E43EE-1832-40F6-B15E-75C3C3F558F9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{013414C8-47E7-4D9E-A6EC-8E6C65D5B2CC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{084621CD-6F9C-4570-8AF6-DAB9EA854A73}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{10A6EC1A-CC6B-457F-8250-67B29892FD91}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1117B3CD-3B56-4084-967F-E0430C1153E3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{12938EEF-01D2-499E-9BA5-E9CE8FBCE3C6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{12EC71E1-54B7-412E-B4F3-D18E567986B6}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1428A856-C0BB-4465-9A9F-F35CA0F3BA84}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{143D33F8-DEBD-47F7-B4D5-370E028262B5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{17716D6E-748C-49C9-BF6F-48A31A54B07B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1C6DA230-AB72-4E19-B961-2FE0B4A7B422}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1CB3280C-EAE1-42B9-B2F3-93C2F4A4BA02}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1E4B5543-47D2-48F6-93C6-684904A6AFDF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1E782067-E39C-4F6D-BFB4-B932FA5DB7EE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{20317F98-AFA0-4DC9-8D94-04A1DCD397C8}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{226B3F6C-FB4A-4DC5-A7E9-EE2C615D7E9D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{24549382-F95C-4CAA-A08A-5EF778766A81}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2507D675-0598-450F-8A7B-764050C2533C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{257F96A5-C8DA-4776-910C-B2818315F204}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{26027988-C99A-4125-ABF2-816DEDD90DEC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{263E7851-A74B-429C-B534-ED89BF4FB83E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{26691A4E-0C40-46ED-9F8F-94F02E02C185}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2715482C-C13C-4ABF-B23A-51188210C1FB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2746EECA-174D-49D9-8E2A-DF4AF7BBAF79}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{299794ED-ED81-4D95-BEFD-ABBF44476D33}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2E77976F-9301-435B-8853-9371BE9B272F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{2F440736-CB9A-45B3-9A41-A848E49BC1CB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3340BB36-6224-43CD-AD8B-C79B918B5753}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{34242874-30AA-4580-8873-D7490B7FB4E7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{357B455C-C4BE-425F-BA8E-A64B4636DD44}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3ABE7F9F-71B5-4DB2-A11A-1EE5892D6D3A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3C2DCFF3-F6B2-459D-9AD0-8E4FD6E6E9D3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3C64495E-D37A-48BB-AC6A-D72471ADB6D5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3CABD24F-1ED9-4604-8806-74D78E01CFE5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{3E5B7CE4-F5FF-46CE-BAC4-1E3298A8025A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{40B2D5FD-8AAC-4F1E-B789-AA20171C6E34}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{41D6D94A-6A38-47CB-8111-0C22A3DF042B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{420BFF64-4D59-41C2-8052-A1A16972814A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{42FA5630-9CFD-49DA-A0CA-A358A37ABAB7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{433AC59E-DE3D-419E-8888-4FC87D4FEA40}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{45857251-8C84-4B68-AA9E-5BD55C7ED44F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4778D037-4CAA-4AE6-8811-4752F0EA5926}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{480C6A0D-FA76-4CF5-AB4B-5D6E1C415227}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{49C6F7BA-6AC7-49D2-B170-19D2E8BE8D15}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{49D5445D-49AC-4E72-810E-D9B6BCEDB163}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4C3CBC5F-5E90-43B1-BFCE-264D91EDD1AF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4CC9F0BA-F1D0-477E-8383-0047E892B20F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4CD4254D-BB9D-45A9-A017-94F05D7C4AED}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4EBBF4CF-8818-4055-8C67-FCA2557E6321}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{53ADADDD-17FB-4943-8324-D3B42482888F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5654C6C5-EAB3-41D7-BD19-F1F54D4883ED}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5DB3F8EB-218C-424B-8E02-072E163FB48C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5F9883C2-3446-4522-A518-99D922E749EE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5F99D20D-4182-4EF5-B200-7EAAB3AC6376}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6136CA08-D1EB-440F-81F5-CA2AEAA3C4FA}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{613DF3A5-4AF2-4DB4-95D9-27CD2F063F8A}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{627ACBC8-A5CA-4352-AC7F-69E1559DC75C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6473BE95-64D3-4559-8665-C0F0CE4AA0DA}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{66D7853E-38AA-432B-9F61-5EAD1C791DCC}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{66D94186-170C-46C8-81A9-77451562F3ED}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{686CB409-3357-4F1B-B63F-0451164120DD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{69E76E4E-7BBB-4610-BF87-FFBEB9D7CA54}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6C9F1C65-8A42-4BA2-9115-8947B3ECC600}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6CFF9D8F-EAFA-498D-991E-3571AF80D43B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{71181EB9-ED07-4764-B2EA-68E196329565}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{73A5F569-48F3-4669-93A4-658C2DE7C123}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{76A99B7B-652F-4276-AEFB-2495126C8EC1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{781B97F4-C2E8-4192-A181-F9917C00C755}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7903F5BF-7E3D-4719-8545-DE7D13FE6A0B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7931FF2D-05ED-4C8E-A358-2489E11A006B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{79A89416-0584-4F76-B7AD-031B6D5487E4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7C77156C-ECF0-4C32-9498-6414392198CF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{7D977FED-316F-4C5A-B617-A0BEBCA9667F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{80F8D785-FEF0-4754-B249-96FDB420A35B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8107CA67-21A9-44F5-A77E-5AC3028D1891}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{82897DB6-6C56-431A-B6E9-640B261910D7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8469AD3F-44CB-417B-B6DB-6BC85539EC1B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{877DDC0D-6EF9-4116-830D-ABABAAC5A460}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{88D50D21-C9F6-4EDD-8CDC-B01E248E95D4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{893B1C0E-1863-4899-980C-5026AC13B166}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{899BE80F-ADD3-4C38-967B-1B4B5629B33D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{8F18512B-8032-4D2F-B611-F073B4DCCF51}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{90A34355-ACBE-4415-9056-E290EB1F1290}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{93021E05-23A7-46A7-AED9-5661F109D99B}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{932153D0-EBAF-47C9-A45D-DF724FD02715}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{93BA48A7-E7C9-4B45-A52F-7338CBFB5658}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{958EA3D8-A441-47AF-8D11-748133081C3E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9BC83467-8E59-41B8-AE99-DC99BF0231CF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{9EFCB2AA-337F-4E96-91EE-0F32DB5515A3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A21C7469-346E-4266-A299-90B4EC0AE65D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A5BF769E-AA73-4A26-A298-0A88A62E8051}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A67D1ABA-FC4A-4912-9FEB-41B733A814D7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A859A87B-50C2-45E8-B19F-660F85E98F36}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{A8ADC3E5-115B-4A65-835D-8B317E81EB21}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{AE5EF116-1F8B-4013-BB08-74280356F82C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B520AA7A-76D6-49F3-A63F-FD94254B63B1}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{B60E2734-BA3D-4A4F-82BB-07226E2D61FB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CD28535B-59EC-402C-A1B9-6D5762C50F55}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{CDE437F5-38AB-4224-B08A-EE1D194ECB71}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D8EE18BD-867F-4B3C-B1AE-908495CF285F}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DB951C1C-4DA4-44DA-897A-5A1B65C68E7C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DC0C8DDB-DAE2-49B6-A00B-B1BE76B808C3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{DC47004E-D3C7-4E71-AED7-94904E3920E3}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E75E809B-5E1A-4F96-8D82-C0F2BA9347CF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E79117DD-C8FA-4FD7-AC06-E0FD07E46F48}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{EB87787E-37D8-492A-AD29-987A851956AA}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F2995B20-228E-47B9-9CCE-1B132007F2E2}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F3B923BA-48DD-4B19-8558-767BE7C7CF3E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F8D4F893-D597-45A5-8A7F-FF0176899829}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F9136735-1FCA-44E0-A165-C2E6795381CF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F9C7AB47-3689-4C31-8051-CC8B1DEE4892}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FA2633AE-E618-451D-97C0-99AC40FA7AD9}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FBD7D782-A51D-4470-9D6F-C864ABD989DF}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FC86B582-E85A-49B4-8873-7FB8D85E51EB}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FCA45A65-67DA-42EF-BBB4-79AEF51EE7B2}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FE93D8E7-2387-45C1-B9CF-F86AD24DA6C9}

~~~ FireFox

Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\07udyna9.default\minidumps [251 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/29/2014 at 15:14:47.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 5/29/2014 3:21:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 72.35% Memory free
15.94 Gb Paging File | 13.60 Gb Available in Paging File | 85.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 122.97 Gb Free Space | 13.20% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/05/29 13:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/28 17:07:57 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2013/10/15 13:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 11:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 11:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/09/08 18:16:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 13:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/20 08:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 17:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 17:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/29 13:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 13:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/28 17:07:56 | 003,850,864 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/16 21:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/01 19:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 20:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 20:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 20:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 20:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 20:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 13:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/28 17:07:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/26 18:20:01 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/08 18:16:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 02:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/14 16:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 16:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/02/25 01:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 23:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 23:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 18:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 18:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 18:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 18:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 04:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 02:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 12:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 02:21:54 | 000,404,584 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 16:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/28 17:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/28 17:07:55 | 000,000,000 | ---D | M]

[2011/10/14 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/05/27 21:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2014/04/11 13:19:58 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}
[2013/09/05 02:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/05/10 20:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2014/05/26 18:57:14 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2013/11/20 10:58:36 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2014/05/27 21:07:02 | 000,533,329 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/30 21:38:20 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/13 21:22:30 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/05/09 00:21:09 | 000,552,220 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/05/28 17:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/28 17:07:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/05/29 14:16:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/29 15:10:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/29 15:10:20 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/05/29 14:37:42 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/29 14:16:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/28 17:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/28 13:41:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
[2014/05/26 18:41:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs 2
[2014/05/25 02:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watch Dogs
[2014/05/25 02:28:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2014/05/25 02:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs
[2014/05/22 22:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlast
[2014/05/04 17:06:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\NCSOFT
[2014/05/01 22:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
[2014/05/01 22:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSOFT
[2014/05/01 22:12:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\NCSOFT
[2014/05/01 22:12:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\NCSOFT

========== Files - Modified Within 30 Days ==========

[2014/05/29 15:12:20 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/29 15:12:20 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/29 15:10:21 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/05/29 15:05:03 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2014/05/29 15:04:36 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2014/05/29 15:04:33 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/05/29 15:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/29 15:04:23 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/29 14:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/29 14:36:29 | 001,327,971 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/05/29 14:16:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/05/28 13:40:34 | 003,972,608 | ---- | M] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 18:22:49 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/23 21:40:18 | 000,000,219 | ---- | M] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | M] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/05/19 18:59:12 | 000,022,528 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 12:44:19 | 000,779,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/17 12:44:19 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/17 12:44:19 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/01 22:13:09 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\WildStar.lnk

========== Files Created - No Company Name ==========

[2014/05/29 14:36:27 | 001,327,971 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/05/28 13:40:30 | 003,972,608 | ---- | C] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2014/05/23 21:40:18 | 000,000,219 | ---- | C] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | C] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/05/01 22:13:09 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\WildStar.lnk
[2014/03/05 16:28:26 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2013/09/08 18:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 18:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 18:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 13:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 11:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 14:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 12:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 01:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 01:16:15 | 000,000,123 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 05:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/11/30 14:16:01 | 000,022,528 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/29 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 22:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2014/05/28 05:07:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2014/01/03 18:09:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2014/05/26 18:40:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2013/12/16 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\eBookConverter
[2013/09/10 12:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 23:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2012/04/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/06 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2014/05/01 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\NCSOFT
[2012/11/07 19:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 03:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 16:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2014/05/25 02:28:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2011/10/27 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 02:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2014/05/16 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2014/03/17 01:31:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/12/24 22:40:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2014/05/21 02:18:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 07:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG

========== Purity Check ==========

< End of report >

Edited by wickkidda, 29 May 2014 - 01:30 PM.

#8
Biscuithd

Posted 30 May 2014 - 12:30 PM

Trusted Helper

Malware Removal
2,573 posts

Hi wickkidda,

First, I noticed that you edited a previous post. Please refrain from editing posts, it becomes quite difficult for me to navigate. If you need to correct something, feel free to make a second post and tell me what the correction is or whatever the additional information is.

I have an additional OTL fix for you. There were a few things I missed in the first fix and I suspect that the Services.exe issue you mentioned might clear up. If not, be sure to let me know.

Please perform the following steps.

OTL Fix

Run OTL as you did before.
Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

xotlrunfix.jpg.pagespeed.ic.wT-vY4tHzw.j

Quote

:Commands
[createrestorepoint]

:OTL
PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
[2013/09/05 02:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

:Files

C:\Program Files\pcreg

:commands

[resethosts]
[emptytemp]

Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.

This time I'd like you to post back the fix log (different than last time).

The log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

#9
wickkidda

Posted 30 May 2014 - 01:07 PM

Member

Topic Starter
Member
129 posts

How does it make it difficult for you to navigate? All I edited was a grammar mistake I made.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <    :OTL> in the current context!
Error: Unable to interpret <    PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe> in the current context!
Error: Unable to interpret <    SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)> in the current context!
Error: Unable to interpret <    O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()> in the current context!
Error: Unable to interpret <    O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()> in the current context!
Error: Unable to interpret <    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <    FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15> in the current context!
Error: Unable to interpret <    FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2> in the current context!
Error: Unable to interpret <    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26> in the current context!
Error: Unable to interpret <    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0> in the current context!
Error: Unable to interpret <    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found> in the current context!
Error: Unable to interpret <    FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found> in the current context!
Error: Unable to interpret <    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found> in the current context!
Error: Unable to interpret <    [2013/09/05 02:47:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}> in the current context!
Error: Unable to interpret <    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <    O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <    O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found> in the current context!
Error: Unable to interpret <    O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found> in the current context!
Error: Unable to interpret <    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found> in the current context!
Error: Unable to interpret <    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)> in the current context!
Error: Unable to interpret <    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)> in the current context!
Error: Unable to interpret <    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)> in the current context!
Error: Unable to interpret <    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found> in the current context!
Error: Unable to interpret <    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found> in the current context!
Error: Unable to interpret <    :Files > in the current context!
Error: Unable to interpret <    C:\Program Files\pcreg> in the current context!
Error: Unable to interpret <    :commands> in the current context!
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 2205900 bytes
->Temporary Internet Files folder emptied: 2815864 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 372648764 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3317 bytes

User: Matt2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 360.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05302014_145945

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#10
Biscuithd

Posted 30 May 2014 - 01:16 PM

Trusted Helper

Malware Removal
2,573 posts

How does it make it difficult for you to navigate? All I edited was a grammar mistake I made.

I'm glad you asked! Imagine me reading your post and analyzing your log(s). I come back and maybe I notice that you've done and edit, but more likely I don't. If I do notice, then I have to look and look to see what changed. Often an very laborious process, with little upside. If I don't notice, then we have an issue because I've missed something you want me to see.

Now, if you need to make a change to your post, and instead of editing, you make a new post. I get an email and an update telling me that you posted. I can then look at your post and read "why" you made a change, because I'm sure you'd update me as to what changed. And, if you don't, I'll know to ask. If you only edit a post, I don't get notified.

#11
wickkidda

Posted 30 May 2014 - 03:05 PM

Member

Topic Starter
Member
129 posts

Ok, what's next?

#12
Biscuithd

Posted 30 May 2014 - 03:08 PM

Trusted Helper

Malware Removal
2,573 posts

Be patient with me. I've got an error in my script and what I'm giving you isn't working.

#13
Biscuithd

Posted 31 May 2014 - 09:02 AM

Trusted Helper

Malware Removal
2,573 posts

fix.txt 2.32KB 169 downloads

Sorry for the delay, but I'm still having trouble with my posts. However, in order to not hold up your fix any longer, I've created the fix in a text file. Locate the file called fix.txt. I think you should see in in the upper left of this post. Open it (hopefully it will default to Notepad on your machine), select the entire contents and paste it into OTL as you've done in the past and then

Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.

This time I'd like you to post back the fix log (different than last time).

The log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Again, sorry for the delay

#14
wickkidda

Posted 31 May 2014 - 12:17 PM

Member

Topic Starter
Member
129 posts

That broke my internet. I had to use system restore to connect again. And I kept getting an error about BitDefender Threat Scanner, a .dmp file in the Windows/TEMP folder. The error kept popping up after I clicked OK.

This is probably the log of what happened. Of course this is all reversed now since I used the restore point afterwards.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <

> in the current context!
========== OTL ==========
Process pcreg.exe killed successfully!
Service pcregservice stopped successfully!
Service pcregservice deleted successfully!
C:\Program Files\pcreg\pcreg.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg deleted successfully.
C:\Program Files\pcreg\service.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg deleted successfully.
File C:\Program Files\pcreg\service.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15 removed from extensions.enabledAddons
Prefs.js: adblockpopups%40jessehakanen.net:0.9.2 removed from extensions.enabledAddons
Prefs.js: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0 removed from extensions.enabledAddons
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ deleted successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}\defaults\preferences folder moved successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}\defaults folder moved successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}\chrome folder moved successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Block This Image (ABP)\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Block This Image (ABP)\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 120608 bytes
->Temporary Internet Files folder emptied: 5442976 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 372951170 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3979 bytes

User: Matt2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8232 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 361.00 mb

Error: Unable to interpret <

> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 05312014_135719

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...