Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

multiple zjuqfuhetbw.exe*32 (google chrome) [Solved]

chrome

  • This topic is locked This topic is locked

#1
zithal

zithal

    Member

  • Member
  • PipPip
  • 21 posts

Thanks in advance for any help.   Ive been searching the net, trying to find what it is thats bogging my computer down. 

 

Ive found that at any given time I have 3-15+ of zjuqfuhetbw.exe*32 ("google chrome" under the description) running at the same time.  Ive found your site, where several people seem to have had the same issue (albeit different file names), and they appear to have been helped successfully.  I do need to go on record that while not a complete novice, I have not ever posted for assistance from a site such as yours - so while you may have help dozens of people previously, this is my first time - so bear with me please.

 

I am starting at square one, and would greatly appreciate your assistance in removing this from my computer.  I will be extremely prompt with responses, and use programs per your direction.  Thank you.


  • 0

Advertisements


#2
zithal

zithal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I will add that I do not use google chrome, nor have I ever on this machine. 


  • 0

#3
zithal

zithal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

here is an OTL.txt ...followed in the next post by Extras.txt log.  thank you.

 

OTL logfile created on: 10/24/2014 11:02:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MBG\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.96 Gb Total Physical Memory | 13.44 Gb Available Physical Memory | 84.18% Memory free
31.92 Gb Paging File | 28.93 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.57 Gb Total Space | 125.09 Gb Free Space | 55.95% Space Free | Partition Type: NTFS
Drive E: | 8.61 Gb Total Space | 8.52 Gb Free Space | 98.89% Space Free | Partition Type: NTFS
Drive F: | 922.82 Gb Total Space | 880.05 Gb Free Space | 95.37% Space Free | Partition Type: NTFS
 
Computer Name: MBG-DESK | User Name: MBG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/24 23:00:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MBG\Desktop\OTL.exe
PRC - [2014/10/24 19:19:09 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo\Uomohirmbza\zjuqfuhetbw.exe
PRC - [2014/10/23 17:18:55 | 000,854,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe
PRC - [2014/10/16 07:27:09 | 000,410,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/10/04 01:44:13 | 002,463,552 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/10/04 01:44:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
PRC - [2014/09/21 02:25:40 | 000,170,312 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\mcui32.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/02/19 15:12:42 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2014/01/07 16:30:34 | 001,054,432 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2013/08/07 15:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/08/07 15:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/05/15 20:09:14 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/05/15 20:09:14 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/05/15 20:09:12 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2009/07/13 20:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/24 19:19:09 | 008,537,928 | ---- | M] () -- C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo\Uomohirmbza\36.0.1985.143\pdf.dll
MOD - [2014/10/24 19:19:09 | 001,732,936 | ---- | M] () -- C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo\Uomohirmbza\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/10/24 19:19:09 | 000,718,152 | ---- | M] () -- C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo\Uomohirmbza\36.0.1985.143\libglesv2.dll
MOD - [2014/10/24 19:19:09 | 000,353,096 | ---- | M] () -- C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo\Uomohirmbza\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/10/24 19:19:09 | 000,126,280 | ---- | M] () -- C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo\Uomohirmbza\36.0.1985.143\libegl.dll
MOD - [2014/10/15 03:05:31 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8c9f9e94e93956d68b43e34324790c6d\System.ServiceModel.Web.ni.dll
MOD - [2014/10/15 03:04:58 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014/10/15 03:04:57 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/15 03:02:55 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 03:02:53 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 03:02:52 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 03:02:50 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/15 03:02:49 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 03:02:49 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 03:02:49 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/15 03:02:49 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/15 03:02:48 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/02/19 16:37:09 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/07 16:30:34 | 001,054,432 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/04 01:44:02 | 001,149,760 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/10/04 01:43:58 | 019,440,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/07 15:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/07/30 18:16:10 | 000,204,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/13 13:47:04 | 000,820,184 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/02/13 13:46:48 | 000,731,648 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/10/23 17:18:55 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/16 07:27:09 | 000,410,952 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/10/04 01:44:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/28 11:32:36 | 000,174,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe -- (iumsvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/15 20:09:14 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/05/15 20:09:14 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/05/15 20:09:12 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/04 01:43:58 | 000,020,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/09/16 23:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/09/04 14:14:38 | 000,038,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/08/25 21:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 21:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 14:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/07/17 18:16:29 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/03 23:18:12 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/20 18:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2014/02/19 15:12:43 | 000,790,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2014/02/19 15:12:43 | 000,368,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2014/02/19 15:12:43 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2014/02/17 20:32:41 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/10/30 02:26:19 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/10/01 21:22:44 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/29 19:48:58 | 000,494,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d62x64.sys -- (e1dexpress)
DRV:64bit: - [2013/08/07 15:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/07 15:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/05/15 20:09:12 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/08/23 09:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/11/16 09:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 09:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/10/03 14:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20141016.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/18 13:11:21 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20141024.002\ex64.sys -- (NAVEX15)
DRV - [2014/09/18 13:11:21 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20141024.002\eng64.sys -- (NAVENG)
DRV - [2014/09/12 21:54:13 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/09/12 21:54:13 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/29 10:34:08 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20141024.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.techadvanced.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portalguild.enjin.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn\ [2014/10/24 21:25:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014/07/17 18:17:50 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Zbuhymyjpq] C:\Users\MBG\AppData\Local\Deployment\Zbuhymyjpq.dll (Borland Software Corporation)
O4 - Startup: C:\Users\MBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\MBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\MBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: enjin.com ([portalguild] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wowprogress.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58C988F2-4A3E-4572-9AA0-631076758591}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C3FB1F7-9C25-49CF-ABA6-CFDD56AD6468}: DhcpNameServer = 8.8.8.8
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4877ee77-edf0-11e3-a358-54bef70bca0c}\Shell - "" = AutoRun
O33 - MountPoints2\{4877ee77-edf0-11e3-a358-54bef70bca0c}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/24 23:00:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MBG\Desktop\OTL.exe
[2014/10/24 21:19:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/22 23:41:19 | 000,614,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/10/22 23:41:13 | 002,559,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2014/10/22 23:40:41 | 031,890,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/10/22 23:40:41 | 024,555,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/10/22 23:40:41 | 020,922,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/10/22 23:40:41 | 018,499,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/10/22 23:40:41 | 017,260,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/10/22 23:40:41 | 014,029,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/10/22 23:40:41 | 013,942,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/10/22 23:40:41 | 011,395,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/10/22 23:40:41 | 011,333,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/10/22 23:40:41 | 004,289,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/10/22 23:40:41 | 004,009,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/10/22 23:40:41 | 002,849,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/10/22 23:40:41 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434448.dll
[2014/10/22 23:40:41 | 001,539,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434448.dll
[2014/10/22 23:40:41 | 000,962,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/10/22 23:40:41 | 000,931,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/10/22 23:40:41 | 000,921,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/10/22 23:40:41 | 000,895,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/10/22 23:40:41 | 000,870,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/10/22 23:40:41 | 000,500,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/10/22 23:40:41 | 000,418,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/10/22 23:40:41 | 000,392,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014/10/22 23:40:41 | 000,352,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/10/22 23:40:41 | 000,348,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014/10/22 23:40:41 | 000,303,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/10/22 23:40:41 | 000,174,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/10/22 23:40:41 | 000,156,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/10/21 22:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft Logs Uploader
[2014/10/15 06:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/10/15 06:45:22 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/10/15 06:45:19 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/10/15 06:45:19 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/10/15 06:45:19 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/10/15 06:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/10/15 06:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/10/14 23:41:07 | 002,339,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/14 23:41:07 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/14 23:41:07 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/14 23:41:07 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/14 23:41:07 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/14 23:41:07 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/14 23:41:07 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/14 23:41:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/10/14 23:41:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/14 23:41:06 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/14 23:41:06 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/14 23:41:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/14 23:41:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/14 23:41:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/14 23:41:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/14 23:41:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/10/14 23:41:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/14 23:41:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/10/14 23:41:03 | 001,494,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/14 23:41:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/14 23:41:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/14 23:41:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/10/14 23:41:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/10/14 23:41:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/14 23:41:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/10/14 23:41:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/10/14 23:40:59 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2014/10/14 23:40:59 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2014/10/14 23:40:59 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2014/10/14 23:40:59 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2014/10/14 23:40:58 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/10/14 23:40:58 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/10/14 23:40:58 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/10/14 23:40:58 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/10/14 23:40:58 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2014/10/14 23:40:58 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2014/10/14 23:40:58 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/14 23:40:58 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2014/10/14 23:40:58 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2014/10/14 23:40:57 | 005,551,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/10/14 23:40:57 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/10/14 23:40:57 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/10/14 23:40:57 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/10/14 23:40:57 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/10/14 23:40:57 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/10/14 23:40:57 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2014/10/14 23:40:57 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2014/10/14 23:40:57 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/10/14 23:40:57 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2014/10/14 23:40:57 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2014/10/14 23:40:57 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/10/14 23:40:57 | 000,616,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/10/14 23:40:57 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/10/14 23:40:57 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/10/14 23:40:57 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2014/10/14 23:40:57 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/10/14 23:40:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/10/14 23:40:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/14 23:40:57 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2014/10/14 23:40:57 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2014/10/14 23:40:57 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/14 23:40:57 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/14 23:40:57 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/10/14 23:40:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2014/10/14 23:40:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/10/14 23:40:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/10/14 23:40:56 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2014/10/14 23:40:56 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2014/10/14 23:40:56 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2014/10/14 23:40:56 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2014/10/14 23:40:56 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014/10/14 23:40:56 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2014/10/14 23:40:56 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2014/10/14 23:40:56 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014/10/14 23:40:56 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2014/10/14 23:40:56 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/10/14 23:40:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014/10/14 23:40:56 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/10/14 23:40:56 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2014/10/14 23:40:56 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014/10/14 23:40:56 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014/10/14 23:40:56 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014/10/14 23:40:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2014/10/14 23:40:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2014/10/14 23:40:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2014/10/14 23:40:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2014/10/14 23:40:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2014/10/14 23:40:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2014/10/14 23:40:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2014/10/14 23:40:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014/10/14 23:40:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014/10/14 23:40:52 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/14 23:40:50 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/10/14 23:40:50 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/14 23:40:50 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/14 23:40:48 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/14 23:40:48 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/14 23:40:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/14 23:40:47 | 006,584,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/14 23:40:46 | 005,703,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/14 23:40:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/14 23:40:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/09/30 22:16:56 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/30 22:16:56 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/24 23:00:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MBG\Desktop\OTL.exe
[2014/10/24 22:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/24 21:31:43 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/24 21:31:43 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/24 21:30:32 | 000,783,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/24 21:30:32 | 000,662,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/24 21:30:32 | 000,122,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/24 21:24:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/24 21:24:35 | 4265,005,054 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/24 21:18:58 | 001,962,496 | ---- | M] () -- C:\Users\MBG\Desktop\AdwCleaner.exe
[2014/10/23 17:18:55 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/10/23 17:18:55 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/10/22 23:41:19 | 002,034,033 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2014/10/21 22:08:37 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft Logs Uploader.lnk
[2014/10/16 11:54:03 | 031,890,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/10/16 11:54:03 | 024,555,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/10/16 11:54:03 | 020,968,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/10/16 11:54:03 | 020,922,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/10/16 11:54:03 | 019,966,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/10/16 11:54:03 | 018,499,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/10/16 11:54:03 | 017,260,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/10/16 11:54:03 | 016,886,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014/10/16 11:54:03 | 014,029,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/10/16 11:54:03 | 013,942,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/10/16 11:54:03 | 011,395,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/10/16 11:54:03 | 011,333,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/10/16 11:54:03 | 004,289,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/10/16 11:54:03 | 004,009,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/10/16 11:54:03 | 003,237,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014/10/16 11:54:03 | 002,849,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/10/16 11:54:03 | 001,876,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434448.dll
[2014/10/16 11:54:03 | 001,539,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434448.dll
[2014/10/16 11:54:03 | 000,987,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2014/10/16 11:54:03 | 000,962,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/10/16 11:54:03 | 000,931,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/10/16 11:54:03 | 000,921,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/10/16 11:54:03 | 000,895,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/10/16 11:54:03 | 000,870,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/10/16 11:54:03 | 000,500,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/10/16 11:54:03 | 000,418,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/10/16 11:54:03 | 000,392,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014/10/16 11:54:03 | 000,352,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/10/16 11:54:03 | 000,348,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014/10/16 11:54:03 | 000,303,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/10/16 11:54:03 | 000,174,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/10/16 11:54:03 | 000,156,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/10/16 11:54:03 | 000,072,904 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/10/16 11:54:03 | 000,060,560 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/10/16 11:54:03 | 000,027,024 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/10/16 09:11:40 | 006,883,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014/10/16 09:11:40 | 003,533,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014/10/16 09:11:36 | 002,559,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2014/10/16 09:11:36 | 000,384,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014/10/16 09:11:36 | 000,061,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014/10/16 07:27:13 | 000,614,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/10/15 06:45:17 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/10/15 06:45:17 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/10/15 06:45:17 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/10/15 06:45:17 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/10/15 03:18:32 | 000,279,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/14 19:48:02 | 004,047,877 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/10/14 11:44:28 | 000,048,844 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\VT20141014.006
[2014/10/04 01:42:47 | 002,197,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/10/04 01:42:47 | 001,291,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014/10/04 01:41:43 | 002,800,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/10/04 01:41:43 | 001,715,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014/09/25 03:10:50 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
 
========== Files Created - No Company Name ==========
 
[2014/10/24 21:18:41 | 001,962,496 | ---- | C] () -- C:\Users\MBG\Desktop\AdwCleaner.exe
[2014/03/10 13:39:45 | 000,007,651 | ---- | C] () -- C:\Users\MBG\AppData\Local\Resmon.ResmonCfg
[2014/02/19 15:12:36 | 000,775,352 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/19 15:12:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/02/13 13:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


  • 0

#4
zithal

zithal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

OTL Extras logfile created on: 10/24/2014 11:02:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MBG\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.96 Gb Total Physical Memory | 13.44 Gb Available Physical Memory | 84.18% Memory free
31.92 Gb Paging File | 28.93 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.57 Gb Total Space | 125.09 Gb Free Space | 55.95% Space Free | Partition Type: NTFS
Drive E: | 8.61 Gb Total Space | 8.52 Gb Free Space | 98.89% Space Free | Partition Type: NTFS
Drive F: | 922.82 Gb Total Space | 880.05 Gb Free Space | 95.37% Space Free | Partition Type: NTFS
 
Computer Name: MBG-DESK | User Name: MBG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D684F6B-6525-46FF-BCCA-81524205D731}" = rport=138 | protocol=17 | dir=out | app=system |
"{108E1DC0-34D4-49B9-8BF5-7FBA1BF4F5F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AD4F781-118B-4B18-93B1-921F48C8F9F7}" = lport=445 | protocol=6 | dir=in | app=system |
"{1D3E6E47-3EA5-474F-99FA-92E9DA4F8D75}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EF8462F-EBA0-4CDD-8B91-F56DD56B1711}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{273C3110-6651-431B-85D2-A5AA4EC1BCB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2D0902E2-D9C0-4419-A399-E92B684E472A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32E22BFD-A2B8-4EB0-8BDC-7C09EA91DDA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{37EF7255-B7FB-4C32-B1FF-D9627BDE2763}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{3CA921D3-3977-41DC-AC86-19A80452C217}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3D157EB7-7110-48E6-A601-55A1A900F8E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{4020B5D0-59E2-4B46-8265-C06ACC7FF89C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43BD690E-F2C5-4BCA-B6E1-73D04DE52354}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{4A8C624B-DFD6-4450-86E0-BD2B1E219AC5}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{4E33A9EF-B9D8-40AF-BC01-17DEF3DDE19F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5FF89A4B-5D60-4682-BC4B-5CEE94E80B86}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A052AF3-8FC6-4AED-8530-265A0564B474}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{75CD6E42-F23C-4964-9375-5F1365A2CD59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8874CF04-15B2-4694-99F8-12CDE9527AF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{9093CDDC-039B-4468-8A37-663FDDE93BAA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{99753C66-ACC9-45F9-B839-EC6A03C59055}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{B0D5F584-D42D-43A4-A326-013B50C752E1}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9878CCC-3F44-486E-AAF4-53B57A4D6B00}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C64261A0-B81E-43CD-BB24-5CCB1CBC241B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C715438A-C87E-45F5-AC6B-2C931C436B33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFDD3DDE-D6A2-45AB-9B5E-21BF54D945DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{D47C2773-DB38-42CC-A79E-9280F15B8445}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5BBA045-6E33-493D-98A9-98FAE52FDA52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05807260-058F-4941-9191-BC3BA4474ECA}" = protocol=6 | dir=out | app=system |
"{098914EA-F1CB-4A69-AD99-22313D9E0F21}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe |
"{1B2B9E4B-F77C-440B-A12F-511154D7BBBC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3427\agent.exe |
"{2121ABC5-0305-4B6F-9101-7D52D380BEB4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{2C035552-C345-40E0-89F4-1E91FA8BA975}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{2CB73375-7428-40DA-B8E8-7A844A430E69}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3454\agent.exe |
"{2F8916EB-E7E4-4A4F-9400-E16D736C528E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{3054ACAF-F43C-43B7-A30B-74F4B6D28B57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31CEE46F-2E78-4912-8688-EC09FC5EEC1B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{36460ACE-483C-4807-AA72-B691DBC26387}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39C6602C-5AA9-405F-9681-9F15B223913D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3454\agent.exe |
"{3DB6EBF4-485F-4E98-9FFE-53149F5ADF18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E106604-3D37-49A4-9F17-5B2452191FFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{507A60A9-E79C-4AD0-93B1-71C521EF7484}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51674EDB-9510-4223-AB00-A0841B69B47D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5273D9A6-E5AD-4352-AA91-C7B8917FF566}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{5DD002D4-4FD3-4BEA-AB86-98DDA6EE9CFE}" = protocol=58 | dir=in | [email protected],-28545 |
"{5F0FF550-5A3E-40B0-B64D-87AD93BDC0CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe |
"{65AA9B47-E886-4B76-96DD-EBEC58B3B9E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{6A46F59D-8731-4807-9C5B-ED50D66F965B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{6BD99508-D224-4F27-90F5-8BBCB9047EE5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe |
"{6D7F1AA5-D109-4AD3-9BEB-E7DD673DB7AB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe |
"{6E9C3D27-2951-4BA9-8A88-FEC7DD1DB887}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe |
"{6F012101-8FB0-4FBA-BC20-855D2C7867F8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{6FD37CB5-FD5C-4296-9588-E53CF5DB58A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{723D2789-E2F1-4E6F-9947-13680255698D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A5271C0-33FC-4C8B-AB16-37351B756F46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B6C237A-E814-48D2-924E-9A7CAF0EB274}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{834AF413-3336-48D5-AF92-072FAAF06706}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3427\agent.exe |
"{89D28928-7B0F-437C-818B-BEC0D7732283}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{8FD7F280-B3A0-46DA-BA77-78358733D8FF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{92DA9DAF-669D-4DA4-A4AC-3175F0A5D767}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{9404F4E3-A308-43C6-9A83-D30CBEFE7856}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A107C0AA-D5C8-4167-BEAE-13FC8DAF3AEA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{A39E0B97-0DDC-436B-9B88-E1BAD944CF7D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{AAA33CEE-5541-462C-820C-5BDEAB1CD798}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3322\agent.exe |
"{ABBCE556-3C02-4ECE-9204-22315A789595}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABE918B7-44F5-4624-BA9C-C8C63A066A49}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{B5F13682-D02F-4CF4-9535-756F67F5BB4E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{B9E74BE2-C03A-4FF6-9289-85F1A89F1738}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{C19848BB-8277-43FC-80B0-76BBA846323E}" = protocol=6 | dir=in | app=f:\games\diablo iii\diablo iii.exe |
"{C2C35007-538D-4210-B493-5099821D29EC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{C8234C63-8E34-41D2-BAC9-9B50ACB9455B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{CAA9247F-C7AB-43E8-96E6-3FDEFFD45D5D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{CC6FC2F0-B5C3-45CC-A0BA-8395D993D015}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEC4ABE0-76A4-432F-A556-E78A0E8593F2}" = protocol=17 | dir=in | app=f:\games\diablo iii\diablo iii.exe |
"{D12D4841-A80E-4E7D-8FA7-B931DDAD4D78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D18C4823-E9EE-475E-B2B1-284BDEF3F3CA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{D36DC727-FF8B-435D-BADD-CE07FEA3A0E1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{D3A8B6E0-6391-4A79-84C4-2B96D73DCA7B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{D3ED4C6B-08E4-4FB6-B4DD-F6F20EC0DD26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D43F37E6-A430-4286-A016-967E056194CF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{D6837B3D-B873-462E-B9FE-30AC9E50AEDF}" = protocol=1 | dir=in | [email protected],-28543 |
"{D88C1145-6071-42F5-BE85-9F2EB456EF05}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{D96B1372-4400-4CB7-B03E-CBA23F063772}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe |
"{E0E00599-E82B-43D7-83CC-B8657851777F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3322\agent.exe |
"{E58758F7-B37D-4855-9858-E43852C6E2B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7EF09CC-313F-4982-96A2-7C11ECA19AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{E8282288-1EFE-4099-93B8-54C337514FEF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{E89A4F4F-D373-4AC1-B6E8-1984C7018208}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{ECB70962-965B-4828-BD88-CD14EF394219}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe |
"{EE85C94D-A479-4120-BEDA-549383688D38}" = protocol=58 | dir=out | [email protected],-28546 |
"{EF2421E0-3968-45C7-BB67-FADDE1A9D446}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{F3B0513B-FF2E-4124-9F53-1598AC2322AB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe |
"{F665B28F-286C-4DC3-BC13-9E76A9295600}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{E86ACB7F-7C73-43D7-97F0-BE1BF6B4B2ED}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{84987917-1383-46CD-9AB7-6A1051B3FFA1}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{54F2237F-018C-483B-8884-9FC0D88840C3}" = VC_CRT_x64
"{594AEAFB-0822-4EA9-A5B8-309485A515EE}" = Intel® Network Connections 18.7.28.0
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel® Rapid Storage Technology
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 344.48
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 344.48
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 344.48
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 344.46
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.32.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.25
"EPSON XP-200 Series" = EPSON XP-200 Series Printer Uninstall
"Logitech Unifying" = Logitech Unifying Software 2.50
"PROSetDX" = Intel® Network Connections 18.7.28.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}" = Intel® Update Manager
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{2AC099EA-CC1C-4E4E-BDFC-0353DCF13DD0}" = Nero 12 Essentials OEM.a01
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7D6E1F18-8206-09DD-187F-FED240CCDB8D}" = Warcraft Logs Uploader
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}" = Mumble 1.2.5
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Battle.net" = Battle.net
"com.warcraft.logs" = Warcraft Logs Uploader
"Diablo III" = Diablo III
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PdaNet_is1" = PdaNet+ for Android 4.15
"WildStar" = WildStar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/22/2014 7:18:34 PM | Computer Name = MBG-DESK | Source = iumsvc | ID = 255
Description =
 
Error - 7/23/2014 11:43:52 PM | Computer Name = MBG-DESK | Source = MsiInstaller | ID = 11730
Description =
 
Error - 7/29/2014 1:42:24 AM | Computer Name = MBG-DESK | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16561,
time stamp: 0x539247f9  Faulting module name: Flash32_14_0_0_145.ocx, version: 14.0.0.145,
 time stamp: 0x53aa18ec  Exception code: 0xc0000005  Fault offset: 0x005d9039  Faulting
 process id: 0x3cc0  Faulting application start time: 0x01cfaae3cf9f53ee  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path:
 C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocx  Report Id: 1d431177-16e3-11e4-bea5-54bef70bca0c
 
Error - 8/4/2014 | Computer Name = MBG-DESK | Source = Application Hang | ID = 1002
Description = The program DllHost.exe version 6.1.7600.16385 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 5f84    Start
 Time: 01cfaf986d8dc61d    Termination Time: 10    Application Path: C:\Windows\system32\DllHost.exe

Report
 Id: b93ccee8-1b8b-11e4-bea5-54bef70bca0c 
 
Error - 8/6/2014 12:32:50 AM | Computer Name = MBG-DESK | Source = MsiInstaller | ID = 11730
Description =
 
Error - 8/13/2014 8:00:49 AM | Computer Name = MBG-DESK | Source = MsiInstaller | ID = 1024
Description =
 
Error - 8/14/2014 2:54:55 PM | Computer Name = MBG-DESK | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16563,
time stamp: 0x53d14764  Faulting module name: MSHTML.dll, version: 9.0.8112.16563,
 time stamp: 0x53d14b1d  Exception code: 0xc0000005  Fault offset: 0x000ac5b6  Faulting
 process id: 0x5244  Faulting application start time: 0x01cfb7ee463136fb  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path:
 C:\Windows\system32\MSHTML.dll  Report Id: 7a795b65-23e4-11e4-b916-54bef70bca0c
 
Error - 8/15/2014 12:06:34 AM | Computer Name = MBG-DESK | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16563 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 3a14    Start
 Time: 01cfb81c3e7081f0    Termination Time: 31    Application Path: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe    Report Id:  
 
Error - 8/19/2014 11:54:37 PM | Computer Name = MBG-DESK | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16563 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 14c4    Start
 Time: 01cfbc1c00b53b04    Termination Time: 117    Application Path: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe    Report Id:  
 
Error - 8/22/2014 12:28:48 AM | Computer Name = MBG-DESK | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16563 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 38e4    Start
 Time: 01cfbdc015af929a    Termination Time: 30    Application Path: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe    Report Id:  
 
[ System Events ]
Error - 7/29/2014 4:32:12 PM | Computer Name = MBG-DESK | Source = DCOM | ID = 10016
Description =
 
Error - 7/29/2014 4:32:12 PM | Computer Name = MBG-DESK | Source = DCOM | ID = 10016
Description =
 
Error - 8/29/2014 9:28:39 PM | Computer Name = MBG-DESK | Source = DCOM | ID = 10016
Description =
 
Error - 8/29/2014 9:38:58 PM | Computer Name = MBG-DESK | Source = DCOM | ID = 10016
Description =
 
Error - 9/3/2014 8:13:34 AM | Computer Name = MBG-DESK | Source = DCOM | ID = 10016
Description =
 
Error - 9/3/2014 8:13:38 AM | Computer Name = MBG-DESK | Source = DCOM | ID = 10016
Description =
 
Error - 9/3/2014 8:13:42 AM | Computer Name = MBG-DESK | Source = DCOM | ID = 10016
Description =
 
Error - 9/7/2014 3:41:02 PM | Computer Name = MBG-DESK | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:40:00 PM on ?9/?7/?2014 was unexpected.
 
Error - 9/14/2014 3:43:17 PM | Computer Name = MBG-DESK | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 70. The internal error state
 is 105.
 
Error - 9/22/2014 9:36:04 PM | Computer Name = MBG-DESK | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:35:28 PM on ?9/?22/?2014 was unexpected.
 
 
< End of report >


  • 0

#5
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi zithal :)

 

Welcome to the Forum :)  I'm 23red, and it'll be my pleasure to assist you with your computer issue.  I am currently reviewing your logs. 

In the meantime, I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem :)
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

 

Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  ;)

 

•  Thank you for your understanding and I appreciate your patience.

 

Please allow some time to go through the logs you posted.  I'll post back as soon as possible.

 

Thank you :)


  • 0

#6
zithal

zithal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

thank you !  I look forward to fixing this with you.


  • 0

#7
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi zithal  :)

 

Please click on the Follow this topic button at the top of the page so you are automatically notified by email when there is a post for you here ;)

It will make it much easier for you :)

 

 

Let's see if this helps:

 

OTL Fix

 

Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg Run as Administrator, accept UAC prompts.

Under OTLcustomscansboxtitle.jpg
 in the textbox at the bottom, please paste in the following text:

:Commands
[CREATERESTOREPOINT]
:OTL
PRC - [2014/10/24 19:19:09 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo\Uomohirmbza\zjuqfuhetbw.exe
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [Zbuhymyjpq] C:\Users\MBG\AppData\Local\Deployment\Zbuhymyjpq.dll (Borland Software Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
:Files
C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c
:Commands
[EmptyTemp]

 

 

 

•  Push the runfixbutton.jpg  button.
•  OTL may ask to reboot the machine. Please do so if asked. 
•  A massage box otlfixcompletebutton.jpg will pop-up.
•  Click the OK button and a report will open.
•  If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
•  Copy and Paste that report in your next reply, please.

 

Thank you :)

 


  • 0

#8
zithal

zithal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < PRC - [2014/10/24 19:19:09 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo\Uomohirmbza\zjuqfuhetbw.exe> in the current context!
Error: Unable to interpret < O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [Zbuhymyjpq] C:\Users\MBG\AppData\Local\Deployment\Zbuhymyjpq.dll (Borland Software Corporation)> in the current context!
Error: Unable to interpret < O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret < O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Users\MBG\AppData\LocalLow\Microsoft\Jrrnsrjo> in the current context!
Error: Unable to interpret < netsh advfirewall reset /c> in the current context!
Error: Unable to interpret < netsh advfirewall set allprofiles state on /c> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < :Commands> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: MBG
->Temp folder emptied: 33473602 bytes
->Temporary Internet Files folder emptied: 286615247 bytes
->Java cache emptied: 12028011 bytes
->Flash cache emptied: 180806 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2702032 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 320.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10262014_111901

Files\Folders moved on Reboot...
File move failed. C:\Users\MBG\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\8a3ed24525dc3a3dcdcb98ef9e756b8_fce8395f8fd8a84b_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\MBG\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\8a3ed24525dc3a3dcdcb98ef9e756b8_fce8395f8fd8a84b_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\MBG\AppData\Local\Temp\Low\NVIDIA Corporation\NV_Cache\c47def462398f363683aa06fa32c6bd8_fce8395f8fd8a84b_f3279b66e87c6f22_0_0.bin moved successfully.
C:\Users\MBG\AppData\Local\Temp\Low\NVIDIA Corporation\NV_Cache\c47def462398f363683aa06fa32c6bd8_fce8395f8fd8a84b_f3279b66e87c6f22_0_0.toc moved successfully.
C:\Users\MBG\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\MBG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YF0T7I1M\344462-multiple-zjuqfuhetbwexe32-google-chrome[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLQBJL1O\Hgo13k-tfSpn0qi1SFdUffY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VLTQ9MLK\aclk[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VLTQ9MLK\container[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V8RQE19D\push[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V8RQE19D\v1[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UK5PL7NA\placement_cookie[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RO65IKWM\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RO65IKWM\k3k702ZOKiLJc3WVjuplzHZ2MAKAc2x4R1uOSeegc5U[1].eot moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RO65IKWM\PRmiXeptR36kaC0GEAetxrFt29aCHKT7otDW9l62Aag[1].eot moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RO65IKWM\xjAJXh38I15wypJXxuGMBmfQcKutQXcIrRfyR5jdjY8[1].eot moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RO65IKWM\zrt_lookup[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B9L4ZLH5\aclk[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B9L4ZLH5\ads[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5ON1XSQO\20269[1].htm moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#9
zithal

zithal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

pretty sure I followed what you said correctly; did it twice actually.

concerned for the "Error: Unable to interpret" parts of the log response.

thank you again for your assistance with this.  I wait for your reply, and next step.


  • 0

#10
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

 I did  see that.  It didn't work so well   :(  It happens and is not a problem.

  On rare occasions the forum software distorts things up a bit. 

I'm on it  :)  I'm currently awaiting approval for instruction that accounts for that issue.

 

I should be able to post back to you in  the next 8 hours or so. 

 

 


  • 0

Advertisements


#11
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi zithal :)

 

We'll try this same fix a different way:
 
Step 1
OTL Fix

 

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

 

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

1. Download the attached Fix.txt file and save it to the Desktop. ~~> Attached File  fixlist.txt   821bytes   138 downloads

 

2. Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg Run as Administrator, accept UAC prompts.

 

3. Push the runfixbutton.jpg  button.

 When prompted with:

 

otlnofixprovided.jpg

 

4. Click the OK button. A standard file open dialog window will open.

 

5. Navigate to the desktop. Find the Fix.txt file and click it. That will put it in the File Open box.

 

6. Click the Open button.

OTL will load the file automatically and the program will run the fix.

 

7. Let the program run unhindered.

 

8. OTL may ask to reboot the machine. Please do so if asked.

 

9. A report will open. Copy and Paste that report in your next reply.

 

10. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

 

 

Step 2
Fresh OTL Scan

 

• Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg Run as Administrator, accept UAC prompts.

 

Make sure all other windows are closed and to let it run uninterrupted.

 

• Please check the box next to Scan All Users.

 

•Click the xrunscan_png_pagespeed_ic_5vmMCx0K2t.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.

 

•When the scan completes, it will open a notepad windows. OTL.Txt.  This is saved in the same location as OTL ~ Desktop

•Please copy (Edit ~> Select All,  Edit ~> Copy) the log it produces in your next reply. 

Step 3
Post!

 

When you return, please post:

1.  OTL fix log
2.  Fresh OTL scan

 

Thank you :)

 

 

 


  • 0

#12
zithal

zithal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

OTL Fix Log

 

Files\Folders moved on Reboot...
File move failed. C:\Users\MBG\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\8a3ed24525dc3a3dcdcb98ef9e756b8_fce8395f8fd8a84b_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\MBG\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\8a3ed24525dc3a3dcdcb98ef9e756b8_fce8395f8fd8a84b_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\MBG\AppData\Local\Temp\Low\NVIDIA Corporation\NV_Cache\c47def462398f363683aa06fa32c6bd8_fce8395f8fd8a84b_f3279b66e87c6f22_0_0.bin moved successfully.
C:\Users\MBG\AppData\Local\Temp\Low\NVIDIA Corporation\NV_Cache\c47def462398f363683aa06fa32c6bd8_fce8395f8fd8a84b_f3279b66e87c6f22_0_0.toc moved successfully.
C:\Users\MBG\AppData\Local\Temp\Low\NVIDIA Corporation\NV_Cache\c47def462398f363683aa06fa32c6bd8_fce8395f8fd8a84b_f3279b66e87c6f22_0_1.bin moved successfully.
C:\Users\MBG\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\MBG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\MBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ITVZR46M\344462-multiple-zjuqfuhetbwexe32-google-chrome[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#13
zithal

zithal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Fresh OTL Scan

 

 

OTL logfile created on: 10/27/2014 2:14:15 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MBG\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.96 Gb Total Physical Memory | 13.92 Gb Available Physical Memory | 87.18% Memory free
31.92 Gb Paging File | 29.80 Gb Available in Paging File | 93.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.57 Gb Total Space | 126.73 Gb Free Space | 56.68% Space Free | Partition Type: NTFS
Drive E: | 8.61 Gb Total Space | 8.52 Gb Free Space | 98.89% Space Free | Partition Type: NTFS
Drive F: | 922.82 Gb Total Space | 880.05 Gb Free Space | 95.37% Space Free | Partition Type: NTFS
 
Computer Name: MBG-DESK | User Name: MBG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/24 23:00:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MBG\Desktop\OTL.exe
PRC - [2014/10/23 17:18:55 | 000,854,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe
PRC - [2014/10/16 07:27:09 | 000,410,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/10/04 01:44:13 | 002,463,552 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/10/04 01:44:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/02/19 15:12:42 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2014/01/07 16:30:34 | 001,054,432 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2013/08/07 15:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/08/07 15:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/05/15 20:09:14 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/05/15 20:09:14 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/05/15 20:09:12 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/15 03:05:31 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8c9f9e94e93956d68b43e34324790c6d\System.ServiceModel.Web.ni.dll
MOD - [2014/10/15 03:04:58 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014/10/15 03:04:57 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/15 03:02:55 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 03:02:53 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 03:02:52 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 03:02:50 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/15 03:02:49 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 03:02:49 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 03:02:49 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/15 03:02:49 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/15 03:02:48 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/02/19 16:37:09 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/07 16:30:34 | 001,054,432 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/04 01:44:02 | 001,149,760 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/10/04 01:43:58 | 019,440,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/07 15:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/07/30 18:16:10 | 000,204,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/13 13:47:04 | 000,820,184 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/02/13 13:46:48 | 000,731,648 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/10/23 17:18:55 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/16 07:27:09 | 000,410,952 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/10/04 01:44:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/28 11:32:36 | 000,174,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe -- (iumsvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/15 20:09:14 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/05/15 20:09:14 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/05/15 20:09:12 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/04 01:43:58 | 000,020,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/09/16 23:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/09/04 14:14:38 | 000,038,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/08/25 21:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 21:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 14:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/07/17 18:16:29 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/03 23:18:12 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/20 18:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2014/02/19 15:12:43 | 000,790,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2014/02/19 15:12:43 | 000,368,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2014/02/19 15:12:43 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2014/02/17 20:32:41 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/10/30 02:26:19 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/10/01 21:22:44 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/29 19:48:58 | 000,494,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d62x64.sys -- (e1dexpress)
DRV:64bit: - [2013/08/07 15:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/07 15:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/05/15 20:09:12 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/08/23 09:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/11/16 09:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 09:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/10/03 14:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20141024.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/18 13:11:21 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20141026.020\ex64.sys -- (NAVEX15)
DRV - [2014/09/18 13:11:21 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20141026.020\eng64.sys -- (NAVENG)
DRV - [2014/09/12 21:54:13 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/09/12 21:54:13 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/29 10:34:08 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20141024.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3555026539-685861094-718957387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.techadvanced.com
IE - HKU\S-1-5-21-3555026539-685861094-718957387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portalguild.enjin.com/
IE - HKU\S-1-5-21-3555026539-685861094-718957387-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3555026539-685861094-718957387-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3555026539-685861094-718957387-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn\ [2014/10/27 14:03:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014/07/17 18:17:50 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\MBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\MBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\MBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-3555026539-685861094-718957387-1001\..Trusted Domains: enjin.com ([portalguild] https in Trusted sites)
O15 - HKU\S-1-5-21-3555026539-685861094-718957387-1001\..Trusted Domains: wowprogress.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58C988F2-4A3E-4572-9AA0-631076758591}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C3FB1F7-9C25-49CF-ABA6-CFDD56AD6468}: DhcpNameServer = 8.8.8.8
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4877ee77-edf0-11e3-a358-54bef70bca0c}\Shell - "" = AutoRun
O33 - MountPoints2\{4877ee77-edf0-11e3-a358-54bef70bca0c}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/27 14:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2014/10/27 13:57:29 | 000,000,000 | ---D | C] -- C:\Users\MBG\Desktop\temp fix stuff
[2014/10/26 11:08:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/24 23:00:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MBG\Desktop\OTL.exe
[2014/10/24 21:19:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/22 23:41:19 | 000,614,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/10/22 23:41:13 | 002,559,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2014/10/22 23:40:41 | 031,890,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/10/22 23:40:41 | 024,555,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/10/22 23:40:41 | 020,922,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/10/22 23:40:41 | 018,499,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/10/22 23:40:41 | 017,260,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/10/22 23:40:41 | 014,029,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/10/22 23:40:41 | 013,942,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/10/22 23:40:41 | 011,395,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/10/22 23:40:41 | 011,333,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/10/22 23:40:41 | 004,289,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/10/22 23:40:41 | 004,009,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/10/22 23:40:41 | 002,849,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/10/22 23:40:41 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434448.dll
[2014/10/22 23:40:41 | 001,539,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434448.dll
[2014/10/22 23:40:41 | 000,962,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/10/22 23:40:41 | 000,931,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/10/22 23:40:41 | 000,921,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/10/22 23:40:41 | 000,895,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/10/22 23:40:41 | 000,870,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/10/22 23:40:41 | 000,500,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/10/22 23:40:41 | 000,418,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/10/22 23:40:41 | 000,392,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014/10/22 23:40:41 | 000,352,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/10/22 23:40:41 | 000,348,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014/10/22 23:40:41 | 000,303,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/10/22 23:40:41 | 000,174,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/10/22 23:40:41 | 000,156,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/10/21 22:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft Logs Uploader
[2014/10/15 06:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/10/15 06:45:22 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/10/15 06:45:19 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/10/15 06:45:19 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/10/15 06:45:19 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/10/15 06:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/10/15 06:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/10/14 23:41:07 | 002,339,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/14 23:41:07 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/14 23:41:07 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/14 23:41:07 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/14 23:41:07 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/14 23:41:07 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/14 23:41:07 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/14 23:41:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/10/14 23:41:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/14 23:41:06 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/14 23:41:06 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/14 23:41:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/14 23:41:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/14 23:41:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/14 23:41:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/14 23:41:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/10/14 23:41:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/14 23:41:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/10/14 23:41:03 | 001,494,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/14 23:41:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/14 23:41:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/14 23:41:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/10/14 23:41:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/10/14 23:41:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/14 23:41:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/10/14 23:41:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/10/14 23:40:59 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2014/10/14 23:40:59 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2014/10/14 23:40:59 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2014/10/14 23:40:59 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2014/10/14 23:40:58 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/10/14 23:40:58 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/10/14 23:40:58 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/10/14 23:40:58 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/10/14 23:40:58 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2014/10/14 23:40:58 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2014/10/14 23:40:58 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/14 23:40:58 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2014/10/14 23:40:58 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2014/10/14 23:40:57 | 005,551,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/10/14 23:40:57 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/10/14 23:40:57 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/10/14 23:40:57 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/10/14 23:40:57 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/10/14 23:40:57 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/10/14 23:40:57 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2014/10/14 23:40:57 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2014/10/14 23:40:57 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/10/14 23:40:57 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2014/10/14 23:40:57 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2014/10/14 23:40:57 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/10/14 23:40:57 | 000,616,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/10/14 23:40:57 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/10/14 23:40:57 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/10/14 23:40:57 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2014/10/14 23:40:57 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/10/14 23:40:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/10/14 23:40:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/14 23:40:57 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2014/10/14 23:40:57 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2014/10/14 23:40:57 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/14 23:40:57 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/14 23:40:57 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/10/14 23:40:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2014/10/14 23:40:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/10/14 23:40:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/10/14 23:40:56 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2014/10/14 23:40:56 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2014/10/14 23:40:56 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2014/10/14 23:40:56 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2014/10/14 23:40:56 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014/10/14 23:40:56 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2014/10/14 23:40:56 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2014/10/14 23:40:56 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014/10/14 23:40:56 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2014/10/14 23:40:56 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/10/14 23:40:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014/10/14 23:40:56 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/10/14 23:40:56 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2014/10/14 23:40:56 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014/10/14 23:40:56 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014/10/14 23:40:56 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014/10/14 23:40:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2014/10/14 23:40:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2014/10/14 23:40:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2014/10/14 23:40:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2014/10/14 23:40:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2014/10/14 23:40:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2014/10/14 23:40:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2014/10/14 23:40:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014/10/14 23:40:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014/10/14 23:40:52 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/14 23:40:50 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/10/14 23:40:50 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/14 23:40:50 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/14 23:40:48 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/14 23:40:48 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/14 23:40:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/14 23:40:47 | 006,584,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/14 23:40:46 | 005,703,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/14 23:40:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/14 23:40:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/09/30 22:16:56 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/30 22:16:56 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/27 14:09:14 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/27 14:09:14 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/27 14:09:04 | 000,783,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/27 14:09:04 | 000,662,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/27 14:09:04 | 000,122,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/27 14:02:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/27 14:02:07 | 4265,005,054 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/27 13:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/24 23:00:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MBG\Desktop\OTL.exe
[2014/10/24 21:18:58 | 001,962,496 | ---- | M] () -- C:\Users\MBG\Desktop\AdwCleaner.exe
[2014/10/23 17:18:55 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/10/23 17:18:55 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/10/21 22:08:37 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft Logs Uploader.lnk
[2014/10/16 11:54:03 | 031,890,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/10/16 11:54:03 | 024,555,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/10/16 11:54:03 | 020,968,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/10/16 11:54:03 | 020,922,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/10/16 11:54:03 | 019,966,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/10/16 11:54:03 | 018,499,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/10/16 11:54:03 | 017,260,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/10/16 11:54:03 | 016,886,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014/10/16 11:54:03 | 014,029,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/10/16 11:54:03 | 013,942,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/10/16 11:54:03 | 011,395,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/10/16 11:54:03 | 011,333,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/10/16 11:54:03 | 004,289,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/10/16 11:54:03 | 004,009,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/10/16 11:54:03 | 003,237,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014/10/16 11:54:03 | 002,849,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/10/16 11:54:03 | 001,876,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434448.dll
[2014/10/16 11:54:03 | 001,539,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434448.dll
[2014/10/16 11:54:03 | 000,987,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2014/10/16 11:54:03 | 000,962,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/10/16 11:54:03 | 000,931,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/10/16 11:54:03 | 000,921,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/10/16 11:54:03 | 000,895,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/10/16 11:54:03 | 000,870,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/10/16 11:54:03 | 000,500,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/10/16 11:54:03 | 000,418,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/10/16 11:54:03 | 000,392,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014/10/16 11:54:03 | 000,352,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/10/16 11:54:03 | 000,348,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014/10/16 11:54:03 | 000,303,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/10/16 11:54:03 | 000,174,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/10/16 11:54:03 | 000,156,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/10/16 11:54:03 | 000,072,904 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/10/16 11:54:03 | 000,060,560 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/10/16 11:54:03 | 000,027,024 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/10/16 09:11:40 | 006,883,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014/10/16 09:11:40 | 003,533,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014/10/16 09:11:36 | 002,559,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2014/10/16 09:11:36 | 000,384,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014/10/16 09:11:36 | 000,061,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014/10/16 07:27:13 | 000,614,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/10/15 06:45:17 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/10/15 06:45:17 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/10/15 06:45:17 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/10/15 06:45:17 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/10/15 03:18:32 | 000,279,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/14 19:48:02 | 004,047,877 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/10/04 01:42:47 | 002,197,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/10/04 01:42:47 | 001,291,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014/10/04 01:41:43 | 002,800,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/10/04 01:41:43 | 001,715,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
 
========== Files Created - No Company Name ==========
 
[2014/10/24 21:18:41 | 001,962,496 | ---- | C] () -- C:\Users\MBG\Desktop\AdwCleaner.exe
[2014/03/10 13:39:45 | 000,007,651 | ---- | C] () -- C:\Users\MBG\AppData\Local\Resmon.ResmonCfg
[2014/02/19 15:12:36 | 000,775,352 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/19 15:12:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/02/13 13:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Edited by zithal, 27 October 2014 - 01:17 PM.

  • 0

#14
zithal

zithal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

hello, I apologize for the impatience but is there another step ?  the google chrome junk doesnt appear to be running anymore, but I want to be sure there is something else to do to make sur eits clean and/or be better prepared to prevent again.  thank you.


  • 0

#15
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi zithal :)

 

Not a problem, I have to wait for approval before I post ;)  Apologies for the delay. 

 

Excellent work!  :thumbsup:
How is the computer running?  There are a few more checks I'd like to make to be sure it's all gone ~ 

Please download all tools directly to the Desktop.  Don't worry, I will clean up my mess after we're done!
And if you need to/would like to make separate posts back here for these scans, go ahead and do that.  It's not a problem :)

 

Here we go:

 

Step 1
Windows Sidebar Advice:

 

It is no longer advisable to have this feature enabled as outline in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution

I advise you to download and run the Disable Windows Sidebar and Gadgets Fixtit Utility to rectify this.

 

Step 2
OTL Fix

 

Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg Run as Administrator, accept UAC prompts.

 

Under OTLcustomscansboxtitle.jpg
 in the textbox at the bottom, please paste in the following text:

 

 

 

:Commands
[CREATERESTOREPOINT]

 

:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

 

:Files
ipconfig /flushdns /c

 

:Commands
[emptytemp]

 

 

 

 

 

•  Push the runfixbutton.jpg  button.

 

•  OTL may ask to reboot the machine. Please do so if asked.

 

•  A massage box otlfixcompletebutton.jpg will pop-up.

 

•  Click the OK button and a report will open.

 

•  If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

 

•  Copy and Paste that report in your next reply, please.

 

 

Step 3
Junkware Removal Tool

 

•   Please download Junkware Removal Tool to your desktop.

 

•  Shut down your protection software now to avoid potential conflicts.

 

•  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

 

•  The tool will open and start scanning your system.

 

•  Please be patient as this can take a while to complete depending on your system's specifications.

 

•  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

 

•  Post the contents of JRT.txt into your next post.

 

 

 

Step 4
ADWCleaner

 

1.  Please download AdwCleaner from this link to your Desktop.
    You've already done that ;)

 

2.  Right click adwcleanericon.jpg on your Desktop, choose Run as Administrator.
         If it is outdated ADWCleaner will ask that you update it.  Please do, if asked.

 

3.  Accept UAC prompt.

 

4.  Accept AdwCleaner's Terms of Use.  And the AdwCleaner window opens:

 

newAdwCleanerwindow.jpg

 

5.  Click on the newAdwCleanerScanbutton.jpg <~ Scan button and wait for the scan to finish.

 

6.  After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending..... Please uncheck elements you don't want to remove.
     Please check the tabs to be sure no good items accidentally got picked up.

 

7.  Once that is complete, click the acwcleanerCleanbutton.jpg <~ Clean button

 

8.  Once it has finished Cleaning, click the newadwcleanerreportbutton.jpg <~ Report button to get the log.

 

9.  Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.

 

Lastly, this scan looks differently than OTL.  Because of the Chrome entries, I'd like to check this log, please.

 

 

Step 5
FRST

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

Note: You need to run the version compatible with your system.  You will need the 64bit version.

 

 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Step 6
Post!

 

When you return, please post:

 

1.  OTL fix text
2.  JRT.txt
3.  ADWCleaner text
4.  FRST.txt
5.  Addition.txt

 

 

Thank you :)


  • 0






Similar Topics


Also tagged with one or more of these keywords: chrome

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP