Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

sm.exe [Closed]

Started by zer0range , Oct 04 2014 06:31 PM

  • This topic is locked This topic is locked

#1
zer0range
Posted 04 October 2014 - 06:31 PM

zer0range

    New Member

  • Member
  • Pip
  • 2 posts

I recently did a clean install of Windows 7 on my new computer. Everything is working fine, except I have a popup every now and then of something saying that C:/Mycomputername/Users/Appdata/Local/Temp/Install_#####/sm.exe can't be accessed because I don't have administrator rights. At the same time, MSE pops up saying that there is no problem and no action was taken.

 

Thanks for your time!

 

Below is my OTL log:

 

OTL logfile created on: 10/4/2014 2:27:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Whoresair\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.40% Memory free
15.89 Gb Paging File | 13.57 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.59 Gb Total Space | 17.47 Gb Free Space | 24.74% Space Free | Partition Type: NTFS
Drive D: | 500.00 Gb Total Space | 472.15 Gb Free Space | 94.43% Space Free | Partition Type: NTFS
 
Computer Name: WHORESAIR-PC | User Name: Whoresair | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/04 14:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Whoresair\Downloads\OTL.exe
PRC - [2014/09/22 18:07:06 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/18 18:10:32 | 001,723,856 | ---- | M] (Micro-Star International) -- C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
PRC - [2014/09/18 14:58:10 | 003,476,432 | ---- | M] (Micro-Star International) -- C:\Program Files (x86)\MSI\Live Update\Live Update.exe
PRC - [2014/09/16 16:11:37 | 002,461,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/09/16 16:11:26 | 001,796,928 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/09/13 10:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/08/19 14:14:10 | 001,992,192 | ---- | M] () -- C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
PRC - [2014/08/13 20:10:58 | 000,029,648 | ---- | M] (Micro-Star International) -- C:\MSI\Smart Utilities\SuperRAIDSvc.exe
PRC - [2014/07/22 17:18:10 | 001,014,736 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/17 15:59:50 | 000,162,800 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
PRC - [2013/09/26 13:39:36 | 000,030,240 | ---- | M] (MICRO-STAR INTERNATIONAL CO., LTD.) -- C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
PRC - [2013/09/16 09:20:16 | 000,390,616 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/09/16 09:20:10 | 000,169,432 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/08/16 15:59:38 | 000,711,680 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
PRC - [2013/04/25 16:25:54 | 000,292,848 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/10/26 10:07:34 | 000,103,992 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/27 20:17:45 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6657652a424542e98456c28a364af3f3\PresentationFramework.Classic.ni.dll
MOD - [2014/09/27 20:17:33 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4b6559c37c2745b865dad63c6d17ae4e\PresentationFramework.ni.dll
MOD - [2014/09/27 20:17:27 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll
MOD - [2014/09/27 20:17:24 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll
MOD - [2014/09/27 20:17:21 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll
MOD - [2014/09/27 20:17:19 | 012,236,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b257f78ec0ec4e36de8ef43ab38ca0ad\PresentationCore.ni.dll
MOD - [2014/09/27 20:17:14 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4c4507612d22786d45594a65a0213c1f\WindowsBase.ni.dll
MOD - [2014/09/27 20:17:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll
MOD - [2014/09/27 20:17:11 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/22 18:07:05 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppgooglenaclpluginchrome.dll
MOD - [2014/09/22 18:07:04 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
MOD - [2014/09/22 18:07:02 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
MOD - [2014/09/22 18:06:58 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
MOD - [2014/09/22 18:06:56 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
MOD - [2014/09/22 18:06:55 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/27 19:53:18 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/16 16:11:26 | 001,149,760 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/09/16 16:11:22 | 019,440,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/01/22 15:15:16 | 000,344,576 | ---- | M] (Qualcomm Atheros) [Auto | Running] -- C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe -- (Qualcomm Atheros Killer Service V2)
SRV:64bit: - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/26 19:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/09/22 18:32:08 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/09/18 18:10:32 | 001,723,856 | ---- | M] (Micro-Star International) [Auto | Running] -- C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe -- (MSI_LiveUpdate_Service)
SRV - [2014/09/16 16:11:26 | 001,796,928 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/09/13 10:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/09/01 15:18:04 | 002,242,560 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe -- (MSIDDR_CC)
SRV - [2014/08/27 12:32:08 | 004,156,928 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe -- (MSICPU_CC)
SRV - [2014/08/19 14:14:10 | 001,992,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe -- (MSICTL_CC)
SRV - [2014/08/13 20:10:58 | 000,029,648 | ---- | M] (Micro-Star International) [Auto | Running] -- C:\MSI\Smart Utilities\SuperRAIDSvc.exe -- (SuperRAIDSvc)
SRV - [2014/08/13 17:23:40 | 000,550,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe -- (MSISuperIO_CC)
SRV - [2014/07/28 17:00:20 | 002,118,144 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\MSICommService.exe -- (MSICOMM_CC)
SRV - [2014/07/28 14:13:52 | 002,063,360 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe -- (MSISMB_CC)
SRV - [2014/06/06 18:07:52 | 004,026,368 | ---- | M] (MSI) [On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe -- (MSIClock_CC)
SRV - [2014/06/04 10:56:42 | 002,100,736 | ---- | M] (MSI) [On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe -- (MSIBIOSData_CC)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 12:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/17 15:59:50 | 000,162,800 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2014/03/13 14:13:06 | 000,020,512 | -H-- | M] (Micro-Star Int'l Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe -- (GamingApp_Service)
SRV - [2013/09/26 13:39:36 | 000,030,240 | ---- | M] (MICRO-STAR INTERNATIONAL CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe -- (MSI_Trigger_Service)
SRV - [2013/09/16 09:20:16 | 000,390,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/16 09:20:10 | 000,169,432 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/01/02 17:11:16 | 000,171,632 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/10/26 10:07:34 | 000,103,992 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe -- (MSI_FastBoot)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/04 13:53:14 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/09/16 18:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/09/16 16:11:21 | 000,020,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/09/04 09:14:38 | 000,038,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/11/25 17:13:16 | 000,082,232 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asstor64.sys -- (asstor64)
DRV:64bit: - [2013/11/08 09:42:24 | 000,080,080 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2013/09/30 16:26:50 | 000,019,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/09/30 16:26:48 | 000,012,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013/09/16 09:20:12 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/05/30 05:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/04/25 16:24:58 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/04/25 16:24:56 | 000,786,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/04/25 16:24:56 | 000,368,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/03/20 15:46:40 | 000,154,320 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22W7x64.sys -- (Ke2200)
DRV:64bit: - [2013/01/19 00:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 17:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 17:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 17:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/11/23 14:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 14:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/17 13:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/03/17 18:25:28 | 000,013,808 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\MSI\Smart Utilities\NTIOLib_X64.sys -- (NTIOLib_MSI_RAID)
DRV - [2012/11/26 18:13:14 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys -- (NTIOLib_MSIDDR_CC)
DRV - [2012/11/20 16:13:06 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys -- (NTIOLib_MSIClock_CC)
DRV - [2012/11/19 12:40:10 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys -- (NTIOLib_MSISMB_CC)
DRV - [2012/11/19 12:39:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys -- (NTIOLib_MSICOMM_CC)
DRV - [2012/11/19 12:39:34 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys -- (NTIOLib_MSISuperIO_CC)
DRV - [2012/10/26 09:56:46 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys -- (NTIOLib_FastBoot)
DRV - [2012/10/25 19:45:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2010/10/22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: No name found = C:\Users\Whoresair\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Whoresair\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.5_0\
CHR - Extension: No name found = C:\Users\Whoresair\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca\0.28_0\
CHR - Extension: No name found = C:\Users\Whoresair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MBCfg64] C:\Windows\SysNative\MBCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Command Center] C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe ()
O4 - HKLM..\Run: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe ()
O4 - HKLM..\Run: [Live Update] C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Micro-Star International)
O4 - HKLM..\Run: [Sound Blaster Cinema] C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Super Charger] C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe (MSI)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found
O4 - HKCU..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{889C3471-AA5A-4255-8D9E-624E5A1FA729}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/04 11:28:21 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/04 11:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/04 11:28:08 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/10/04 11:28:08 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/10/04 11:28:08 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/10/04 11:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/02 19:54:40 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Roaming\TS3Client
[2014/10/02 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2014/10/01 19:59:36 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\Documents\ArcheAge
[2014/10/01 19:59:36 | 000,000,000 | ---D | C] -- C:\ArcheAge
[2014/10/01 13:52:25 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Glyph
[2014/10/01 13:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Glyph
[2014/09/30 09:29:40 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/09/30 09:29:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/29 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/09/29 22:25:15 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Installer
[2014/09/29 22:25:00 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\CrashRpt
[2014/09/29 20:00:55 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Funcom
[2014/09/29 20:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2014/09/29 13:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Files
[2014/09/28 21:08:14 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\qBittorrent
[2014/09/28 21:08:08 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Roaming\qBittorrent
[2014/09/28 21:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
[2014/09/28 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qBittorrent
[2014/09/28 12:55:26 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Roaming\Arrowhead
[2014/09/28 12:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/09/28 04:48:51 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/09/28 04:48:36 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/09/28 04:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2014/09/28 04:48:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2014/09/28 04:48:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/09/28 04:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA
[2014/09/28 04:47:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/09/28 04:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
[2014/09/28 04:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm
[2014/09/28 04:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm Atheros
[2014/09/28 04:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2014/09/28 04:46:49 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2014/09/28 04:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/09/28 04:46:46 | 000,000,000 | ---D | C] -- C:\Intel
[2014/09/28 04:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI
[2014/09/28 04:46:03 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Programs
[2014/09/28 04:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/09/28 04:44:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/09/28 04:43:43 | 000,000,000 | ---D | C] -- C:\MSI
[2014/09/28 04:42:59 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/09/28 04:42:59 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Searches
[2014/09/28 04:42:59 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/09/28 04:42:59 | 000,000,000 | -H-D | C] -- C:\Users\Whoresair\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/09/28 04:42:54 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Roaming\Identities
[2014/09/28 04:42:53 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Contacts
[2014/09/28 04:42:52 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\VirtualStore
[2014/09/28 04:42:51 | 000,000,000 | --SD | C] -- C:\Users\Whoresair\AppData\Roaming\Microsoft
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Videos
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Saved Games
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Pictures
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Music
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Links
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Favorites
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Downloads
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Documents
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\Desktop
[2014/09/28 04:42:51 | 000,000,000 | R--D | C] -- C:\Users\Whoresair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\AppData\Local\Temporary Internet Files
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\Templates
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\Start Menu
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\SendTo
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\Recent
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\PrintHood
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\NetHood
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\Documents\My Videos
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\Documents\My Pictures
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\Documents\My Music
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\My Documents
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\Local Settings
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\AppData\Local\History
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\Cookies
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\Application Data
[2014/09/28 04:42:51 | 000,000,000 | -HSD | C] -- C:\Users\Whoresair\AppData\Local\Application Data
[2014/09/28 04:42:51 | 000,000,000 | -H-D | C] -- C:\Users\Whoresair\AppData
[2014/09/28 04:42:51 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Temp
[2014/09/28 04:42:51 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Microsoft
[2014/09/28 04:42:51 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Roaming\Media Center Programs
[2014/09/28 04:42:49 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/09/28 04:42:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/09/28 03:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/09/28 03:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/09/28 02:39:04 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014/09/28 01:39:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/09/28 01:39:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/09/27 22:15:48 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Skype
[2014/09/27 22:15:47 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Roaming\Skype
[2014/09/27 22:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/09/27 22:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/09/27 22:15:44 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/09/27 22:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/09/27 20:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/09/27 20:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/09/27 20:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2014/09/27 20:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014/09/27 20:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2014/09/27 20:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1
[2014/09/27 20:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2014/09/27 20:26:21 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Logitech
[2014/09/27 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/09/27 20:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2014/09/27 20:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/09/27 20:26:01 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Roaming\Logitech
[2014/09/27 20:26:01 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Roaming\Logishrd
[2014/09/27 20:22:48 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\NVIDIA Corporation
[2014/09/27 20:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014/09/27 20:20:19 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\NVIDIA
[2014/09/27 20:20:17 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Roaming\Adobe
[2014/09/27 20:12:12 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/09/27 20:01:45 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/09/27 19:25:00 | 000,000,000 | -H-D | C] -- C:\SuperChargerProfile
[2014/09/27 19:24:55 | 000,000,000 | -H-D | C] -- C:\MSIServiceCfg_CC
[2014/09/27 19:24:55 | 000,000,000 | -H-D | C] -- C:\msiFastBoot
[2014/09/27 19:24:45 | 002,101,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/09/27 19:24:43 | 002,770,976 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/09/27 19:24:43 | 002,041,432 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/09/27 19:24:43 | 001,063,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/09/27 19:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/09/27 19:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/09/27 19:09:42 | 000,073,872 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/09/27 19:09:42 | 000,060,560 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/09/27 19:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014/09/27 19:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/09/27 19:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/09/27 19:07:50 | 000,011,248 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\acpimof.dll
[2014/09/27 19:07:49 | 000,000,000 | ---D | C] -- C:\MSILU
[2014/09/27 18:56:25 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Creative
[2014/09/27 18:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
[2014/09/27 18:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2014/09/27 18:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/09/27 18:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2014/09/27 18:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/09/27 18:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/09/27 18:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/09/27 18:52:33 | 000,000,000 | ---D | C] -- C:\Users\Whoresair\AppData\Local\Google
[2014/09/27 18:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/09/27 18:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2014/09/27 18:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2014/09/27 18:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2014/09/27 18:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/09/27 18:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/09/27 18:49:37 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/09/27 18:49:37 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/09/27 18:49:37 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/09/27 18:49:37 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/09/27 18:49:29 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/09/27 18:49:29 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/09/27 18:49:29 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/09/27 18:49:29 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/09/27 18:49:29 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/09/27 18:49:28 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/04 14:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/04 13:53:14 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/04 13:34:36 | 000,028,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/04 13:34:36 | 000,028,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/04 11:38:32 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/04 11:38:32 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/04 11:38:32 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/04 11:33:38 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/04 11:32:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/02 19:54:38 | 000,000,620 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2014/10/02 10:07:49 | 000,281,425 | ---- | M] () -- C:\Users\Whoresair\Desktop\recent activity.jpg
[2014/09/28 04:47:53 | 000,002,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
[2014/09/28 03:01:16 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/28 01:40:58 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/09/28 01:40:58 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/09/27 20:46:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/27 20:13:04 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/27 19:53:18 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/09/27 19:53:18 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/09/27 18:56:46 | 000,002,283 | ---- | M] () -- C:\Users\Whoresair\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/27 18:54:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2014/09/27 18:53:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2014/09/27 18:53:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/09/27 18:52:12 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2014/09/13 13:48:03 | 000,073,872 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/09/13 13:48:03 | 000,060,560 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/09/13 13:48:03 | 000,026,956 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/09/11 05:37:55 | 003,961,833 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/02 19:54:38 | 000,000,620 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2014/10/02 10:07:49 | 000,281,425 | ---- | C] () -- C:\Users\Whoresair\Desktop\recent activity.jpg
[2014/09/28 04:47:53 | 000,002,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
[2014/09/28 04:45:48 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/28 04:43:00 | 000,001,417 | ---- | C] () -- C:\Users\Whoresair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/09/28 04:42:51 | 000,000,290 | ---- | C] () -- C:\Users\Whoresair\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/09/28 04:42:51 | 000,000,272 | ---- | C] () -- C:\Users\Whoresair\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/09/28 01:40:54 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/09/28 01:40:54 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014/09/27 20:46:45 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/09/27 20:46:42 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/09/27 20:30:26 | 003,050,808 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe
[2014/09/27 20:30:26 | 000,019,152 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys
[2014/09/27 20:30:26 | 000,012,504 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys
[2014/09/27 19:53:18 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/09/27 19:53:18 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/09/27 19:24:57 | 000,000,000 | ---- | C] () -- C:\RAMDiskImage.img
[2014/09/27 19:24:44 | 001,277,681 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/09/27 19:18:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/09/27 19:09:48 | 003,961,833 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/09/27 18:54:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2014/09/27 18:53:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2014/09/27 18:53:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/09/27 18:53:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/09/27 18:52:38 | 000,002,283 | ---- | C] () -- C:\Users\Whoresair\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/27 18:52:33 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/27 18:52:33 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/27 18:52:14 | 000,008,570 | ---- | C] () -- C:\Windows\SysNative\MBCfg64.ini
[2014/09/27 18:52:14 | 000,008,570 | ---- | C] () -- C:\Windows\SysWow64\MBCfg32.ini
[2014/09/27 18:52:14 | 000,005,856 | ---- | C] () -- C:\Windows\SysNative\MBCfgUninstall64.ini
[2014/09/27 18:52:14 | 000,005,856 | ---- | C] () -- C:\Windows\SysWow64\MBCfgUninstall32.ini
[2014/09/27 18:52:14 | 000,002,835 | ---- | C] () -- C:\Windows\MBCfg_SP_APOIM.ini
[2014/09/27 18:52:14 | 000,002,783 | ---- | C] () -- C:\Windows\MBCfg_APOIM.ini
[2014/09/27 18:52:14 | 000,002,747 | ---- | C] () -- C:\Windows\MBCfg_HP_APOIM.ini
[2014/09/27 18:52:12 | 000,325,120 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2014/09/27 18:52:12 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2014/09/27 18:52:12 | 000,089,600 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2014/09/27 18:52:12 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2014/09/27 18:52:12 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013/08/27 14:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 18:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 16:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 15:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 15:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 15:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/28 12:55:26 | 000,000,000 | ---D | M] -- C:\Users\Whoresair\AppData\Roaming\Arrowhead
[2014/09/28 21:21:14 | 000,000,000 | ---D | M] -- C:\Users\Whoresair\AppData\Roaming\qBittorrent
[2014/10/02 21:39:00 | 000,000,000 | ---D | M] -- C:\Users\Whoresair\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
Biscuithd
Posted 07 October 2014 - 08:22 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Very sorry that it has taken so long to respond to your request.

Occasionally we get very, very busy and that is the case now.

However, I do have time and desire.

Do you still need help or have you resolved your issue?

If you still need help, please post the Extras.txt that was produced when OTL ran the first time. :)


  • 0

#3
zer0range
Posted 07 October 2014 - 05:22 PM

zer0range

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Very sorry that it has taken so long to respond to your request.

Occasionally we get very, very busy and that is the case now.

However, I do have time and desire.

Do you still need help or have you resolved your issue?

If you still need help, please post the Extras.txt that was produced when OTL ran the first time. :)

 

No worries, you guys are doing this for free and I'm very appreciative! I haven't resolved the issue yet, please find attached the Extras.txt.

Cheers!

Attached Files


  • 0

#4
Biscuithd
Posted 08 October 2014 - 08:42 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Good deal, let's get to it :)
 
warning.gif P2P warning!

  • P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    
:Commands

[CREATERESTOREPOINT]

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

CHR - default_search_provider: search_url =

O4 - HKLM..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found

O4 - HKCU..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Commands

[RESETHOSTS]

[EMPTYTEMP]

[REBOOT]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

 

 

 adwcleaner_new.png Scan with AdwCleaner

 

 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;

process;

services-list;

systemspecs;

startupall;

skipfix-iedefaults;

firefoxlook;

chromelook;

filesrcm;

installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.


  • 0

#5
Biscuithd
Posted 13 October 2014 - 07:37 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP